Stort problem med datan

Adnan22 · Oktober 26, 2008

*********************************************

2009-01-08:

Tråden är nu låst.

Tycker du att den är felaktigt låst, var god kontakta

*********************************************

Min explorer crashar hela tiden non stop och startas om........dvs alla ikoner försvinner och kommer tillbaka konstant. Jag undrar om något angripit datan? Här är en HJT logga.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:10:50 PM, on 10/26/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:ProgramLavasoftAd-Awareaawservice.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32LEXPPS.EXE

C:WINDOWSsystem32spoolsv.exe

C:ProgramCyberLinkPowerCinemaPCMService.exe

C:ProgramJavajre1.6.0_07binjusched.exe

C:ProgramDelade filerRealUpdate_OBrealsched.exe

C:ProgramMicrosoft OfficeOffice12GrooveMonitor.exe

C:ProgramSpyware DoctorpctsTray.exe

C:ProgramCyberLinkPowerCinemaKernelTVCLCapSvc.exe

C:WINDOWSsystem32CTsvcCDA.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgramCyberLinkShared FilesCLML_NTServiceCLMLServer.exe

C:ProgramCyberLinkShared FilesCLML_NTServiceCLMLService.exe

C:ProgramATI TechnologiesATI.ACECore-StaticMOM.EXE

C:ProgramMicrosoft ActiveSyncWCESCOMM.EXE

C:WINDOWSsystem32PnkBstrA.exe

C:ProgramSpyware DoctorpctsAuxs.exe

C:ProgramSpyware DoctorpctsSvc.exe

C:ProgramATI TechnologiesATI.ACECore-Staticccc.exe

C:WINDOWSSystem32svchost.exe

C:ProgramCyberLinkPowerCinemaKernelTVCLSched.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSsystem32taskmgr.exe

C:ProgramSpyware DoctorpctsGui.exe

C:ProgramTrend MicroHijackThisRensare.exe.exe

C:WINDOWSsystem32wuauclt.exe

C:ProgramMozilla Firefoxfirefox.exe

C:WINDOWSSystem32wbemwmiprvse.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.bredbandsbolaget.se/mittkonto

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgramDelade filerAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_07binssv.dll

O2 - BHO: (no name) - {790F939F-D269-421E-97CB-6B3017A90427} - C:WINDOWSsystem32geBrsRIA.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:ProgramFree Download Manageriefdm2.dll

O2 - BHO: (no name) - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - (no file)

O2 - BHO: (no name) - {DD153FDB-E2FB-40D2-8E36-F21C36B51DAD} - C:WINDOWSsystem32jkkIAQKD.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O4 - HKLM..Run: [ATICCC] "C:ProgramATI TechnologiesATI.ACECLIStart.exe"

O4 - HKLM..Run: [PCMService] "C:ProgramCyberLinkPowerCinemaPCMService.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_07binjusched.exe"

O4 - HKLM..Run: [AtiPTA] atiptaxx.exe

O4 - HKLM..Run: [TkBellExe] "C:ProgramDelade filerRealUpdate_OBrealsched.exe" -osboot

O4 - HKLM..Run: [GrooveMonitor] "C:ProgramMicrosoft OfficeOffice12GrooveMonitor.exe"

O4 - HKLM..Run: [bVRPLiveUpdate] C:ProgramAvanquest updateEngineSetup.exe -s /PATCH,/SRCUPDATEC:DOCUME~1ALLUSE~1APPLIC~1SONYER~1SONYER~1LIVEUP~1LISTOF~1.DAT

O4 - HKLM..Run: [windows32] C:WINDOWS:windows32.exe

O4 - HKLM..Run: [iSTray] "C:ProgramSpyware DoctorpctsTray.exe"

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [startCCC] C:ProgramATI TechnologiesATI.ACECore-StaticCLIStart.exe

O4 - HKCU..Run: [H/PC Connection Agent] "C:ProgramMicrosoft ActiveSyncWCESCOMM.EXE"

O4 - HKCU..Run: [msnmsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background

O4 - HKCU..Run: [sony Ericsson PC Suite] "C:ProgramSony EricssonSony Ericsson PC SuiteSEPCSuite.exe" /systray /nologon

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:ProgramFree Download Managerdlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:ProgramFree Download Managerdlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:ProgramFree Download Managerdlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:ProgramFree Download Managerdllink.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~3Office12EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:ProgramWindows Live ToolbarComponentsen-gbmsntabres.dll.mui/229?478aef9e5494442eb73b7b681ebd6796

O8 - Extra context menu item: Open in new foreground tab - res://C:ProgramWindows Live ToolbarComponentsen-gbmsntabres.dll.mui/230?478aef9e5494442eb73b7b681ebd6796

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_07binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_07binssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:ProgramMICROS~3Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:ProgramMICROS~3Office12ONBttnIE.dll

O9 - Extra button: Skapa mobilfavorit - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:ProgramMicrosoft ActiveSyncinetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:ProgramMicrosoft ActiveSyncinetrepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:ProgramMicrosoft ActiveSyncinetrepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~3Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: Antiwpa - C:WINDOWSSYSTEM32antiwpa.dll

O20 - Winlogon Notify: jkkIAQKD - C:WINDOWSSYSTEM32jkkIAQKD.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:ProgramLavasoftAd-Awareaawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:ProgramDelade filerAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:ProgramCyberLinkPowerCinemaKernelTVCLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:ProgramCyberLinkPowerCinemaKernelTVCLSched.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:ProgramCyberLinkShared FilesCLML_NTServiceCLMLServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:ProgramiPodbiniPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:ProgramNeroNero 7Nero BackItUpNBService.exe

O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:ProgramSpyware DoctorpctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:ProgramSpyware DoctorpctsSvc.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:WINDOWSSYSTEM32slserv.exe

--

End of file - 10361 bytes

Oktober 26, 2008

Hej Adnan22!

Nog är din dator angripen alltid.

Vad använder du för antivirusprogram (ser inte till något)?

Om du inte har något så hämta hem/installera ett.

Antivirusprogram (Gratis för hemanvändaren):

http://www.alltomxp.se/forum/index.php?topic=2354.0

Gå vidare med nedanstående:

MSN-Virus/Trojaner (Nerladdning/Instruktioner):

http://www.alltomxp.se/forum/index.php?topic=13280.0

Då du gjort ovanstående kopiera in loggarna hit till din tråd så går vi vidare

MVH/Malou

Adnan22 · Oktober 26, 2008

Jag använde NOD ett tag och avinstallerade idag då licensen löpt ut.......när detta hände precis efter.

Oktober 26, 2008

Jag använde NOD ett tag och avinstallerade idag då licensen löpt ut.......när detta hände precis efter.

Ok.

Hämta hem/installera ett antivirusprogram som jag rekommenderade i mitt tidigare inlägg. Då du gjort så så gå vidare med resterande och återkom med loggar

MVH/Malou

Adnan22 · Oktober 26, 2008

Hmmm det där programmet hittar ingenting och ger mig ingen logga. Explorer crashar fortfarande non stop och jag måste ta mig fram med aktivitetshanteraren alternativt snabbklick när den kommer tillbaka. Här är en ny HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:25:58 PM, on 10/26/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:ProgramLavasoftAd-Awareaawservice.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32LEXPPS.EXE

C:ProgramAVGAVG8avgwdsvc.exe

C:ProgramCyberLinkPowerCinemaKernelTVCLCapSvc.exe

C:WINDOWSsystem32CTsvcCDA.exe

C:ProgramCyberLinkShared FilesCLML_NTServiceCLMLServer.exe

C:ProgramCyberLinkShared FilesCLML_NTServiceCLMLService.exe

C:WINDOWSsystem32PnkBstrA.exe

C:ProgramSpyware DoctorpctsAuxs.exe

C:ProgramSpyware DoctorpctsSvc.exe

C:ProgramAVGAVG8avgrsx.exe

C:WINDOWSsystem32slserv.exe

C:WINDOWSSystem32svchost.exe

C:ProgramSpyware DoctorpctsTray.exe

C:ProgramCyberLinkPowerCinemaKernelTVCLSched.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSsystem32taskmgr.exe

C:WINDOWSsystem32imapi.exe

C:ProgramMozilla Firefoxfirefox.exe

C:ProgramTrend MicroHijackThisRensare.exe.exe

C:WINDOWSSystem32wbemwmiprvse.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.bredbandsbolaget.se/mittkonto

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgramDelade filerAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: (no name) - {2D18BFED-B6AE-45A8-93A0-6E9E0D419D1B} - C:WINDOWSsystem32geBrsRIA.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:ProgramAVGAVG8avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_07binssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:ProgramFree Download Manageriefdm2.dll

O2 - BHO: (no name) - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - (no file)

O2 - BHO: (no name) - {DD153FDB-E2FB-40D2-8E36-F21C36B51DAD} - C:WINDOWSsystem32jkkIAQKD.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O4 - HKLM..Run: [ATICCC] "C:ProgramATI TechnologiesATI.ACECLIStart.exe"

O4 - HKLM..Run: [PCMService] "C:ProgramCyberLinkPowerCinemaPCMService.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_07binjusched.exe"

O4 - HKLM..Run: [AtiPTA] atiptaxx.exe

O4 - HKLM..Run: [TkBellExe] "C:ProgramDelade filerRealUpdate_OBrealsched.exe" -osboot

O4 - HKLM..Run: [GrooveMonitor] "C:ProgramMicrosoft OfficeOffice12GrooveMonitor.exe"

O4 - HKLM..Run: [bVRPLiveUpdate] C:ProgramAvanquest updateEngineSetup.exe -s /PATCH,/SRCUPDATEC:DOCUME~1ALLUSE~1APPLIC~1SONYER~1SONYER~1LIVEUP~1LISTOF~1.DAT

O4 - HKLM..Run: [windows32] C:WINDOWS:windows32.exe

O4 - HKLM..Run: [iSTray] "C:ProgramSpyware DoctorpctsTray.exe"

O4 - HKLM..Run: [AVG8_TRAY] C:ProgramAVGAVG8avgtray.exe

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [startCCC] C:ProgramATI TechnologiesATI.ACECore-StaticCLIStart.exe

O4 - HKCU..Run: [H/PC Connection Agent] "C:ProgramMicrosoft ActiveSyncWCESCOMM.EXE"

O4 - HKCU..Run: [msnmsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background

O4 - HKCU..Run: [sony Ericsson PC Suite] "C:ProgramSony EricssonSony Ericsson PC SuiteSEPCSuite.exe" /systray /nologon

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:ProgramFree Download Managerdlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:ProgramFree Download Managerdlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:ProgramFree Download Managerdlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:ProgramFree Download Managerdllink.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~3Office12EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:ProgramWindows Live ToolbarComponentsen-gbmsntabres.dll.mui/229?478aef9e5494442eb73b7b681ebd6796

O8 - Extra context menu item: Open in new foreground tab - res://C:ProgramWindows Live ToolbarComponentsen-gbmsntabres.dll.mui/230?478aef9e5494442eb73b7b681ebd6796

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_07binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_07binssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:ProgramMICROS~3Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:ProgramMICROS~3Office12ONBttnIE.dll

O9 - Extra button: Skapa mobilfavorit - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:ProgramMicrosoft ActiveSyncinetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:ProgramMicrosoft ActiveSyncinetrepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:ProgramMicrosoft ActiveSyncinetrepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~3Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:ProgramAVGAVG8avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: Antiwpa - C:WINDOWSSYSTEM32antiwpa.dll

O20 - Winlogon Notify: jkkIAQKD - jkkIAQKD.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:ProgramLavasoftAd-Awareaawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:ProgramDelade filerAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:ProgramAVGAVG8avgwdsvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:ProgramCyberLinkPowerCinemaKernelTVCLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:ProgramCyberLinkPowerCinemaKernelTVCLSched.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:ProgramCyberLinkShared FilesCLML_NTServiceCLMLServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:ProgramiPodbiniPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:ProgramNeroNero 7Nero BackItUpNBService.exe

O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:ProgramSpyware DoctorpctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:ProgramSpyware DoctorpctsSvc.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:WINDOWSSYSTEM32slserv.exe

--

End of file - 10441 bytes

Oktober 26, 2008

Hej Adnan22!

Ok.

Då tar vi till ComboFix och ser vad den har att erbjuda

Hämta hem ComboFix från nedanstående länk:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

1: Spara ComboFix till skrivbordet:

OBS:

Dra ur Internetanslutningen => stäng av/avaktivera antivirusprogram/antispionprogram.

Gå nu vidare med nedanstående:.

1: Dubbelklicka på ComboFix för att starta den

2: Följ anvisningarna som visas på skärmen.

3: När den är färdig så skall en text-logg komma upp, kopiera och klistra in den här

Kan även hittas här => (C:ComboFix.txt)

4: Gör en ny TM HJT-logg, kopiera även in den.

VIKTIGT! Klicka INTE på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

OBS:

Kontrollera att antivirusprogram/antispionprogram mm är återaktiverade innan du ansluter till Internet.

OBSERVERA:

Verktyget/Programmet kan ge problem med uppkopplingen (tex trådlös).

Om problem uppstår prova då nedanstående.

Gå till => Kontrollpanelen => Nätverksanslutningar => högerklicka på din Internetanslutning => välj Reparera

ELLER

Starta om datorn.

VARNING!:

ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

MVH/Malou

Adnan22 · Oktober 26, 2008

Nu funkar allt som vanligt! Tack Malou du är en pärla som vanligt. Här är combofix loggan.

ComboFix 08-10-25.01 - adnan 2008-10-26 15:10:32.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.527 [GMT 1:00]

Running from: C:Documents and SettingsadnanSkrivbordComboFix.exe

* Created a new restore point

.

ADS - WINDOWS: deleted 33809 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat

C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat

C:ProgramINSTALL.LOG

C:WINDOWSsystem32AIRsrBeg.ini

C:WINDOWSsystem32AIRsrBeg.ini2

C:WINDOWSsystem32exec1.exe

C:WINDOWSsystem32geBrsRIA.dll

----- BITS: Possible infected sites -----

hxxp://wzporn.com

.

((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))

.

2008-10-26 14:00 . 2008-10-26 15:04 <KAT> d--h----- C:$AVG8.VAULT$

2008-10-26 13:55 . 2008-10-26 13:55 <KAT> d-------- C:ProgramAVG

2008-10-26 13:55 . 2008-10-26 13:55 97,928 --a------ C:WINDOWSsystem32driversavgldx86.sys

2008-10-26 13:55 . 2008-10-26 13:55 10,520 --a------ C:WINDOWSsystem32avgrsstx.dll

2008-10-26 13:37 . 2008-08-29 03:49 102,664 --a------ C:WINDOWSsystem32driverstmcomm.sys

2008-10-26 09:50 . 2008-10-26 13:57 <KAT> d-------- C:WINDOWSsystem32driversAvg

2008-10-26 09:48 . 2008-10-26 10:13 <KAT> d-------- C:ProgramAVG(2)

2008-10-26 09:47 . 2008-10-26 13:55 <KAT> d-------- C:Documents and SettingsAll UsersApplication Dataavg8

2008-10-26 08:20 . 2008-10-26 09:43 54,156 --ah----- C:WINDOWSQTFont.qfn

2008-10-26 08:20 . 2008-10-26 08:20 1,409 --a------ C:WINDOWSQTFont.for

2008-10-24 03:48 . 2008-10-15 17:38 337,408 -----c--- C:WINDOWSsystem32dllcachenetapi32.dll

2008-10-15 15:54 . 2008-09-15 16:27 1,846,400 -----c--- C:WINDOWSsystem32dllcachewin32k.sys

2008-10-15 15:43 . 2008-09-08 11:41 333,824 -----c--- C:WINDOWSsystem32dllcachesrv.sys

2008-10-15 15:41 . 2008-08-14 14:27 2,189,952 -----c--- C:WINDOWSsystem32dllcachentoskrnl.exe

2008-10-15 15:41 . 2008-08-14 14:27 2,146,304 -----c--- C:WINDOWSsystem32dllcachentkrnlmp.exe

2008-10-15 15:41 . 2008-08-14 14:27 2,066,816 -----c--- C:WINDOWSsystem32dllcachentkrnlpa.exe

2008-10-15 15:41 . 2008-08-14 14:27 2,024,960 -----c--- C:WINDOWSsystem32dllcachentkrpamp.exe

2008-10-08 06:32 . 2008-10-08 06:32 268 --ah----- C:sqmdata12.sqm

2008-10-08 06:32 . 2008-10-08 06:32 244 --ah----- C:sqmnoopt12.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-26 14:26 --------- d---a-w C:Documents and SettingsAll UsersApplication DataTEMP

2008-10-26 09:56 --------- d-----w C:ProgramSpyware Doctor

2008-10-26 08:34 --------- d-----w C:Documents and SettingsadnanApplication DatauTorrent

2008-10-25 12:46 --------- d-----w C:Documents and SettingsadnanApplication Datadvdcss

2008-10-19 01:57 --------- d-----w C:ProgramTVUPlayer

2008-10-18 11:14 --------- d-----w C:ProgrammIRC

2008-10-15 16:31 --------- d-----w C:Documents and SettingsAll UsersApplication DataMicrosoft Help

2008-10-08 13:42 --------- d-----w C:Documents and SettingsAll UsersApplication DataDVD Shrink

2008-10-01 11:57 --------- d--h--w C:ProgramInstallShield Installation Information

2008-10-01 11:38 --------- d-----w C:ProgramFiraxis Games

2008-09-25 14:25 --------- d-----w C:Documents and SettingsadnanApplication DataBearShare

2008-09-25 14:24 --------- d-----w C:ProgramBearShare Applications

2008-09-24 15:01 --------- d-----w C:ProgramESET

2008-09-24 15:01 --------- d-----w C:Documents and SettingsAll UsersApplication DataESET

2008-09-24 14:06 --------- d-----w C:ProgramLimeWire

2008-09-22 19:38 81,288 ----a-w C:WINDOWSsystem32driversiksyssec.sys

2008-09-22 19:38 66,952 ----a-w C:WINDOWSsystem32driversiksysflt.sys

2008-09-22 19:38 40,840 ----a-w C:WINDOWSsystem32driversikfilesec.sys

2008-09-22 18:52 279,712 ----a-w C:WINDOWSsystem32driversatksgt.sys

2008-09-22 18:52 25,888 ----a-w C:WINDOWSsystem32driverslirsgt.sys

2008-09-22 18:32 --------- d-----w C:ProgramDeep Silver

2008-09-22 13:55 --------- d-----w C:Documents and SettingsadnanApplication DataXRay Engine

2008-09-22 05:26 --------- d-----w C:ProgramStarcraft

2008-09-20 13:53 --------- d-----w C:ProgramAGEIA Technologies

2008-09-20 13:52 --------- d-----w C:ProgramDelade filerWise Installation Wizard

2008-09-17 12:31 --------- d-----w C:ProgramMount&Blade

2008-09-15 19:37 --------- d-----w C:ProgramEidos Interactive

2008-09-14 13:17 --------- d-----w C:ProgramDriver Cleaner

2008-09-14 09:36 --------- d-----w C:ProgramTHQ

2008-09-13 19:10 98,304 ----a-w C:WINDOWSDUMPc18a.tmp

2008-09-12 12:09 --------- d-----w C:ProgramInfogrames

2008-09-12 03:58 --------- d-----w C:ProgramSystemRequirementsLab

2008-09-12 03:58 --------- d-----w C:Documents and SettingsadnanApplication DataSystemRequirementsLab

2008-09-11 18:43 --------- d-----w C:Documents and SettingsadnanApplication DataMount&Blade

2008-09-08 10:41 333,824 ----a-w C:WINDOWSsystem32driverssrv.sys

2008-09-06 12:58 --------- d-----w C:ProgramElectronic Arts

2008-09-06 11:25 --------- d-----w C:ProgramHogs of War

2008-09-01 18:43 --------- d-----w C:ProgramSony

2008-08-26 16:32 --------- d-----w C:Documents and SettingsadnanApplication DataFree Download Manager

2008-03-13 20:22 72 ----a-w C:ProgramUNWISE.INI

2008-03-01 21:49 22,328 ----a-w C:Documents and SettingsadnanApplication DataPnkBstrK.sys

1999-06-25 09:55 149,504 ----a-w C:ProgramUNWISE.EXE

.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:WINDOWS$hf_mig$KB917953SP2QFEtcpip.sys

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:WINDOWS$hf_mig$KB941644SP2QFEtcpip.sys

2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 C:WINDOWS$hf_mig$KB951748SP2QFEtcpip.sys

2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:WINDOWS$hf_mig$KB951748SP3GDRtcpip.sys

2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e C:WINDOWS$hf_mig$KB951748SP3QFEtcpip.sys

2008-07-29 16:52 360320 3adce4790f591bf160a94f6f08039577 C:WINDOWS$NtServicePackUninstall$tcpip.sys

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:WINDOWS$NtUninstallKB917953$tcpip.sys

2006-12-26 18:27 359808 de891ad282e856acfd40990094a63b6f C:WINDOWS$NtUninstallKB941644$tcpip.sys

2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 C:WINDOWS$NtUninstallKB951748$tcpip.sys

2008-04-10 18:02 360064 8283a4d489b207991efdc8328733d0bc C:WINDOWS$NtUninstallKB951748_0$tcpip.sys

2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 C:WINDOWSServicePackFilesi386TCPIP.SYS

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:WINDOWSSoftwareDistributionDownloadS-1-5-18d007e13692a595ee07f03a4ed81aa336backupsp2gdrtcpip.sys

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:WINDOWSSoftwareDistributionDownloadS-1-5-18d007e13692a595ee07f03a4ed81aa336backupsp2qfetcpip.sys

2008-08-05 09:51 361600 d24ea301e2b36c4e975fd216ca85d8e7 C:WINDOWSsystem32dllcacheTCPIP.SYS

2008-08-05 09:51 361600 d24ea301e2b36c4e975fd216ca85d8e7 C:WINDOWSsystem32driversTCPIP.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2008-04-14 15360]

"StartCCC"="C:ProgramATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2006-11-10 90112]

"H/PC Connection Agent"="C:ProgramMicrosoft ActiveSyncWCESCOMM.EXE" [2004-02-24 401491]

"msnmsgr"="C:ProgramWindows LiveMessengermsnmsgr.exe" [2007-10-18 5724184]

"Sony Ericsson PC Suite"="C:ProgramSony EricssonSony Ericsson PC SuiteSEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"ATICCC"="C:ProgramATI TechnologiesATI.ACECLIStart.exe" [2006-09-25 90112]

"PCMService"="C:ProgramCyberLinkPowerCinemaPCMService.exe" [2005-05-23 127118]

"SunJavaUpdateSched"="C:ProgramJavajre1.6.0_07binjusched.exe" [2008-06-10 144784]

"TkBellExe"="C:ProgramDelade filerRealUpdate_OBrealsched.exe" [2007-03-25 185896]

"GrooveMonitor"="C:ProgramMicrosoft OfficeOffice12GrooveMonitor.exe" [2007-08-24 33648]

"ISTray"="C:ProgramSpyware DoctorpctsTray.exe" [2008-09-22 1168264]

"AVG8_TRAY"="C:ProgramAVGAVG8avgtray.exe" [2008-10-26 1234712]

"LexPPS.exe"="C:WINDOWSsystem32lexpps.exe" [2003-07-25 174592]

"AtiPTA"="atiptaxx.exe" [2006-02-22 C:WINDOWSsystem32atiptaxx.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="C:WINDOWSSystem32CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]

"MSACM.CEGSM"= mobilev.acm

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"C:ProgramMicrosoft ActiveSyncwcescomm.exe"=

"C:ProgramuTorrentutorrent.exe"=

"C:ProgramMicrosoft OfficeOffice12OUTLOOK.EXE"=

"C:ProgramMicrosoft OfficeOffice12GROOVE.EXE"=

"C:ProgramMicrosoft OfficeOffice12ONENOTE.EXE"=

"C:ProgramEA GamesCommand & Conquer The First DecadeCommand & Conquer Red Alert IIRA2gamemd.exe"=

"C:ProgramEA GamesCommand & Conquer The First DecadeCommand & Conquer Red Alert IIRA2mphmd.exe"=

"C:ProgramEA GamesCommand & Conquer The First DecadeCommand & Conquer RenegadeRenegadeGame.exe"=

"C:ProgramValvehl.exe"=

"C:ProgrammIRCmirc.exe"=

"C:ProgramValveSteamSteamAppsadnan22counter-strikehl.exe"=

"C:ProgramMozilla Firefoxfirefox.exe"=

"C:ProgramSopCastSopCast.exe"=

"C:Documents and SettingsadnanApplication DataSopCastadvSopAdver.exe"=

"C:ProgramMessengermsmsgs.exe"=

"C:ProgramValveSteamSteamAppsadnan22condition zerohl.exe"=

"C:ProgramGameSpy ArcadeAphex.exe"=

"C:ProgramEA GamesBattlefield 1942BF1942.exe"=

"C:WINDOWSsystem32PnkBstrA.exe"=

"C:WINDOWSsystem32PnkBstrB.exe"=

"C:ProgramMicrosoft ActiveSyncWCESMgr.exe"=

"C:ProgramSoulseekslsk.exe"=

"C:ProgramProxy Switcher StandardProxySwitcher.exe"=

"C:ProgramTHQDawn of WarW40k.exe"=

"C:ProgramTHQDawn of War - Dark CrusadeDarkCrusade.exe"=

"C:ProgramTHQDawn of War - SoulstormSoulstorm.exe"=

"C:ProgramiTunesiTunes.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"%windir%system32sessmgr.exe"=

"C:ProgramWindows LiveMessengermsnmsgr.exe"=

"C:ProgramWindows LiveMessengerlivecall.exe"=

"C:ProgramSonyStationLaunchpadLaunchPad.exe"=

"C:ProgramSonyStationLaunchpad_aunchPad.exe"=

"C:ProgramLimeWireLimeWire.exe"=

"C:ProgramBearShare ApplicationsBearShareBearShare.exe"=

"C:ProgramAVGAVG8avgupd.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]

"16699:UDP"= 16699:UDP:port

"55641:TCP"= 55641:TCP:torrent

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:WINDOWSsystem32Driversavgldx86.sys [2008-10-26 97928]

S1 pctfw2;pctfw2;C:WINDOWSsystem32driverspctfw2.sys [2008-06-02 159880]

S2 avg8wd;AVG Free8 WatchDog;C:ProgramAVGAVG8avgwdsvc.exe [2008-10-26 231704]

S2 DLPortIO;DriverLINX Port I/O Driver;C:WINDOWSsystem32DRIVERSDLPortIO.SYS [1999-01-10 3584]

S2 EZUSB;Cypress GPD (ezloader.sys);C:WINDOWSsystem32Driversezloader.sys [2004-07-22 17536]

S2 EZUSBDEV;Cypress GPD (ezusb.sys);C:WINDOWSsystem32Driversezusb.sys [2004-07-22 12307]

S3 a016bus;Sony Ericsson Device A016 driver (WDM);C:WINDOWSsystem32DRIVERSa016bus.sys [2008-01-18 83880]

S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;C:WINDOWSsystem32DRIVERSa016mdfl.sys [2008-01-18 15016]

S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;C:WINDOWSsystem32DRIVERSa016mdm.sys [2008-01-18 110504]

S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);C:WINDOWSsystem32DRIVERSa016mgmt.sys [2008-01-18 104488]

S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;C:WINDOWSsystem32DRIVERSa016obex.sys [2008-01-18 100648]

S3 STAC97NA;SigmaTel 3D Environmental Audio;C:WINDOWSsystem32driversstac97na.sys [2002-09-20 296179]

S3 STAC97NH;STAC97NH;C:WINDOWSsystem32driversstac97nh.sys [2002-09-20 231983]

*Newly Created Service* - EZUSB

*Newly Created Service* - EZUSBDEV

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{DDE9D8F8-7939-0C02-2F56-385F01DC566F}]

C:WINDOWS:windows32.exe

.

Contents of the 'Scheduled Tasks' folder

2008-10-20 C:WINDOWSTasksAppleSoftwareUpdate.job

- C:ProgramApple Software UpdateSoftwareUpdate.exe [2006-10-10 17:13]

2008-10-26 C:WINDOWSTasksCheck Updates for Windows Live Toolbar.job

- C:ProgramWindows Live ToolbarMSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHANS REMOVED - - - -

BHO-{2D18BFED-B6AE-45A8-93A0-6E9E0D419D1B} - C:WINDOWSsystem32geBrsRIA.dll

BHO-{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD} - C:WINDOWSsystem32jkkIAQKD.dll

HKLM-Run-BVRPLiveUpdate - C:ProgramAvanquest updateEngineSetup.exe

ShellExecuteHooks-{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD} - C:WINDOWSsystem32jkkIAQKD.dll

Notify-jkkIAQKD - jkkIAQKD.dll

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:Documents and SettingsadnanApplication DataMozillaFirefoxProfiles1xxvpbv4.default

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT189560&SearchSource=3&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.conduit.com/?ctid=CT189560&SearchSource=13

FF -: plugin - C:ProgramDivXDivX Content UploadernpUpload.dll

FF -: plugin - C:ProgramMozilla Firefoxpluginsnpbittorrent.dll

FF -: plugin - C:ProgramRealRhapsodyPlayerEnginenprhapengine.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-26 15:27:05

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:WINDOWSsystem32winlogon.exe

-> C:WINDOWSsystem32tsd32.dll

-> C:WINDOWSsystem32mobilev.acm

.

------------------------ Other Running Processes ------------------------

.

C:ProgramLavasoftAd-Awareaawservice.exe

C:ProgramSpyware DoctorpctsAuxs.exe

C:ProgramSpyware DoctorpctsSvc.exe

C:ProgramMozilla Firefoxfirefox.exe

.

**************************************************************************

.

Completion time: 2008-10-26 15:40:41 - machine was rebooted

ComboFix-quarantined-files.txt 2008-10-26 14:40:36

Pre-Run: 3,971,641,344 byte ledigt

Post-Run: 3,969,159,168 byte ledigt

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS

[operating systems]

C:CMDCONSBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

245 --- E O F --- 2008-10-24 02:52:10

Oktober 26, 2008

Hej Adnan22!

Varsegod

Härligt att höra att datorn mår bättre.

Ser att ComboFix har hittat samt åtgärdat en del. Mycket bra.

Skall strax gå igenom resterande av loggan för att se om där finns något mer som behöver åtgärdas

Strax tillbaka

MVH/Malou

Oktober 26, 2008

Gör en ny TM HJT-logga så får jag ta en titt även på hur det ser ut

MVH/Malou

Oktober 26, 2008

Hej Adnan22!

Vi tar en SDFix även på dig

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet.

Läs/Följ instruktionerna mycket noga:

Hämta hem SDFix:

=> SDFix

1: Spara SDFix.exe till skrivbordet

2: Klicka på SDFix.exe

3: SDFixen packas upp här => C:SDFix.

4: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge):

5: Navigera dig fram till => C:SDFix => Klicka på runthis.bat => Välj Y.

6: När scanningen är klar så tryck på valfri tangent för att starta om datorn.

7: När det står finished så tryck på valfri tangent. En logg kommer automatiskt att visas, kopiera in loggan hit till din tråd.

Gör även en ny TM HJT-logga, kopiera in den hit.

MVH/Malou

Adnan22 · Oktober 26, 2008

Aj aj, råkade klicka väck SDfix loggan men jag vet att den inte hittade några trojaner. Här är en HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:12:30 PM, on 10/26/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32Ati2evxx.exe

C:ProgramLavasoftAd-Awareaawservice.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32LEXPPS.EXE

C:ProgramAVGAVG8avgwdsvc.exe

C:ProgramCyberLinkPowerCinemaKernelTVCLCapSvc.exe

C:WINDOWSsystem32CTsvcCDA.exe

C:ProgramCyberLinkShared FilesCLML_NTServiceCLMLServer.exe

C:ProgramCyberLinkShared FilesCLML_NTServiceCLMLService.exe

C:WINDOWSsystem32PnkBstrA.exe

C:ProgramSpyware DoctorpctsAuxs.exe

C:WINDOWSSystem32svchost.exe

C:ProgramAVGAVG8avgrsx.exe

C:ProgramCyberLinkPowerCinemaKernelTVCLSched.exe

C:ProgramCyberLinkPowerCinemaPCMService.exe

C:ProgramJavajre1.6.0_07binjusched.exe

C:ProgramDelade filerRealUpdate_OBrealsched.exe

C:ProgramMicrosoft OfficeOffice12GrooveMonitor.exe

C:ProgramAVGAVG8avgtray.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgramMicrosoft ActiveSyncWCESCOMM.EXE

C:ProgramATI TechnologiesATI.ACECore-StaticMOM.EXE

C:ProgramWindows LiveMessengermsnmsgr.exe

C:ProgramATI TechnologiesATI.ACECore-Staticccc.exe

C:ProgramWindows LiveMessengerusnsvc.exe