2007-07-07, 00:48
#13
Rösta fram årets bästa pepparkakshus!
Jodå.
Gjorde det som du skrev som nr 2 också.
Detta är det som står längst ner i loggen nu
aha det var nog jag som missuppfattade, körde scannen med det andra programmet du hade länkat till.
Här kommer den nya.
Har jag gjort.
Har jag gjort, de filerna finns inte kvar i den nya loggen.
Här har du den nya loggen.
Svara
- Ämnesverktyg
- Hitta inlägg efter datum
2007-07-07, 01:02
#14
Medlem
Reg: Mar 2007
Inlägg: 12 238
har du postat alla vundofix loggar nu, den sista ser ju väldigt kort ut.
du inte gjort det jag skrev som 2
du inte gjort det jag skrev som 2
2007-07-07, 01:18
#15
Citat:
Ursprungligen postat av 927
har du postat alla vundofix loggar nu, den sista ser ju väldigt kort ut.
du inte gjort det jag skrev som 2
du inte gjort det jag skrev som 2
Jodå.
Gjorde det som du skrev som nr 2 också.
Detta är det som står längst ner i loggen nu
Citat:
VundoFix V6.5.4
Checking Java version...
Sun Java not detected
Scan started at 00:06:42 2007-07-07
Listing files found while scanning....
C:\windows\system32\xlwcplde.exe
Beginning removal...
Attempting to delete C:\windows\system32\xlwcplde.exe
C:\windows\system32\xlwcplde.exe Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\xlwcplde.exe
C:\windows\system32\xlwcplde.exe Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Checking Java version...
Sun Java not detected
Scan started at 00:06:42 2007-07-07
Listing files found while scanning....
C:\windows\system32\xlwcplde.exe
Beginning removal...
Attempting to delete C:\windows\system32\xlwcplde.exe
C:\windows\system32\xlwcplde.exe Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\xlwcplde.exe
C:\windows\system32\xlwcplde.exe Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
2007-07-07, 01:27
#16
Medlem
Reg: Mar 2007
Inlägg: 12 238
2
byt namn på denna fil till något annat, tex This.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
gör sen en ny scan och posta den loggen
byt namn på denna fil till något annat, tex This.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
gör sen en ny scan och posta den loggen
2007-07-07, 02:09
#17
Citat:
Ursprungligen postat av 927
2
byt namn på denna fil till något annat, tex This.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
gör sen en ny scan och posta den loggen
byt namn på denna fil till något annat, tex This.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
gör sen en ny scan och posta den loggen
aha det var nog jag som missuppfattade, körde scannen med det andra programmet du hade länkat till.
Här kommer den nya.
Citat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:08:24, on 2007-07-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\xlwcplde.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\VIA\RAID\raid_tool.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\PATRIK~1.DAT\LOKALA~1\Temp\Adobelm_Cle anup.0001
C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\PATRIK~1.DAT\LOKALA~1\Temp\Adobelm_Cle anup.0001
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wikipedia.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A189556-A96D-4D80-8870-C571014E6951} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O2 - BHO: (no name) - {C0F4BAF4-D1DB-4056-BC0B-5ABFC7DF4A43} - C:\WINDOWS\System32\euymytas.dll (file missing)
O2 - BHO: (no name) - {DA77AFAD-8F65-40C7-8E7E-73CF1D110C60} - C:\WINDOWS\System32\euymytas.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [j5241030] rundll32 C:\WINDOWS\System32\j5241030.dll sook
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.ex e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\xlwcplde.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 6377 bytes
Scan saved at 02:08:24, on 2007-07-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\xlwcplde.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\VIA\RAID\raid_tool.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\PATRIK~1.DAT\LOKALA~1\Temp\Adobelm_Cle anup.0001
C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\PATRIK~1.DAT\LOKALA~1\Temp\Adobelm_Cle anup.0001
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wikipedia.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A189556-A96D-4D80-8870-C571014E6951} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O2 - BHO: (no name) - {C0F4BAF4-D1DB-4056-BC0B-5ABFC7DF4A43} - C:\WINDOWS\System32\euymytas.dll (file missing)
O2 - BHO: (no name) - {DA77AFAD-8F65-40C7-8E7E-73CF1D110C60} - C:\WINDOWS\System32\euymytas.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [j5241030] rundll32 C:\WINDOWS\System32\j5241030.dll sook
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.ex e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\xlwcplde.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 6377 bytes
2007-07-07, 11:36
#18
Medlem
Reg: Mar 2007
Inlägg: 12 238
1 betyder åtgärd nr 1
2 betyder åtgärd nr 2
du bytte inte namn på filen hijackthis.exe till this.exe, gör det!
i kör skriver du services.msc >ok
leta upp DomainService och dubbelklicka på den, välj stoppa och inaktiverad >ok
skicka upp denna fil så jag kan komma åt den
C:\WINDOWS\System32\xlwcplde.exe
gör en ny scan med HJT och bocka för dessa filer
O2 - BHO: (no name) - {1A189556-A96D-4D80-8870-C571014E6951} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {C0F4BAF4-D1DB-4056-BC0B-5ABFC7DF4A43} - C:\WINDOWS\System32\euymytas.dll (file missing)
O2 - BHO: (no name) - {DA77AFAD-8F65-40C7-8E7E-73CF1D110C60} - C:\WINDOWS\System32\euymytas.dll (file missing)
O4 - HKLM\..\Run: [j5241030] rundll32 C:\WINDOWS\System32\j5241030.dll sook
klicka på knappen fix checked.
starta om och posta en ny HJT logg och en länk till den filen jag fråga efter
2 betyder åtgärd nr 2
du bytte inte namn på filen hijackthis.exe till this.exe, gör det!
i kör skriver du services.msc >ok
leta upp DomainService och dubbelklicka på den, välj stoppa och inaktiverad >ok
skicka upp denna fil så jag kan komma åt den
C:\WINDOWS\System32\xlwcplde.exe
gör en ny scan med HJT och bocka för dessa filer
O2 - BHO: (no name) - {1A189556-A96D-4D80-8870-C571014E6951} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {C0F4BAF4-D1DB-4056-BC0B-5ABFC7DF4A43} - C:\WINDOWS\System32\euymytas.dll (file missing)
O2 - BHO: (no name) - {DA77AFAD-8F65-40C7-8E7E-73CF1D110C60} - C:\WINDOWS\System32\euymytas.dll (file missing)
O4 - HKLM\..\Run: [j5241030] rundll32 C:\WINDOWS\System32\j5241030.dll sook
klicka på knappen fix checked.
starta om och posta en ny HJT logg och en länk till den filen jag fråga efter
2007-07-07, 12:29
#19
ah sorry, det var jag som missade filändelsen och bytte namn på helt fel fil.
Här har du filen du bad om http://files-upload.com/355264/xlwcplde.exe.html
och här är loggen
Du får gärna förklara lite som hastigast vad det är som blir gjort, jag hänger inte riktigt med på vad det är som sker.
Här har du filen du bad om http://files-upload.com/355264/xlwcplde.exe.html
och här är loggen
Citat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:38, on 2007-07-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\VIA\RAID\raid_tool.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\This.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wikipedia.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A189556-A96D-4D80-8870-C571014E6951} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O2 - BHO: (no name) - {C0F4BAF4-D1DB-4056-BC0B-5ABFC7DF4A43} - C:\WINDOWS\System32\euymytas.dll (file missing)
O2 - BHO: (no name) - {DA77AFAD-8F65-40C7-8E7E-73CF1D110C60} - C:\WINDOWS\System32\euymytas.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [j5241030] rundll32 C:\WINDOWS\System32\j5241030.dll sook
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.ex e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\xlwcplde.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 6126 bytes
Scan saved at 12:22:38, on 2007-07-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\VIA\RAID\raid_tool.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\This.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wikipedia.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A189556-A96D-4D80-8870-C571014E6951} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O2 - BHO: (no name) - {C0F4BAF4-D1DB-4056-BC0B-5ABFC7DF4A43} - C:\WINDOWS\System32\euymytas.dll (file missing)
O2 - BHO: (no name) - {DA77AFAD-8F65-40C7-8E7E-73CF1D110C60} - C:\WINDOWS\System32\euymytas.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [j5241030] rundll32 C:\WINDOWS\System32\j5241030.dll sook
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.ex e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\xlwcplde.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 6126 bytes
Du får gärna förklara lite som hastigast vad det är som blir gjort, jag hänger inte riktigt med på vad det är som sker.
2007-07-07, 12:39
#20
Medlem
Reg: Mar 2007
Inlägg: 12 238
i kör skriver du services.msc >ok
leta upp DomainService och dubbelklicka på den, välj stoppa och inaktiverad >ok
ta bort filen C:\WINDOWS\System32\xlwcplde.exe
gör en ny scan med HJT och bocka för dessa filer
O2 - BHO: (no name) - {1A189556-A96D-4D80-8870-C571014E6951} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {C0F4BAF4-D1DB-4056-BC0B-5ABFC7DF4A43} - C:\WINDOWS\System32\euymytas.dll (file missing)
O2 - BHO: (no name) - {DA77AFAD-8F65-40C7-8E7E-73CF1D110C60} - C:\WINDOWS\System32\euymytas.dll (file missing)
O4 - HKLM\..\Run: [j5241030] rundll32 C:\WINDOWS\System32\j5241030.dll sook
klicka på knappen fix checked.
starta om och posta en ny HJT logg
leta upp DomainService och dubbelklicka på den, välj stoppa och inaktiverad >ok
ta bort filen C:\WINDOWS\System32\xlwcplde.exe
gör en ny scan med HJT och bocka för dessa filer
O2 - BHO: (no name) - {1A189556-A96D-4D80-8870-C571014E6951} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {C0F4BAF4-D1DB-4056-BC0B-5ABFC7DF4A43} - C:\WINDOWS\System32\euymytas.dll (file missing)
O2 - BHO: (no name) - {DA77AFAD-8F65-40C7-8E7E-73CF1D110C60} - C:\WINDOWS\System32\euymytas.dll (file missing)
O4 - HKLM\..\Run: [j5241030] rundll32 C:\WINDOWS\System32\j5241030.dll sook
klicka på knappen fix checked.
starta om och posta en ny HJT logg
2007-07-07, 12:41
#21
Citat:
Ursprungligen postat av 927
i kör skriver du services.msc >ok
leta upp DomainService och dubbelklicka på den, välj stoppa och inaktiverad >ok
leta upp DomainService och dubbelklicka på den, välj stoppa och inaktiverad >ok
Har jag gjort.
Citat:
Ursprungligen postat av 927
gör en ny scan med HJT och bocka för dessa filer
O2 - BHO: (no name) - {1A189556-A96D-4D80-8870-C571014E6951} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {C0F4BAF4-D1DB-4056-BC0B-5ABFC7DF4A43} - C:\WINDOWS\System32\euymytas.dll (file missing)
O2 - BHO: (no name) - {DA77AFAD-8F65-40C7-8E7E-73CF1D110C60} - C:\WINDOWS\System32\euymytas.dll (file missing)
O4 - HKLM\..\Run: [j5241030] rundll32 C:\WINDOWS\System32\j5241030.dll sook
klicka på knappen fix checked.
starta om och posta en ny HJT logg
O2 - BHO: (no name) - {1A189556-A96D-4D80-8870-C571014E6951} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {C0F4BAF4-D1DB-4056-BC0B-5ABFC7DF4A43} - C:\WINDOWS\System32\euymytas.dll (file missing)
O2 - BHO: (no name) - {DA77AFAD-8F65-40C7-8E7E-73CF1D110C60} - C:\WINDOWS\System32\euymytas.dll (file missing)
O4 - HKLM\..\Run: [j5241030] rundll32 C:\WINDOWS\System32\j5241030.dll sook
klicka på knappen fix checked.
starta om och posta en ny HJT logg
Har jag gjort, de filerna finns inte kvar i den nya loggen.
2007-07-07, 12:48
#22
Medlem
Reg: Mar 2007
Inlägg: 12 238
allt detta finns kvar i loggen du posta nyss och det är det enda jag har att gå på, har du startat om efter 12:22?
svar nej; gör det och posta en ny HJT logg
svar ja; posta en ny HJT logg
svar nej; gör det och posta en ny HJT logg
svar ja; posta en ny HJT logg
2007-07-07, 12:54
#23
Citat:
Ursprungligen postat av 927
allt detta finns kvar i loggen du posta nyss och det är det enda jag har att gå på, har du startat om efter 12:22?
svar nej; gör det och posta en ny HJT logg
svar ja; posta en ny HJT logg
svar nej; gör det och posta en ny HJT logg
svar ja; posta en ny HJT logg
Här har du den nya loggen.
Citat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:03, on 2007-07-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\VIA\RAID\raid_tool.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\Trend Micro\HijackThis\This.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wikipedia.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.ex e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\xlwcplde.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 5711 bytes
Scan saved at 12:42:03, on 2007-07-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\VIA\RAID\raid_tool.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\Trend Micro\HijackThis\This.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wikipedia.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.ex e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\xlwcplde.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 5711 bytes
2007-07-07, 13:07
#24
Medlem
Reg: Mar 2007
Inlägg: 12 238
den här finns kvar:
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\xlwcplde.exe (file missing)
i kör skriver du services.msc >ok
leta upp DomainService och dubbelklicka på den, välj stoppa och där det står startmetod väljer du inaktiverad >ok
gör exakt så försvinner den ur HJT loggen.
HJT loggen är ok nu men jag tippar att det finns mer malware filer i datorn eftersom du inte har nåt antivirusprogram så jag rek en scan men det är ju frivilligt. i vilket fall bör du hämta programmet och scanna med det ibland, det är mycket effektivare än spybot och ad-aware.
hämta, installera och uppdatera programmet avg anti-spyware.
starta programmet >scanner >settings > klicka på den blåa "länken" och välj quarantine >välj fliken scan >complete system scan>... >apply all actions >save report.
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe
starta om normalt. starta avg antispyware > reports >markera aktuell rapport >kopiera allt du ser i det högra fönstret och kopiera in hela loggen här.
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\xlwcplde.exe (file missing)
i kör skriver du services.msc >ok
leta upp DomainService och dubbelklicka på den, välj stoppa och där det står startmetod väljer du inaktiverad >ok
gör exakt så försvinner den ur HJT loggen.
HJT loggen är ok nu men jag tippar att det finns mer malware filer i datorn eftersom du inte har nåt antivirusprogram så jag rek en scan men det är ju frivilligt. i vilket fall bör du hämta programmet och scanna med det ibland, det är mycket effektivare än spybot och ad-aware.
hämta, installera och uppdatera programmet avg anti-spyware.
starta programmet >scanner >settings > klicka på den blåa "länken" och välj quarantine >välj fliken scan >complete system scan>... >apply all actions >save report.
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe
starta om normalt. starta avg antispyware > reports >markera aktuell rapport >kopiera allt du ser i det högra fönstret och kopiera in hela loggen här.
Skapa ett konto eller logga in för att kommentera
Du måste vara medlem för att kunna kommentera
