HUHEUEHEUEHUH Skrivet 13 April 2008 Rapport Dela Skrivet 13 April 2008 Det går inte, och åter igen det går inte, XP Antivirus beskrivs eller så här står det; Ta bort XPAnti virus manuellt=Svårt. Så skicka pm till mig så ska jag berätta. Citera Länk till kommentar Dela på andra sajter More sharing options...
Kevve Skrivet 13 April 2008 Rapport Dela Skrivet 13 April 2008 (redigerat) Åtkomst nekad kan också bero på att processen fortfarande körs. Kör aktivitetshanteraren och ta en screenshot av din "Processer" tab. Annars kan du testa starta i felsäkert läge. Men ladda gärna ner HijackThis (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis), scana och posta loggen här inom ett [CODE][./code] Fält. Redigerat 13 April 2008 av HooRai Citera Länk till kommentar Dela på andra sajter More sharing options...
Gäst EDOBEM Skrivet 13 April 2008 Rapport Dela Skrivet 13 April 2008 (redigerat) Här är Hijack filen.Hijack filen går inte att bifoga? Ska testa o scanna Xpa med Nod32(30 days trial) Nu har jag gjort det och nod32 hittade inget i xpa. Redigerat 13 April 2008 av EDOBEM Citera Länk till kommentar Dela på andra sajter More sharing options...
Kevve Skrivet 13 April 2008 Rapport Dela Skrivet 13 April 2008 Edobem, kopiera texten och lägg den i ett [.CODE][/code] fält. Citera Länk till kommentar Dela på andra sajter More sharing options...
Noiseless Skrivet 14 April 2008 Rapport Dela Skrivet 14 April 2008 Testa att ta bort programet (filen) i commando? Citera Länk till kommentar Dela på andra sajter More sharing options...
Gäst EDOBEM Skrivet 14 April 2008 Rapport Dela Skrivet 14 April 2008 Edobem, kopiera texten och lägg den i ett [.CODE][/code] fält. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:59:40, on 2008-04-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program\Executive Software\Diskeeper\DkService.exe C:\Program\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program\Spyware Doctor\pctsAuxs.exe C:\Program\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program\Windows Media Player\WMPNetwk.exe C:\Program\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program\D-Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\nosign.exe C:\Program\MessengerPlus! 3\MsgPlus.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Messenger\msmsgs.exe C:\Program\Windows Media Player\WMPNSCFG.exe C:\Program\XP Antivirus\xpa.exe C:\Program\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: DVA Media - {82B8E0B5-45F5-4779-966A-C474164F8F7F} - C:\WINDOWS\temlxopqgdk.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: vnbptxlf - {2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3} - C:\WINDOWS\vnbptxlf.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Nosign_TRUST] nosign TRUST O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [xseqpc] C:\WINDOWS\system32\xseqpc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [qdraqygu] C:\WINDOWS\system32\knclgjat.exe O4 - HKCU\..\Run: [e©ùýùÖûïÕóÎêøøãøôãÊýùñûÉÞó] C:\Program\XP Antivirus\xpa.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133884443187 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136840480375 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O21 - SSODL: mgsvflkw - {48A6392C-6173-4985-A8C9-CBD83C391F37} - C:\WINDOWS\mgsvflkw.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe O23 - Service: Print Spooler Service (udshjeutab) - Unknown owner - C:\WINDOWS\system32\xseqpc.exe (file missing) -- End of file - 10026 bytes Har jag gjort rätt nu, elr? :P Citera Länk till kommentar Dela på andra sajter More sharing options...
Kevve Skrivet 14 April 2008 Rapport Dela Skrivet 14 April 2008 (redigerat) Ja. Jag kollade genom lite snabbt, och du kan döda "xpa.exe" från Processer i felsäkert läge. Och ta bort C:\Program\xp antivirus\ Foldern. Men om jag har rätt så sitter viruset ännu längre in, jag ska kolla lite på det. [EDIT] Hittade denna länken och du kan ju kolla om den funkar http://www.bleepingcomputer.com/forums/topic111715.html Redigerat 14 April 2008 av HooRai Citera Länk till kommentar Dela på andra sajter More sharing options...
Gäst EDOBEM Skrivet 14 April 2008 Rapport Dela Skrivet 14 April 2008 (redigerat) Det var det jag började med, att försöka ta bort xpa i C:\program :/ Tack så mkt för länken hoppas det funkar :) Redigerat 14 April 2008 av EDOBEM Citera Länk till kommentar Dela på andra sajter More sharing options...
Rekommendera inlägg
Gå med i konversationen
Du kan skriva nu och registrera dig senare. Om du har ett konto, logga in nu för att posta med ditt konto.