Har fått virus/spyware, hjälp?

2007-07-16, 04:15 #1

Medlem

Reg: Nov 2005

Inlägg: 656

Har fått nåt konstigt virus verkar det som, har scanat hela datorn, men den hittar inget.
Tror det är nån slagsspyware eller nåt.
Iallafal, jag har inte vågat starta om datorn eller nåt eftersom jag är rädd att den inte startas igen.

På min IE startsida så har jag TOMT about:blank, men viruset har ändrat startsidan till www.google.se
jag ändrar tillbaka, men sen ändras den igen.

Skulle vara väldigt tacksam för all hjälp!

Här är även min, Hijackthis logga.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 02:45:00, on 2007-07-16
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Basaran\Skrivbord\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Flashback ExtLink - {2D0AFCC0-9149-49C1-BAD6-8A62CAEA5EF0} - (no file)
O2 - BHO: (no name) - {5C8B3666-29E6-4D91-9AC3-88AF076B3751} - C:\WINDOWS\System32\browsew.dll
O2 - BHO: (no name) - {8AA68404-3934-4419-B516-CD910A965118} - c:\windows\system32\ccbaccb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: (no name) - {CFA0294C-1E16-4EA6-887D-AA90DD67304B} - c:\windows\system32\twqoxtdn.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [Setup] "C:\Documents and Settings\Basaran\Skrivbord\setup.exe" /% /i "C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA69E27-E047-4765-A10B-13C307A4FC3B}\Trafikskolan TEO 2007.msi" TRANSFORMS="C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA 69E27-E047-4765-A10B-13C307A4FC3B}\1053.MST" SETUPEXEDIR="C:\Documents and Settings\Basaran\Skrivbord" AFTERREBOOT=1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program\Octoshape Streaming Services\Basaran\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Windows Update] GooGLed.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Windows Update] GooGLed.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program\Kwyshell\MidpX\JadInvoker\Extent\jad_wr ap.htm
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/am...1.11_en_dl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://64.21.226.243/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: cibjczdg - C:\WINDOWS\SYSTEM32\ccbaccb.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\mmc\program\tvpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8478 bytes

Citera

2007-07-16, 05:44 #2

Medlem

Reg: Mar 2007

Inlägg: 12 238

kan du skicka upp den här filen GooGLed.exe

hämta detta program, spara det på skrivbordet.
http://www.atribune.org/ccount/click.php?id=4

starta programmet >klicka på scan for vundo >klicka på remove vundo.
välj ta bort filerna, vid fråga.
starta om, ev kan det bli aktuellt med flera omstarter.
posta loggen som finns här C:\vundofix.txt

posta en ny hjt logg efter det

Citera

2007-07-16, 06:04 #3

Medlem

Reg: Nov 2005

Inlägg: 656

Vundo

Hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 06:05:22, on 2007-07-16
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Basaran\Skrivbord\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Flashback ExtLink - {2D0AFCC0-9149-49C1-BAD6-8A62CAEA5EF0} - (no file)
O2 - BHO: (no name) - {5C8B3666-29E6-4D91-9AC3-88AF076B3751} - C:\WINDOWS\System32\browsew.dll
O2 - BHO: (no name) - {8AA68404-3934-4419-B516-CD910A965118} - c:\windows\system32\ccbaccb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: (no name) - {CFA0294C-1E16-4EA6-887D-AA90DD67304B} - c:\windows\system32\twqoxtdn.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [Setup] "C:\Documents and Settings\Basaran\Skrivbord\setup.exe" /% /i "C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA69E27-E047-4765-A10B-13C307A4FC3B}\Trafikskolan TEO 2007.msi" TRANSFORMS="C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA 69E27-E047-4765-A10B-13C307A4FC3B}\1053.MST" SETUPEXEDIR="C:\Documents and Settings\Basaran\Skrivbord" AFTERREBOOT=1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program\Octoshape Streaming Services\Basaran\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Windows Update] GooGLed.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Windows Update] GooGLed.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program\Kwyshell\MidpX\JadInvoker\Extent\jad_wr ap.htm
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/am...1.11_en_dl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://64.21.226.243/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: cibjczdg - C:\WINDOWS\SYSTEM32\ccbaccb.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\mmc\program\tvpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8428 bytes

Och om man tittar här så står det, men det är www.google.se egentligen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Citera

2007-07-16, 10:38 #4

Medlem

Reg: Mar 2007

Inlägg: 12 238

kolla om dessa filer finns
c:\windows\system32\twqoxtdn.dll
c:\windows\system32\ccbaccb.dll
GooGLed.exe

vi får se men kan inte google toolbar påverka på något vis?

Citera

2007-07-16, 12:36 #5

Medlem

Reg: Mar 2007

Inlägg: 12 238

gör så här i stället, öppna HJT >klicka på open misc tools >open process manager >markera winlogon.exe >bocka för show dll's >klicka på kopiera ikonen bredvid >kopera in här

kolla efter GooGLed.exe (finns den så är det troligvis i mappen system32)
om du hittar den så använd gärna denna sidan för att ladda upp filen
http://www.mytempdir.com/

Citera

2007-07-16, 19:27 #6

Medlem

Reg: Nov 2005

Inlägg: 656

Citat:

Ursprungligen postat av 927

kolla om dessa filer finns
c:\windows\system32\twqoxtdn.dll
c:\windows\system32\ccbaccb.dll
GooGLed.exe

vi får se men kan inte google toolbar påverka på något vis?

twqoxtdn.dll
ccbaccb.dll

Dessa fanns, men jag hitta ingen GooGLed

Och här är även dll listan

Process list saved on 19:28:25, on 2007-07-16
Platform: Windows XP SP1 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
584 C:\WINDOWS\System32\smss.exe 5.1.2600.1106 Microsoft Corporation
664 C:\WINDOWS\system32\winlogon.exe 5.1.2600.1106 Microsoft Corporation
708 C:\WINDOWS\system32\services.exe 5.1.2600.0 Microsoft Corporation
720 C:\WINDOWS\system32\lsass.exe 5.1.2600.1106 Microsoft Corporation
924 C:\WINDOWS\system32\svchost.exe 5.1.2600.0 Microsoft Corporation
976 C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation
1268 C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe 104.0.14.2 Symantec Corporation
1384 C:\WINDOWS\Explorer.EXE 6.0.2800.1106 Microsoft Corporation
1460 C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 1.2.0.18 Symantec Corporation
1508 C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe 1.9.1.762 Symantec Corporation
1600 C:\WINDOWS\VM303_STI.EXE 3.6.227.13 Vimicro
1712 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.0 Microsoft Corporation
1928 C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe 7.0.1.2 Lavasoft AB
1960 C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe 3.0.0.171 Symantec Corporation
464 C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
480 C:\Program\Norton AntiVirus\IWP\NPFMntor.exe 12.8.0.4 Symantec Corporation
504 C:\WINDOWS\System32\nvsvc32.exe 6.14.10.5303 NVIDIA Corporation
388 C:\WINDOWS\System32\tcpsvcs.exe 5.1.2600.0 Microsoft Corporation
616 C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation
77040 C:\Program\Internet Explorer\iexplore.exe 6.0.2800.1106 Microsoft Corporation
77296 C:\Documents and Settings\Basaran\Skrivbord\HiJackThis_v2.exe 2.0.0.0 Trend Micro Inc.

DLLs loaded by process C:\WINDOWS\system32\winlogon.exe:

[full path to filename] [file version] [company name]
C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 Microsoft Corporation
C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\NDdeApi.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 Microsoft Corporation
C:\WINDOWS\system32\Secur32.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\WINSTA.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\PROFMAP.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.1343 Microsoft Corporation
C:\WINDOWS\system32\REGAPI.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\system32\AUTHZ.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1343 Microsoft Corporation
C:\WINDOWS\system32\SHELL32.dll 6.0.2800.1106 Microsoft Corporation
C:\WINDOWS\system32\SHLWAPI.dll 6.0.2800.1106 Microsoft Corporation
C:\WINDOWS\system32\COMCTL32.dll 5.82.2800.1106 Microsoft Corporation
C:\WINDOWS\System32\ODBC32.dll 3.525.1022.0 Microsoft Corporation
C:\WINDOWS\system32\comdlg32.dll 6.0.2800.1106 Microsoft Corporation
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0.2800.1106 Microsoft Corporation
C:\WINDOWS\System32\odbcint.dll 3.525.1022.0 Microsoft Corporation
C:\WINDOWS\System32\SHSVCS.dll 6.0.2800.1106 Microsoft Corporation
C:\WINDOWS\system32\sfc.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\sfc_os.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 Microsoft Corporation
C:\WINDOWS\system32\ole32.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\WINSCARD.DLL 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\sxs.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\uxtheme.dll 6.0.2800.1106 Microsoft Corporation
C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\cscdll.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\system32\WlNotify.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\MPR.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 Microsoft Corporation
C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\msv1_0.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\ccbaccb.dll
C:\WINDOWS\system32\oleaut32.dll 3.50.5016.0 Microsoft Corporation
C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\iphlpapi.dll 5.1.2600.2 Microsoft Corporation
C:\WINDOWS\System32\srclient.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\Wbem\framedyn.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\system32\wininet.dll 6.0.2800.1106 Microsoft Corporation
C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\kqqyhhaf.dll
C:\WINDOWS\System32\dnsapi.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\libssl32.dll 0.9.7.3 OpenSSL <www.openssl.org>
C:\WINDOWS\System32\libeay32.dll 0.9.7.3 OpenSSL <www.openssl.org>
C:\WINDOWS\System32\fvcqpjhv.dll
C:\WINDOWS\System32\mswsock.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\gvbczlsb.dll
C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42 Microsoft Corporation
C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42 Microsoft Corporation
C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\midimap.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\urlmon.dll 6.0.2800.1106 Microsoft Corporation
C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 Microsoft Corporation

Citera

2007-07-16, 21:38 #7

Medlem

Reg: Mar 2007

Inlägg: 12 238

http://download.bleepingcomputer.com...r/OTMoveIt.exe
spara filen på skrivbordet. stäng webbläsaren.
klicka på OTMoveIt.exe >kopiera in detta i det vänstra delen och klicka på knappen moveit.

C:\WINDOWS\System32\kqqyhhaf.dll
C:\WINDOWS\system32\ccbaccb.dll
C:\WINDOWS\System32\fvcqpjhv.dll
C:\WINDOWS\System32\gvbczlsb.dll
c:\windows\system32\twqoxtdn.dll

du kan bli ombedd att starta om och du bör sen en logg efter omstarten (annars finns den under C:\_OTMoveIt\MovedFiles) som du postar

Citera

2007-07-16, 23:18 #8

Medlem

Reg: Nov 2005

Inlägg: 656

Så..

Citera

2007-07-16, 23:24 #9

Medlem

Reg: Mar 2007

Inlägg: 12 238

starta du om?

posta en ny HJT logg

Citera

2007-07-16, 23:30 #10

Medlem

Reg: Nov 2005

Inlägg: 656

Citat:

Ursprungligen postat av 927

starta du om?

posta en ny HJT logg

Jepp det gjorde jag.
Google är fortfarande som startsida och vägrar ändras och även antivrus programmet har slutat fungera.

Här är HJT loggen

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:28:46, on 2007-07-16
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Documents and Settings\Basaran\Skrivbord\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Flashback ExtLink - {2D0AFCC0-9149-49C1-BAD6-8A62CAEA5EF0} - (no file)
O2 - BHO: (no name) - {5C8B3666-29E6-4D91-9AC3-88AF076B3751} - C:\WINDOWS\System32\browsew.dll
O2 - BHO: (no name) - {8AA68404-3934-4419-B516-CD910A965118} - c:\windows\system32\ccbaccb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: (no name) - {CFA0294C-1E16-4EA6-887D-AA90DD67304B} - c:\windows\system32\twqoxtdn.dll (file missing)
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [Setup] "C:\Documents and Settings\Basaran\Skrivbord\setup.exe" /% /i "C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA69E27-E047-4765-A10B-13C307A4FC3B}\Trafikskolan TEO 2007.msi" TRANSFORMS="C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA 69E27-E047-4765-A10B-13C307A4FC3B}\1053.MST" SETUPEXEDIR="C:\Documents and Settings\Basaran\Skrivbord" AFTERREBOOT=1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program\Octoshape Streaming Services\Basaran\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Windows Update] GooGLed.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Windows Update] GooGLed.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program\Kwyshell\MidpX\JadInvoker\Extent\jad_wr ap.htm
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/am...1.11_en_dl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://64.21.226.243/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: cibjczdg - C:\WINDOWS\SYSTEM32\ccbaccb.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: EnGenius Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winegne.exe (file missing)
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\mmc\program\tvpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8717 bytes

Citera

2007-07-16, 23:40 #11

Medlem

Reg: Mar 2007

Inlägg: 12 238

ser inte ut som jag hoppades på, problemet är att det är nya filer som du har och det finns ännu inga verktyg som är uppdaterade för att fixa dom.

bocka för och fixa dessa
O2 - BHO: (no name) - {8AA68404-3934-4419-B516-CD910A965118} - c:\windows\system32\ccbaccb.dll
O2 - BHO: (no name) - {CFA0294C-1E16-4EA6-887D-AA90DD67304B} - c:\windows\system32\twqoxtdn.dll (file missing)

O4 - HKUS\S-1-5-18\..\RunServices: [Windows Update] GooGLed.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunServices: [Windows Update] GooGLed.exe (User 'Default user')

O20 - AppInit_DLLs:
O20 - Winlogon Notify: cibjczdg - C:\WINDOWS\SYSTEM32\ccbaccb.dll

gör en ny scan med HJT o posta den loggen.
antagligen kommer krävas en till åtgärd för att få bort
C:\WINDOWS\SYSTEM32\ccbaccb.dll

Citera

2007-07-16, 23:48 #12

Medlem

Reg: Nov 2005

Inlägg: 656

Okej då ska vi se nu..

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:47:27, on 2007-07-16
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Basaran\Skrivbord\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Flashback ExtLink - {2D0AFCC0-9149-49C1-BAD6-8A62CAEA5EF0} - (no file)
O2 - BHO: (no name) - {5C8B3666-29E6-4D91-9AC3-88AF076B3751} - C:\WINDOWS\System32\browsew.dll
O2 - BHO: (no name) - {8AA68404-3934-4419-B516-CD910A965118} - c:\windows\system32\ccbaccb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [Setup] "C:\Documents and Settings\Basaran\Skrivbord\setup.exe" /% /i "C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA69E27-E047-4765-A10B-13C307A4FC3B}\Trafikskolan TEO 2007.msi" TRANSFORMS="C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA 69E27-E047-4765-A10B-13C307A4FC3B}\1053.MST" SETUPEXEDIR="C:\Documents and Settings\Basaran\Skrivbord" AFTERREBOOT=1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program\Octoshape Streaming Services\Basaran\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program\Kwyshell\MidpX\JadInvoker\Extent\jad_wr ap.htm
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/am...1.11_en_dl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://64.21.226.243/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cibjczdg - C:\WINDOWS\SYSTEM32\ccbaccb.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: EnGenius Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winegne.exe (file missing)
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\mmc\program\tvpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8228 bytes

Citera

Har fått virus/spyware, hjälp?

Skapa ett konto eller logga in för att kommentera

Skapa ett konto

Logga in