Har fått virus/spyware, hjälp?

2007-07-16, 23:52 #13

Medlem

Reg: Mar 2007

Inlägg: 12 238

http://swandog46.geekstogo.com/avenger.exe
spara exe filen på skrivbordet >starta programmet >bocka för input script manually >klicka på förstoringsglaset >kopiera in detta i fönstret:

Files to delete:
C:\WINDOWS\system32\ccbaccb.dll

klicka på done >klicka på gröna lampan >svara ja.
när datorn är färdig så ska en logg visas. posta den och en ny HJT logg.

visas ingen logg så finns den här C:\avenger.txt

Citera

2007-07-17, 00:30 #14

Medlem

Reg: Nov 2005

Inlägg: 656

Och så ser det ut när jag kollar filen genom unlocker..
http://img117.imageshack.us/my.php?image=bildru8.jpg

Och här är HJT loggen

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:31:45, on 2007-07-17
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Symantec\LiveUpdate\AUpdate.exe
C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\Basaran\Skrivbord\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Flashback ExtLink - {2D0AFCC0-9149-49C1-BAD6-8A62CAEA5EF0} - (no file)
O2 - BHO: (no name) - {5C8B3666-29E6-4D91-9AC3-88AF076B3751} - C:\WINDOWS\System32\browsew.dll
O2 - BHO: (no name) - {8AA68404-3934-4419-B516-CD910A965118} - c:\windows\system32\ccbaccb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [Setup] "C:\Documents and Settings\Basaran\Skrivbord\setup.exe" /% /i "C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA69E27-E047-4765-A10B-13C307A4FC3B}\Trafikskolan TEO 2007.msi" TRANSFORMS="C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA 69E27-E047-4765-A10B-13C307A4FC3B}\1053.MST" SETUPEXEDIR="C:\Documents and Settings\Basaran\Skrivbord" AFTERREBOOT=1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program\Octoshape Streaming Services\Basaran\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program\Kwyshell\MidpX\JadInvoker\Extent\jad_wr ap.htm
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/am...1.11_en_dl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://64.21.226.243/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cibjczdg - C:\WINDOWS\SYSTEM32\ccbaccb.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: EnGenius Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winegne.exe (file missing)
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\mmc\program\tvpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8155 bytes

Citera

2007-07-17, 00:42 #15

Medlem

Reg: Mar 2007

Inlägg: 12 238

gör en sökning på ccbaccb och berätta vilka filer som hittas.

vill du forsätt själv så kopiera in alla som börjar ccbaccb i avenger, tex

Files to delete:
C:\WINDOWS\system32\ccbaccb.dll
C:\WINDOWS\system32\ccbaccb.ini
C:\WINDOWS\system32\ccbaccb.bak

du kan även ta en kopia på mappen C:\_OTMoveIt\MovedFiles
skicka upp den

Citera

2007-07-17, 00:55 #16

Medlem

Reg: Nov 2005

Inlägg: 656

Citat:

Ursprungligen postat av 927

gör en sökning på ccbaccb och berätta vilka filer som hittas.

vill du forsätt själv så kopiera in alla som börjar ccbaccb i avenger, tex

Files to delete:
C:\WINDOWS\system32\ccbaccb.dll
C:\WINDOWS\system32\ccbaccb.ini
C:\WINDOWS\system32\ccbaccb.bak

du kan även ta en kopia på mappen C:\_OTMoveIt\MovedFiles
skicka upp den

http://img261.imageshack.us/my.php?image=bil111hj1.png

http://img119.imageshack.us/my.php?image=ssww0.png

Citera

2007-07-17, 01:11 #17

Medlem

Reg: Mar 2007

Inlägg: 12 238

du ska skicka upp mappen som fil alltså

vi testar så här då, start >kör >skriv: services.msc >ok
srolla ner till EnGenius Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winegne.exe (file missing)
>dubbelklicka på den och välj stoppa och där det står startmetod väljer du inaktiverad >ok

jag tror inte filen finns men kolla
C:\WINDOWS\System32\dllcache\winegne.exe

sen kör du avenger igen, kopiera in

Files to delete:
C:\WINDOWS\system32\ccbaccb.dll
C:\WINDOWS\system32\ccbaccb.dll.bak

menar du att startsidan är gråmarkerad?

Citera

2007-07-17, 01:29 #18

Medlem

Reg: Nov 2005

Inlägg: 656

Citat:

Ursprungligen postat av 927

du ska skicka upp mappen som fil alltså

vi testar så här då, start >kör >skriv: services.msc >ok
srolla ner till EnGenius Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winegne.exe (file missing)
>dubbelklicka på den och välj stoppa och där det står startmetod väljer du inaktiverad >ok

jag tror inte filen finns men kolla
C:\WINDOWS\System32\dllcache\winegne.exe

sen kör du avenger igen, kopiera in

Files to delete:
C:\WINDOWS\system32\ccbaccb.dll
C:\WINDOWS\system32\ccbaccb.dll.bak

menar du att startsidan är gråmarkerad?

Gjorde allt som du sa, men det gick inte.
C:\WINDOWS\System32\dllcache\winegne.exe hade jag kastat tidigare redan.

Citera

2007-07-17, 01:30 #19

Medlem

Reg: Mar 2007

Inlägg: 12 238

posta avenger loggen

Citera

2007-07-17, 01:42 #20

Medlem

Reg: Nov 2005

Inlägg: 656

Citat:

Ursprungligen postat av 927

posta avenger loggen

Citera

2007-07-17, 01:55 #21

Medlem

Reg: Mar 2007

Inlägg: 12 238

jag ska kolla upp detta med han som gjort programmet avenger

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Download Combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

posta även en ny HJT logg, man vet aldrig vad som ändras...

jag har inte frågat men jag antar att du vet vad detta är
O4 - HKLM\..\RunOnce: [Setup] "C:\Documents and Settings\Basaran\Skrivbord\setup.exe" /% /i "C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA69E27-E047-4765-A10B-13C307A4FC3B}\Trafikskolan TEO 2007.msi" TRANSFORMS="C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA 69E27-E047-4765-A10B-13C307A4FC3B}\1053.MST" SETUPEXEDIR="C:\Documents and Settings\Basaran\Skrivbord" AFTERREBOOT=1

Citera

2007-07-17, 02:53 #22

Medlem

Reg: Nov 2005

Inlägg: 656

Citat:

Ursprungligen postat av 927

jag ska kolla upp detta med han som gjort programmet avenger

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Download Combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

posta även en ny HJT logg, man vet aldrig vad som ändras...

jag har inte frågat men jag antar att du vet vad detta är
O4 - HKLM\..\RunOnce: [Setup] "C:\Documents and Settings\Basaran\Skrivbord\setup.exe" /% /i "C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA69E27-E047-4765-A10B-13C307A4FC3B}\Trafikskolan TEO 2007.msi" TRANSFORMS="C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA 69E27-E047-4765-A10B-13C307A4FC3B}\1053.MST" SETUPEXEDIR="C:\Documents and Settings\Basaran\Skrivbord" AFTERREBOOT=1

Vad är vad?

förstod inte

här är nya hjt loggen

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 02:51, on 2007-07-17
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Basaran\Skrivbord\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Flashback ExtLink - {2D0AFCC0-9149-49C1-BAD6-8A62CAEA5EF0} - (no file)
O2 - BHO: (no name) - {5C8B3666-29E6-4D91-9AC3-88AF076B3751} - C:\WINDOWS\System32\browsew.dll
O2 - BHO: (no name) - {8AA68404-3934-4419-B516-CD910A965118} - c:\windows\system32\ccbaccb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: (no name) - {CFA0294C-1E16-4EA6-887D-AA90DD67304B} - c:\windows\system32\twqoxtdn.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program\Prevx2\PXConsole.exe"
O4 - HKLM\..\RunOnce: [Setup] "C:\Documents and Settings\Basaran\Skrivbord\setup.exe" /% /i "C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA69E27-E047-4765-A10B-13C307A4FC3B}\Trafikskolan TEO 2007.msi" TRANSFORMS="C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA 69E27-E047-4765-A10B-13C307A4FC3B}\1053.MST" SETUPEXEDIR="C:\Documents and Settings\Basaran\Skrivbord" AFTERREBOOT=1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program\Octoshape Streaming Services\Basaran\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program\Kwyshell\MidpX\JadInvoker\Extent\jad_wr ap.htm
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/am...1.11_en_dl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://64.21.226.243/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cibjczdg - C:\WINDOWS\SYSTEM32\ccbaccb.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\mmc\program\tvpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8065 bytes

och combofix gick inte att använda blev nåt fel så den stängdes av

Citera

2007-07-17, 02:53 #23

Medlem

Reg: Nov 2005

Inlägg: 656

Citat:

Ursprungligen postat av 927

jag ska kolla upp detta med han som gjort programmet avenger

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Download Combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

posta även en ny HJT logg, man vet aldrig vad som ändras...

jag har inte frågat men jag antar att du vet vad detta är
O4 - HKLM\..\RunOnce: [Setup] "C:\Documents and Settings\Basaran\Skrivbord\setup.exe" /% /i "C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA69E27-E047-4765-A10B-13C307A4FC3B}\Trafikskolan TEO 2007.msi" TRANSFORMS="C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA 69E27-E047-4765-A10B-13C307A4FC3B}\1053.MST" SETUPEXEDIR="C:\Documents and Settings\Basaran\Skrivbord" AFTERREBOOT=1

Vad är vad?

förstod inte

här är nya hjt loggen

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 02:51, on 2007-07-17
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Basaran\Skrivbord\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Flashback ExtLink - {2D0AFCC0-9149-49C1-BAD6-8A62CAEA5EF0} - (no file)
O2 - BHO: (no name) - {5C8B3666-29E6-4D91-9AC3-88AF076B3751} - C:\WINDOWS\System32\browsew.dll
O2 - BHO: (no name) - {8AA68404-3934-4419-B516-CD910A965118} - c:\windows\system32\ccbaccb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: (no name) - {CFA0294C-1E16-4EA6-887D-AA90DD67304B} - c:\windows\system32\twqoxtdn.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program\Prevx2\PXConsole.exe"
O4 - HKLM\..\RunOnce: [Setup] "C:\Documents and Settings\Basaran\Skrivbord\setup.exe" /% /i "C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA69E27-E047-4765-A10B-13C307A4FC3B}\Trafikskolan TEO 2007.msi" TRANSFORMS="C:\DOCUME~1\Basaran\LOKALA~1\Temp\{CBA 69E27-E047-4765-A10B-13C307A4FC3B}\1053.MST" SETUPEXEDIR="C:\Documents and Settings\Basaran\Skrivbord" AFTERREBOOT=1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program\Octoshape Streaming Services\Basaran\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program\Kwyshell\MidpX\JadInvoker\Extent\jad_wr ap.htm
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/am...1.11_en_dl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://64.21.226.243/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cibjczdg - C:\WINDOWS\SYSTEM32\ccbaccb.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\mmc\program\tvpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8065 bytes

Citera

2007-07-17, 03:14 #24

Medlem

Reg: Nov 2005

Inlägg: 656

Combofix texten var för stor så jag ladda upp den i stället

http://rapidshare.com/files/43337669/ComboFiX.txt.html

Citera

Har fått virus/spyware, hjälp?

Skapa ett konto eller logga in för att kommentera

Skapa ett konto

Logga in