Jump to content

virus eller?


Recommended Posts

Hej!

ja allt funkar som det ska :)

jag laddade ner det du skrev

SDFix: Version 1.240

Run by Nubben on 2009-01-24 at 15:56

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\Nubben\Skrivbord\SDFix\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-24 16:07:05

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:a3,c8,28,34,b7,77,19,84,09,4d,34,ef,52,07,68,3f,13,e3,84,16,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program\DAEMON Tools Lite\"

"h0"=dword:00000001

"khjeh"=hex:3d,ab,ed,84,1f,e2,3c,91,5d,0f,04,e3,e5,25,fb,6a,45,b8,33,56,a6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,be,08,a4,00,77,2e,93,af,2a,e5,ea,2e,3e,6e,e0,a2,30,..

"khjeh"=hex:af,df,c5,d1,a3,9f,6b,46,e4,a1,d7,6f,f9,8b,2c,b6,4c,95,79,78,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:70,1c,94,c3,44,b3,cf,3c,f4,65,af,aa,4b,34,95,73,fc,9e,08,27,be,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys]

"start"=dword:00000004

"type"=dword:00000001

"imagepath"=str(2):"\systemroot\system32\drivers\UACuwjqbouq.sys"

"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\modules]

"UACd"="\\?\globalroot\systemroot\system32\drivers\UACuwjqbouq.sys"

"UACc"="\\?\globalroot\systemroot\system32\UACswvcnupr.dll"

"uacsr"="\\?\globalroot\systemroot\system32\UACdetkllmx.dat"

"uaclog"="\\?\globalroot\systemroot\system32\UACtnrnynnk.dll"

"uacmask"="\\?\globalroot\systemroot\system32\UACvjkforlw.dll"

"uacbbr"="\\?\globalroot\systemroot\system32\UACdnaqfmim.dll"

"UACproc"="\\?\globalroot\systemroot\system32\UACehxtfkde.log"

"uacurls"="\\?\globalroot\systemroot\system32\UACsgvjbjex.log"

"uacerrors"="\\?\globalroot\systemroot\system32\UACyjbqxrqa.log"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:a3,c8,28,34,b7,77,19,84,09,4d,34,ef,52,07,68,3f,13,e3,84,16,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program\DAEMON Tools Lite\"

"h0"=dword:00000001

"khjeh"=hex:3d,ab,ed,84,1f,e2,3c,91,5d,0f,04,e3,e5,25,fb,6a,45,b8,33,56,a6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,be,08,a4,00,77,2e,93,af,2a,e5,ea,2e,3e,6e,e0,a2,30,..

"khjeh"=hex:af,df,c5,d1,a3,9f,6b,46,e4,a1,d7,6f,f9,8b,2c,b6,4c,95,79,78,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:70,1c,94,c3,44,b3,cf,3c,f4,65,af,aa,4b,34,95,73,fc,9e,08,27,be,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys]

"start"=dword:00000004

"type"=dword:00000001

"imagepath"=str(2):"\systemroot\system32\drivers\UACuwjqbouq.sys"

"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys\modules]

"UACd"="\\?\globalroot\systemroot\system32\drivers\UACuwjqbouq.sys"

"UACc"="\\?\globalroot\systemroot\system32\UACswvcnupr.dll"

"uacsr"="\\?\globalroot\systemroot\system32\UACdetkllmx.dat"

"uaclog"="\\?\globalroot\systemroot\system32\UACtnrnynnk.dll"

"uacmask"="\\?\globalroot\systemroot\system32\UACvjkforlw.dll"

"uacbbr"="\\?\globalroot\systemroot\system32\UACdnaqfmim.dll"

"UACproc"="\\?\globalroot\systemroot\system32\UACehxtfkde.log"

"uacurls"="\\?\globalroot\systemroot\system32\UACsgvjbjex.log"

"uacerrors"="\\?\globalroot\systemroot\system32\UACyjbqxrqa.log"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:a3,c8,28,34,b7,77,19,84,09,4d,34,ef,52,07,68,3f,13,e3,84,16,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program\DAEMON Tools Lite\"

"h0"=dword:00000001

"khjeh"=hex:3d,ab,ed,84,1f,e2,3c,91,5d,0f,04,e3,e5,25,fb,6a,45,b8,33,56,a6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,be,08,a4,00,77,2e,93,af,2a,e5,ea,2e,3e,6e,e0,a2,30,..

"khjeh"=hex:af,df,c5,d1,a3,9f,6b,46,e4,a1,d7,6f,f9,8b,2c,b6,4c,95,79,78,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:91,6e,16,f1,93,8b,7e,b8,f9,73,24,0f,97,5a,59,52,72,8c,50,5b,f9,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\DC++\\DCPlusPlus.exe"="C:\\Program\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"

"C:\\Program\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP"

"C:\\Program\\Fildelningsprogram\\paranoia.exe"="C:\\Program\\Fildelningsprogram\\paranoia.exe:*:Enabled:paranoia"

"C:\\Program\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"

"C:\\Program\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Program\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Program\\uTorrent\\utorrent.exe"="C:\\Program\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"

"C:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="C:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW"

"D:\\battlefield\\BF1942.exe"="D:\\battlefield\\BF1942.exe:*:Enabled:BF1942"

"D:\\Db\\Db\\Skins\\Anders\\DC++\\DCPlusPlus.exe"="D:\\Db\\Db\\Skins\\Anders\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"

"D:\\Battlefield 1942 Secret Weapons of WWII Demo\\BF1942.exe"="D:\\Battlefield 1942 Secret Weapons of WWII Demo\\BF1942.exe:*:Enabled:BF1942"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Documents and Settings\\Nubben\\Skrivbord\\Panzer General 2-rip\\panzer2\\PANZER2.EXE"="C:\\Documents and Settings\\Nubben\\Skrivbord\\Panzer General 2-rip\\panzer2\\PANZER2.EXE:*:Enabled:PANZER2"

"D:\\Db\\Db\\Skins\\Anders\\Fildelningsprogram\\paranoia.exe"="D:\\Db\\Db\\Skins\\Anders\\Fildelningsprogram\\paranoia.exe:*:Disabled:paranoia"

"C:\\Program\\Azureus\\Azureus.exe"="C:\\Program\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"D:\\andcar\\BF1942.exe"="D:\\andcar\\BF1942.exe:*:Enabled:BF1942"

"D:\\andcar\\call of\\MOHAA.exe"="D:\\andcar\\call of\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"

"C:\\Program\\mswt kart 2004\\MSWorldTour.exe"="C:\\Program\\mswt kart 2004\\MSWorldTour.exe:*:Disabled:MSWorldTour"

"D:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="D:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW"

"C:\\Program\\Warcraft III\\Warcraft III.exe"="C:\\Program\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program\\Java\\jre6\\bin\\java.exe"="C:\\Program\\Java\\jre6\\bin\\java.exe:*:Enabled:Java Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

Files with Hidden Attributes :

Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program\Messenger\msmsgs.exe"

Fri 22 Jul 2005 32,768 A..H. --- "C:\Program Files\AMV Converter\AmvTransform.dll"

Mon 6 Mar 2006 77,824 A..H. --- "C:\Program Files\AMV Converter\AMV_EncDLL.dll"

Tue 27 Dec 2005 40,960 A..H. --- "C:\Program Files\AMV Converter\net.dll"

Wed 8 Mar 2006 106,496 A..H. --- "C:\Program Files\AMV Converter\transdll.dll"

Mon 15 Sep 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 31 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"

Wed 31 Jan 2007 401 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv14.bak"

Tue 28 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"

Thu 23 Jan 2003 1,740 A..HR --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc3\Registry Backup\ccReg.reg"

Thu 23 Jan 2003 242,962 A..HR --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc3\Registry Backup\CommonClient.reg"

Thu 23 Jan 2003 158,818 A..HR --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc3\Registry Backup\IAM.reg"

Wed 14 Aug 2002 65,088 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\3COM 3c556 Packet\3C556.COM"

Wed 14 Aug 2002 12,732 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"

Wed 14 Aug 2002 26,424 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"

Wed 14 Aug 2002 28,062 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"

Wed 14 Aug 2002 10,710 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"

Wed 14 Aug 2002 10,083 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"

Wed 14 Aug 2002 10,257 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"

Wed 14 Aug 2002 29,499 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"

Wed 14 Aug 2002 12,660 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"

Wed 14 Aug 2002 11,031 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"

Wed 14 Aug 2002 17,952 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"

Wed 14 Aug 2002 9,424 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"

Wed 14 Aug 2002 7,825 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"

Wed 14 Aug 2002 13,673 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"

Wed 14 Aug 2002 14,438 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"

Wed 14 Aug 2002 7,825 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"

Wed 14 Aug 2002 7,825 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"

Wed 14 Aug 2002 7,825 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"

Wed 14 Aug 2002 7,243 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"

Wed 14 Aug 2002 24,767 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"

Wed 14 Aug 2002 7,463 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"

Wed 14 Aug 2002 7,825 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"

Wed 14 Aug 2002 10,286 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"

Wed 14 Aug 2002 25,460 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"

Wed 14 Aug 2002 28,866 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"

Wed 14 Aug 2002 14,438 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"

Wed 14 Aug 2002 8,544 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\CATC USB Ethernet\Elndis.sys"

Wed 14 Aug 2002 33,149 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\CATC USB Ethernet\Usbd.sys"

Wed 28 May 2003 51,150 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPI1394.SYS"

Wed 14 Aug 2002 35,340 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPI2DOS.SYS"

Wed 14 Aug 2002 14,378 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPI4DOS.SYS"

Wed 14 Aug 2002 37,984 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPI8DOS.SYS"

Wed 14 Aug 2002 44,828 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPI8U2.SYS"

Wed 14 Aug 2002 29,628 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPICD.SYS"

Wed 28 May 2003 52,106 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPIEHCI.SYS"

Wed 14 Aug 2002 49,242 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPIOHCI.SYS"

Wed 14 Aug 2002 50,606 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPIUHCI.SYS"

Wed 14 Aug 2002 161,792 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\BOOTSRV.SYS"

Wed 14 Aug 2002 174,080 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\bootsrv16.sys"

Wed 14 Aug 2002 21,971 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\BTCDROM.SYS"

Wed 14 Aug 2002 30,955 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\BTDOSM.SYS"

Wed 14 Aug 2002 202,517 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\CMDS.EXE"

Wed 14 Aug 2002 374,038 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\CMDS16.EXE"

Wed 14 Aug 2002 22,158 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\COUNTRY.SYS"

Wed 14 Aug 2002 1,608 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\DEVICE.COM"

Wed 14 Aug 2002 15,345 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\DISPLAY.SYS"

Wed 14 Aug 2002 7,840 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\DLSHELP.SYS"

Wed 14 Aug 2002 56,821 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\E.EXE"

Wed 14 Aug 2002 64,425 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\FLASHPT.SYS"

Wed 14 Aug 2002 32,396 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\GUEST.EXE"

Wed 14 Aug 2002 14,160 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\HIMEM.SYS"

Wed 14 Aug 2002 10,898 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\KEYB.COM"

Wed 14 Aug 2002 53,556 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\KEYBOARD.SYS"

Wed 14 Aug 2002 15,777 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\MODE.COM"

Wed 14 Aug 2002 37,681 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\MOUSE.COM"

Wed 14 Aug 2002 354,304 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\msbootsrv16.sys"

Wed 14 Aug 2002 21,180 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\MSCDEX.EXE"

Wed 14 Aug 2002 354,263 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\Net.exe"

Wed 14 Aug 2002 8,513 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\NETBIND.COM"

Wed 14 Aug 2002 41,302 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\OAKCDROM.SYS"

Wed 14 Aug 2002 129,240 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\OHCI.EXE"

Wed 14 Aug 2002 28,439 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\Paralink.com"

Wed 14 Aug 2002 13,770 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\PROTMAN.EXE"

Wed 14 Aug 2002 130,980 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\UHCI.EXE"

Wed 14 Aug 2002 11,854 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"

Wed 14 Aug 2002 52,715 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"

Wed 14 Aug 2002 62,391 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"

Wed 14 Aug 2002 11,491 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"

Wed 14 Aug 2002 17,791 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DLink DT620 Packet\Dt620pd.com"

Wed 14 Aug 2002 17,043 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DLink DE400 Packet\De400pd.com"

Wed 14 Aug 2002 11,786 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"

Wed 14 Aug 2002 18,300 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"

Wed 14 Aug 2002 48,224 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"

Wed 14 Aug 2002 13,360 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"

Wed 14 Aug 2002 9,190 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"

Wed 14 Aug 2002 12,567 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Melco LPC2-T\Lpchkat2.com"

Wed 14 Aug 2002 44,640 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"

Wed 14 Aug 2002 56,896 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"

Wed 14 Aug 2002 44,640 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"

Wed 14 Aug 2002 9,692 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\PXE Packet Driver\Undipd.com"

Wed 14 Aug 2002 9,537 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\SN 2000p Packet\PNPPD.COM"

Wed 14 Aug 2002 32,484 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\WaveLAN Packet\Wvlan42.com"

Wed 14 Aug 2002 52,225 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"

Wed 14 Aug 2002 48,491 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"

Wed 14 Aug 2002 50,405 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"

Wed 14 Aug 2002 33,860 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"

Wed 14 Aug 2002 50,175 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"

Wed 14 Aug 2002 50,795 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"

Wed 14 Aug 2002 48,223 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"

Wed 14 Aug 2002 48,641 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"

Wed 14 Aug 2002 49,015 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"

Wed 14 Aug 2002 53,786 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\pcdos\command.com"

Wed 14 Aug 2002 44,240 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\pcdos\IBMBIO.COM"

Wed 14 Aug 2002 42,550 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\pcdos\IBMDOS.COM"

Finished!

_________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:18:09, on 2009-01-24

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\anders scan\Anders HijackThis\This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.lunarstorm.se

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--

End of file - 8625 bytes

Link to comment
Share on other sites

  • Replies 97
  • Created
  • Last Reply

Top Posters In This Topic

Hej Andcar!

ja allt funkar som det ska smile.gif

Underbart!

Hmmm är inte riktigt nöjd med loggan från SDFix och det jag ser där. Så vi gör en körning med ComboFix också.

ComboFix för Windows XP och Windows Vista:

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ Instruktionerna mycket noga

ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort.

Säg då till i stället för att köra ComboFix.

Hämta hem ComboFix från nedanstående länk

=> ComboFix.exe

# Spara ComboFix till skrivbordet "Mycket viktigt"

Du bör installera Microsoft Windows Recovery Console eftersom det gör det möjligt att starta datorn i ett särskild återställningsläge vilket kan vara bra om något händer med datorn under de kommande procedurerna.

Notera: Om Microsoft Windows Recovery Console redan finns installerat på datorn, kommer ComboFix att gå vidare med scanningen:

Windows Vista-Användare:

Windows Vista-användare kan använda sin Windows DVD för att starta upp i Vista återställningsmiljön.

=> Vista återställningsmiljön "Engelsk Text"

Windows XP-Användare:

Installera Microsoft Windows Recovery Console:

# Surfa till http://support.microsoft.com/kb/310994

# Se till att språket på sidan matchar språket i Windows (språk väljs i högerkolumnen) om du inte har XP Media Center Edition för då ska du ha engelska.

# Scrolla ner till rubriken Hämta programfilen för installationsdisketterna

# Välj rätt nedladdning utifrån vilken Service Pack du har installerat till XP. Om du har SP3 så välj SP2.

# Om du har XP Media Center Edition så välj XP Professional.

# Spara den nedladdade filen på Skrivbordet.

t_fOLxgetdU.gif

# Ta tag i filen du sparade ner till skrivbordet => Dra filen med musen över Skrivbordet och släpp den på ComboFix-ikonen. ComboFix kommer nu att installera Återställningskonsolen.

OBS: Denna procedur kan ta lång tid så det gäller att du har tålamod under installationen av Återställningskonsolen. Du bör även godkänna/tillåta allt via skyddsprogrammen (antivirus/brandväggen etc..) för ett lyckat resultat.

t_aVnVmdzdi.gif

# När det är klart så kommer ComboFix att fråga om du vill fortsätta med att scanna, där väljer du No/Nej.

Gå nu vidare med ComboFix-Scanningen:

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg.

1: Dubbelklicka på ComboFix för att starta den

2: Följ anvisningarna som visas på skärmen.

3: När den är färdig så skall en text-logg komma upp, kopiera och klistra in den hit till din tråd

Kan även hittas här => (C:\ComboFix.txt)

4: Gör en ny TM HJT-logg, kopiera även in den.

VIKTIGT! Klicka INTE på Combofix-fönstret med musen när ComboFix körs annars kan scanningen hänga upp sig.

OBS:

Kontrollera att antivirusprogram/antispionprogram mm är återaktiverade innan du ansluter till Internet.

OBSERVERA:

Verktyget/Programmet kan ge problem med uppkopplingen (tex trådlös).

Om problem uppstår prova då nedanstående.

Gå till => Kontrollpanelen => Nätverksanslutningar => högerklicka på din Internetanslutning => välj Reparera

Och/Eller

Starta om datorn.

Lycka till

MVH/Malou

Link to comment
Share on other sites

Hej!

verkar som det alltid hittas mer o mer fel :/

jag vågar inte köra det. kommer upp varningar beroende på at jag inte vet hur man stänger av avg. Hittade ingenstans hur man gör det.

stängde ner det men varningarna kommer ändå :/ så jag vågar inte fortsätta

Link to comment
Share on other sites

Hej Andcar!

verkar som det alltid hittas mer o mer fel :/

Nejdå så är det inte ;) Det är de tidigare (samma) otyg och alla verktyg klarar inte av att åtgärda. Därför så tar vi till ComboFix som brukar klara av de flesta otygen.

jag vågar inte köra det. kommer upp varningar beroende på at jag inte vet hur man stänger av avg. Hittade ingenstans hur man gör det

Antivirusprogram/brandväggar varnar alltid för de olika verktygen som vi tillhandahåller och det är helt normatl och så skall de göra också ;) Därav anledingen till att man avaktiverar/stänger av skyddsprogrammen för att slippa detta samt för att ComboFix skall kunna få scanna/hitta/åtgärda i lugn och ro.

Men du har ju kört ComboFix tidigare eller minns jag fel?

Nu använder jag inte AVG Antivirus själv. Men prova med att högerklicka på dess icon i trayern (vid systemklockan) och välj avaktivera eller liknande.

MVH/Malou

Link to comment
Share on other sites

stängde ner det men varningarna kommer ändå :/ så jag vågar inte fortsätta

Du har gjort de tidigare instruktionerna och är nu på den punkten då du skall scanna med ComboFix?

MVH/Malou

Link to comment
Share on other sites

ComboFix 09-01-21.04 - Nubben 2009-01-24 17:09:44.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.511.121 [GMT 1:00]

Körs från: c:\documents and settings\Nubben\Skrivbord\ComboFix.exe

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

FW: Sygate Personal Firewall Pro *enabled*

* Skapade en ny återställningspunkt

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Nubben\Favoriter\Videos.url

c:\program files\AMV Converter\_desktop.ini

c:\program files\AMV Converter\skin\_desktop.ini

c:\program files\AMV Converter\skin\xpstyle\_desktop.ini

c:\windows\msettings.ini

c:\windows\system32\Drivers\UACuwjqbouq.sys

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\UACdetkllmx.dat

c:\windows\system32\UACswvcnupr.dll

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

(((((((((((((((((((((((( Filer Skapade från 2008-12-24 till 2009-01-24 ))))))))))))))))))))))))))))))

.

2009-01-24 15:54 . 2009-01-24 15:54 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll

2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\documents and settings\Nubben\Application Data\Malwarebytes

2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-01-24 14:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-24 14:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-23 15:00 . 2009-01-23 15:00 <KAT> d-------- c:\program\Delade filer\SYMANT~1

2009-01-20 21:52 . 2009-01-20 21:52 <KAT> d-------- c:\windows\ERUNT

2009-01-20 21:10 . 2009-01-20 21:10 <KAT> d-------- c:\program\SDFix

2009-01-20 18:19 . 2009-01-22 10:15 <KAT> d--hs---- c:\windows\system32\twain32

2009-01-20 18:18 . 2009-01-20 18:19 94,208 --a------ c:\windows\system32\iestat.exe

2009-01-20 16:46 . 2009-01-20 16:46 <KAT> d-------- c:\program\CCleaner

2009-01-19 23:26 . 2009-01-19 23:30 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft

2009-01-19 23:05 . 2009-01-21 14:11 <KAT> d-------- c:\program\SUPERAntiSpyware

2009-01-19 22:35 . 2009-01-19 22:35 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-19 22:35 . 2009-01-19 22:35 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-19 20:19 . 2009-01-23 15:00 <KAT> d-------- c:\program\Norton Security Scan

2009-01-19 19:29 . 2009-01-19 19:31 <KAT> d-------- c:\documents and settings\Nubben\.SunDownloadManager

2009-01-13 09:58 . 2009-01-18 15:53 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NOS

2009-01-03 17:03 . 2009-01-03 17:03 <KAT> d-------- c:\windows\system32\sv

2009-01-03 17:03 . 2009-01-03 17:03 <KAT> d-------- c:\windows\l2schemas

2009-01-03 13:52 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

2008-12-29 10:38 . 2009-01-22 10:51 7,680 --ahs---- c:\windows\Thumbs.db

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-24 10:07 --------- d-----w c:\documents and settings\Nubben\Application Data\AVG7

2009-01-22 10:40 --------- d--h--w c:\program\InstallShield Installation Information

2009-01-22 09:51 --------- d-----w c:\program\Windows Media Connect 2

2009-01-22 09:51 --------- d-----w c:\program\DivX

2009-01-22 09:51 --------- d-----w c:\program\Avanquest update

2009-01-22 09:15 --------- d-----w c:\program\Unlocker

2009-01-21 13:11 --------- d-----w c:\program\Delade filer\Wise Installation Wizard

2009-01-21 10:18 --------- d-----w c:\program\Java

2009-01-20 19:06 --------- d-----w c:\program\anders scan

2009-01-20 16:12 --------- d-----w c:\program\Winamp

2009-01-20 15:52 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2009-01-19 22:26 --------- d-----w c:\program\Lavasoft

2009-01-19 10:42 --------- d-----w c:\program\Windows Live Safety Center

2009-01-13 09:15 --------- d-----w c:\program\Delade filer\Adobe

2009-01-09 18:12 --------- d-----w c:\program\EA GAMES

2009-01-03 16:21 --------- d-----w c:\program\MSN Messenger

2008-12-03 21:31 --------- d-----w c:\documents and settings\Nubben\Application Data\uTorrent

2008-10-21 19:37 21,528 ----a-w c:\documents and settings\Nubben\Application Data\GDIPFONTCACHEV1.DAT

2007-09-25 15:49 32 ----a-r c:\documents and settings\All Users\hash.dat

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 15,360 2004-08-04 00:34:16 c:\windows\system32\bak\ctfmon.exe

----a-w 15,360 2008-04-14 16:05:02 c:\windows\system32\ctfmon.exe

----a-w 411,648 2007-03-01 08:27:54 d:\avg free\bak\avgcc.exe

----a-w 416,256 2007-04-28 11:23:53 d:\avg free\avgcc.exe

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"msnmsgr"="c:\program\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"Sony Ericsson PC Suite"="c:\program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="c:\program\Grisoft\AVGFRE~1\avgcc.exe" [2008-11-04 590848]

"SmcService"="c:\program\Sygate\SPF\smc.exe" [2005-09-27 2635472]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2006-09-01 282624]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]

"Sony Ericsson PC Suite"="c:\program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-01-19 136600]

"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"AVG7_Run"="c:\program\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136]

"DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users.WINDOWS\Start-meny\Program\Autostart\

Personal.lnk - c:\program\Personal\bin\Personal.exe [2007-01-01 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.vp31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Program^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start-meny\Program\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:55 5674352 c:\program\MSN Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Grisoft\\AVG Free\\avginet.exe"=

"c:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe"=

"c:\\Program\\Grisoft\\AVG Free\\avgcc.exe"=

"c:\\Program\\uTorrent\\utorrent.exe"=

"d:\\Db\\Db\\Skins\\Anders\\DC++\\DCPlusPlus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program\\MSN Messenger\\livecall.exe"=

"c:\\Program\\Java\\jre6\\bin\\java.exe"=

R4 WinDefend;Windows Defender;c:\program\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [2008-10-04 83880]

S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [2008-10-04 15016]

S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [2008-10-04 110504]

S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [2008-10-04 104488]

S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [2008-10-04 100648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{030EE0AC-0F33-50E9-0307-070300010406}]

c:\windows\System32\xp-clean.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

2009-01-24 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-01-23 c:\windows\Tasks\Norton Security Scan for Nubben.job

- c:\program\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.aftonbladet.se/

Trusted Zone: adobe.com\www

Trusted Zone: bilddagboken.se

Trusted Zone: google.se\www

Trusted Zone: ignames.net\en10.ds

Trusted Zone: internetkassan.nu\www

Trusted Zone: kingsofchaos.com\www

Trusted Zone: lunarstorm.se\www

Trusted Zone: spela.se\www

Trusted Zone: svenskfotboll.se\www

Trusted Zone: tradera.com\www

Trusted Zone: tribalwars.net\www

Trusted Zone: vildawebben.se\www

Trusted Zone: www.dn.se

TCP: {F725B5B2-C8C6-4299-9A49-AC36782EA4BD} = 208.67.220.220 208.67.222.222

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.extrafilm.se/ImageUploader5.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-24 17:23:03

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø|ÿÿÿÿ|ù6~*]

"D140510900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Lavasoft\Ad-Aware\aawservice.exe

c:\program\Grisoft\AVGFRE~1\avgamsvr.exe

c:\program\Grisoft\AVGFRE~1\avgupsvc.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

c:\program\Delade filer\Teleca Shared\Generic.exe

c:\program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

.

**************************************************************************

.

Sluttid: 2009-01-24 17:29:53 - datorn startades om. [Nubben]

ComboFix-quarantined-files.txt 2009-01-24 16:29:42

Före genomsökningen: 5 198 413 824 byte ledigt

Efter genomsökningen: 5,271,498,752 byte ledigt

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

207

Link to comment
Share on other sites

Hej igen andcar!

Det här gick ju bra eller hur ;)

ComboFix har hittat samt åtgärdat en del. Mycket bra.

Skall gå igenom resterande av Combologgan för att se om där finns fler otygsfiler som behöver åtgärdas. Detta tar en liten stund men återkommer så snart jag är klar.

Hur mår datorn nu?

Kvarstår där några problem?

MVH/Malou

Link to comment
Share on other sites

Hej Andcar!

Gör en scanning med nedanstående scanner så får vi se vad den säger för något.

Gå till nedanstående sida:

http://www.virustotal.com/

t_LgwChUDoT.gif

1: Kopiera/Klistra in följande filnamn i text-fältet bredvid Bläddra-knappen

(ELLER använd Bläddra-knappen och navigera dig fram enligt nedanstående sökväg/sökvägar)

c:\windows\system32\iestat.exe

t_SyNnkiqad.gif

2: Klicka på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd).

3: Klistra in resultatet från de olika antivirusprogrammen (inkl. filstorlek) här till din tråd (dock ej Övrig information)

Vidare:

Visa dolda filer och mappar Windows XP:

Windows XP-Användare:

1: Högerklicka på Start-knappen

2: Välj Utforska

3: I verktygsfältet klicka på => Verktyg => Mappalternativ

4: Välj fliken => Visning sätt en bock i => Visa dolda filer och mappar

5: Avbocka Dölj filnamnstillägg för kända filtyper

6: Avbocka Dölj skyddade operativsystemfiler

Gör en kontroll av nedanstående via utforskaren. Kontrollera om det är en mapp eller en fil.

Högerklicka och välj egenskaper.

c:\windows\system32\twain32

Om det är en fil kontrollera vilket program den tillhör samt tillverkarens namn samt vad filändelsen heter.

Om det är en mapp kontrollera vad som finns i mappen återkom och berätta.

MVH/Malou

Link to comment
Share on other sites

Hej :)

det låg i en mapp i windows och i mappen fin det en DS fil som heter wiatwain.ds.

Jag högerklickade o följande finns...

version © Microsoft Corporation. All rights reserved. Beskrivning WIATWAIN

Antivirus Version Senaste Uppdatering Resultat

a-squared 4.0.0.73 2009.01.24 -

AhnLab-V3 5.0.0.2 2009.01.24 -

AntiVir 7.9.0.60 2009.01.23 -

Authentium 5.1.0.4 2009.01.24 -

Avast 4.8.1281.0 2009.01.23 Win32:Ups

AVG 8.0.0.229 2009.01.23 -

BitDefender 7.2 2009.01.24 Trojan.FakeAntivirus.Gen

CAT-QuickHeal 10.00 2009.01.24 -

ClamAV 0.94.1 2009.01.24 -

Comodo 944 2009.01.24 -

DrWeb 4.44.0.09170 2009.01.24 -

eSafe 7.0.17.0 2009.01.22 -

eTrust-Vet 31.6.6325 2009.01.24 -

F-Prot 4.4.4.56 2009.01.23 -

F-Secure 8.0.14470.0 2009.01.24 -

Fortinet 3.117.0.0 2009.01.24 -

GData 19 2009.01.24 Trojan.FakeAntivirus.Gen

Ikarus T3.1.1.45.0 2009.01.24 -

K7AntiVirus 7.10.604 2009.01.24 -

Kaspersky 7.0.0.125 2009.01.24 -

McAfee 5505 2009.01.24 -

McAfee+Artemis 5504 2009.01.23 -

Microsoft 1.4205 2009.01.24 Trojan:Win32/Zbot.BX

NOD32 3796 2009.01.24 a variant of Win32/Kryptik.FL

Norman 5.93.01 2009.01.23 -

nProtect 2009.1.8.0 2009.01.23 -

Panda 9.5.1.2 2009.01.24 -

PCTools 4.4.2.0 2009.01.24 -

Prevx1 V2 2009.01.24 -

Rising 21.13.42.00 2009.01.23 -

SecureWeb-Gateway 6.7.6 2009.01.24 -

Sophos 4.37.0 2009.01.24 -

Sunbelt 3.2.1835.2 2009.01.16 VIPRE.Suspicious

Symantec 10 2009.01.24 -

TheHacker 6.3.1.5.227 2009.01.24 -

TrendMicro 8.700.0.1004 2009.01.24 -

VBA32 3.12.8.11 2009.01.23 -

ViRobot 2009.1.23.1576 2009.01.23 -

VirusBuster 4.5.11.0 2009.01.24 -

Link to comment
Share on other sites

Hej Andcar!

c:\windows\system32\twain32

det låg i en mapp i windows och i mappen fin det en DS fil som heter wiatwain.ds.

Jag högerklickade o följande finns...

version © Microsoft Corporation. All rights reserved. Beskrivning WIATWAIN

Jättebra då är den ok ;)

Den andra däremot som du scannade via Virustotal ser inte bra ut och den skall vi åtgärda. Efter detta så skall allt förhoppningsvis vara ok igen.

Bortsett från att vi skall städa upp efter oss samt städa rent i restore-mappen osv.... Men det är en lite senare fråga.

Först åtgärdar vi och kontrollerar så att allt är rent och snyggt.

Skriv ut nedanstående eller kopiera det til ett textdokument och spara det till skrivbordet:

Läs/Följ instruktionerna mycket noga:

1: Gå till Start => Kör => kopiera/klistra in notepad i körfältet => klicka Ok-knappen

2: Kopiera/Klistra in nedanstående rader inkluderat File:: i notepad

File::

c:\windows\system32\iestat.exe

3: Spara den som en textfil med namnet => CFScript.txt <= Spara den till Skrivbordet.

4: Stäng/Avaktivera Antivirusprogram/Antimalwareprogram så de inte stör den kommande proceduren

5: Ta tag i textfilen => CFScript.txt <= som du sparade till skrivbordet med musen och dra den till ComboFix.

Se skärmdumpen:

cfscriptb4xs7.gif

6: ComboFix kommer att starta och börja scanna igen. Då ComboFix scannat klart kommer datorn att starta om (om inte) så starta om den manuellt.

7: Då datorn startat om så skall en text-logg komma upp, kopiera och klistra in den här

Kan även hittas här => (C:\ComboFix.txt)

8: Gör en ny TM HJT-logg, kopiera även in den.

9: Berätta/Tala om hur datorn mår.

VIKTIGT! Klicka INTE på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

MVH/Malou

Link to comment
Share on other sites

Hej Malou!

ComboFix 09-01-21.04 - Nubben 2009-01-24 18:55:24.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.511.136 [GMT 1:00]

Körs från: c:\documents and settings\Nubben\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Nubben\Skrivbord\CFScript.txt

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

FW: Sygate Personal Firewall Pro *enabled*

* Skapade en ny återställningspunkt

FILE ::

c:\windows\system32\iestat.exe

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\iestat.exe

.

(((((((((((((((((((((((( Filer Skapade från 2008-12-24 till 2009-01-24 ))))))))))))))))))))))))))))))

.

2009-01-24 15:54 . 2009-01-24 15:54 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll

2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\documents and settings\Nubben\Application Data\Malwarebytes

2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-01-24 14:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-24 14:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-23 15:00 . 2009-01-23 15:00 <KAT> d-------- c:\program\Delade filer\SYMANT~1

2009-01-20 21:52 . 2009-01-20 21:52 <KAT> d-------- c:\windows\ERUNT

2009-01-20 21:10 . 2009-01-20 21:10 <KAT> d-------- c:\program\SDFix

2009-01-20 18:19 . 2009-01-22 10:15 <KAT> d--hs---- c:\windows\system32\twain32

2009-01-20 16:46 . 2009-01-20 16:46 <KAT> d-------- c:\program\CCleaner

2009-01-19 23:26 . 2009-01-19 23:30 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft

2009-01-19 23:05 . 2009-01-21 14:11 <KAT> d-------- c:\program\SUPERAntiSpyware

2009-01-19 22:35 . 2009-01-19 22:35 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-19 22:35 . 2009-01-19 22:35 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-19 20:19 . 2009-01-23 15:00 <KAT> d-------- c:\program\Norton Security Scan

2009-01-19 19:29 . 2009-01-19 19:31 <KAT> d-------- c:\documents and settings\Nubben\.SunDownloadManager

2009-01-13 09:58 . 2009-01-18 15:53 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NOS

2009-01-03 17:03 . 2009-01-03 17:03 <KAT> d-------- c:\windows\system32\sv

2009-01-03 17:03 . 2009-01-03 17:03 <KAT> d-------- c:\windows\l2schemas

2009-01-03 13:52 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

2008-12-29 10:38 . 2009-01-22 10:51 7,680 --ahs---- c:\windows\Thumbs.db

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-24 10:07 --------- d-----w c:\documents and settings\Nubben\Application Data\AVG7

2009-01-22 10:40 --------- d--h--w c:\program\InstallShield Installation Information

2009-01-22 09:51 --------- d-----w c:\program\Windows Media Connect 2

2009-01-22 09:51 --------- d-----w c:\program\DivX

2009-01-22 09:51 --------- d-----w c:\program\Avanquest update

2009-01-22 09:15 --------- d-----w c:\program\Unlocker

2009-01-21 13:11 --------- d-----w c:\program\Delade filer\Wise Installation Wizard

2009-01-21 10:18 --------- d-----w c:\program\Java

2009-01-20 19:06 --------- d-----w c:\program\anders scan

2009-01-20 16:12 --------- d-----w c:\program\Winamp

2009-01-20 15:52 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2009-01-19 22:26 --------- d-----w c:\program\Lavasoft

2009-01-19 10:42 --------- d-----w c:\program\Windows Live Safety Center

2009-01-13 09:15 --------- d-----w c:\program\Delade filer\Adobe

2009-01-09 18:12 --------- d-----w c:\program\EA GAMES

2009-01-03 16:21 --------- d-----w c:\program\MSN Messenger

2008-12-03 21:31 --------- d-----w c:\documents and settings\Nubben\Application Data\uTorrent

2008-10-21 19:37 21,528 ----a-w c:\documents and settings\Nubben\Application Data\GDIPFONTCACHEV1.DAT

2007-09-25 15:49 32 ----a-r c:\documents and settings\All Users\hash.dat

.

((((((((((((((((((((((((((((( snapshot@2009-01-24_17.25.34.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-24 18:03:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_124.dat

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 15,360 2004-08-04 00:34:16 c:\windows\system32\bak\ctfmon.exe

----a-w 15,360 2008-04-14 16:05:02 c:\windows\system32\ctfmon.exe

----a-w 411,648 2007-03-01 08:27:54 d:\avg free\bak\avgcc.exe

----a-w 416,256 2007-04-28 11:23:53 d:\avg free\avgcc.exe

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"msnmsgr"="c:\program\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"Sony Ericsson PC Suite"="c:\program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="c:\program\Grisoft\AVGFRE~1\avgcc.exe" [2008-11-04 590848]

"SmcService"="c:\program\Sygate\SPF\smc.exe" [2005-09-27 2635472]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2006-09-01 282624]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]

"Sony Ericsson PC Suite"="c:\program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-01-19 136600]

"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"AVG7_Run"="c:\program\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136]

"DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users.WINDOWS\Start-meny\Program\Autostart\

Personal.lnk - c:\program\Personal\bin\Personal.exe [2007-01-01 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.vp31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Program^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start-meny\Program\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:55 5674352 c:\program\MSN Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Grisoft\\AVG Free\\avginet.exe"=

"c:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe"=

"c:\\Program\\Grisoft\\AVG Free\\avgcc.exe"=

"c:\\Program\\uTorrent\\utorrent.exe"=

"d:\\Db\\Db\\Skins\\Anders\\DC++\\DCPlusPlus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program\\MSN Messenger\\livecall.exe"=

"c:\\Program\\Java\\jre6\\bin\\java.exe"=

R4 WinDefend;Windows Defender;c:\program\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [2008-10-04 83880]

S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [2008-10-04 15016]

S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [2008-10-04 110504]

S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [2008-10-04 104488]

S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [2008-10-04 100648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{030EE0AC-0F33-50E9-0307-070300010406}]

c:\windows\System32\xp-clean.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

2009-01-24 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-01-23 c:\windows\Tasks\Norton Security Scan for Nubben.job

- c:\program\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.aftonbladet.se/

Trusted Zone: adobe.com\www

Trusted Zone: bilddagboken.se

Trusted Zone: google.se\www

Trusted Zone: ignames.net\en10.ds

Trusted Zone: internetkassan.nu\www

Trusted Zone: kingsofchaos.com\www

Trusted Zone: lunarstorm.se\www

Trusted Zone: spela.se\www

Trusted Zone: svenskfotboll.se\www

Trusted Zone: tradera.com\www

Trusted Zone: tribalwars.net\www

Trusted Zone: vildawebben.se\www

Trusted Zone: www.dn.se

TCP: {F725B5B2-C8C6-4299-9A49-AC36782EA4BD} = 208.67.220.220 208.67.222.222

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.extrafilm.se/ImageUploader5.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-24 19:03:47

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø|ÿÿÿÿ|ù6~*]

"D140510900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Lavasoft\Ad-Aware\aawservice.exe

c:\program\Grisoft\AVGFRE~1\avgamsvr.exe

c:\program\Grisoft\AVGFRE~1\avgupsvc.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

c:\program\Delade filer\Teleca Shared\Generic.exe

c:\program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

.

**************************************************************************

.

Sluttid: 2009-01-24 19:13:11 - datorn startades om.

ComboFix-quarantined-files.txt 2009-01-24 18:13:01

ComboFix2.txt 2009-01-24 16:29:58

Före genomsökningen: 5 494 026 240 byte ledigt

Efter genomsökningen: 5,877,202,944 byte ledigt

195

_______________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:16:26, on 2009-01-24

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\explorer.exe

C:\Program\internet explorer\iexplore.exe

C:\Program\anders scan\Anders HijackThis\This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.lunarstorm.se

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--

End of file - 8243 bytes

Link to comment
Share on other sites

Hej Andcar!

ComboFix har gjort sitt jobb så som vi ville. Loggan ser ren och fin ut igen. TM HJT-logga ser ren och fin ut även den. Mycket bra. Du har gjort ett mycket bra jobb ;)

Dock är jag lite undrande öven en detalj.

Vem har du som Internet leverantör?

Har du någon router inkopplad eller liknande?

Hur mår datorn nu?

MVH/Malou

Link to comment
Share on other sites

Hej Andcar!

Härligt att höra att datorn fungerar bra.

Tack för dina vänliga ord (värmer gott att få höra). Men det är du som suttit och gjort jobbet ;)

ja en router,vi är två som delar. men den andra datorn funkar som den ska o används nästan aldrig.

http://www.mediateknik.com är den leverantör jag alltid haft

Då är allt som det skall vara.

Då sätter vi igång och städar upp efter oss samt rensar rent i restoremappen. Utför procedurerna i den ordning de är skrivna.

Nedanstående verktyg har förmågan att kunna ta bort/deleta filer/mappar/genvägar från de fix-program som vi har använt oss av (Dock ej TM HJT).

Skriv ut eller kopiera nedanstående till ett textdokument och spara det till skrivbordet:

Läs/Följ Instruktionerna noga:

Hämta hem avinstallationsprogrammet OTCleanIt:

http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

1: Spara ner den till skrivbordet

2: Starta programmet/verktyget genom att dubbelklicka på OTCleanIt.exe

(För Vista => Högerklicka på verktyget och välj => Kör som Admin)

3: Klicka på CleanUp! knappen.

4: Om du får varningar från dina skyddsprogram så ge OTCleanIt tillåtelse att få tillgång till Internet.

5: De olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn.

********************************************************************************

SLUTORD:

För att inte riskera att återtälla datorn till någon/några tidigare tidpunkter då eventuella otrevligheter förekom (detta då med tanke på att där finns/fanns otyg i din restore-mapp) så läs gärna igenom nedanstående information samt instruktion för hur man går tillväga med att rensa rent i restore-mappen m.m.

OBS: Välj instruktionen för det Operativsystem just du använder:

=> Systemåterställning: (Så här Inaktiverar/Aktiverar du):

Och här kommer mina sedvanliga rekommendationer:

Hämta hem/installera ALLA SÄKERHETSUPPDATERINGAR/PATCHAR M.M.

Hämta hem/installera SP1/SP3 för det Operativsystem som används

(Windows XP/Windows Vista).

Finns att hämta hem från Windows Update/Microsoft Update.

Allt hittas på nedanstående sida under fliken Lite Tips & Råd för en säkrare dator:

Läs gärna även informationen under fliken Hur blev jag infekterad?

=>Dator&IT-Säkerhet:

Då du gjort ovanstående

Gör en ny TM HJT-logga kopiera in den hit så vi får se att allt är fortsatt rent och fint. Detta för att säkerställa så inget gått fel under ovanstående procedur (EX: Att inget otyg blivit återställt av misstag).

MVH/Malou

Link to comment
Share on other sites

Hej Malou!

Du har gjort et bra jobb också!

Hade ju aldrig klarat det utan dig!

Dator&IT-Säkerhet: har jag lagt som favorit =)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:01:20, on 2009-01-25

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\internet explorer\iexplore.exe

C:\Program\anders scan\Anders HijackThis\This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.lunarstorm.se

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--

End of file - 8243 bytes

Link to comment
Share on other sites

Hej Andcar!

Tack för dina vänliga ord ;)

Din TM HJT-logga ser fortsatt ren och fin ut. Mycket bra.

Hur mår din dator nu?

Kvarstår där några problem?

Gick allting bra med de sista procedurerna (utan problem)?

MVH/Malou

Link to comment
Share on other sites

Hej Malou!

Så lite så! det jobb du har lagt ner är värt mycket för mig :)

Den mår bara bra. Uppdateringarna fungerade.

Allt utan problem

Dagens ----[--[-@ till dig

Anders

Jadu Anders, nu har Malou lärt dej en hel del, spara walk-trough-guiden från malou i denna tråd.

Vet du vad du gör nu i sista steget? Lägger om hela datorn från början med nya drivers. ;)

kentan.

Link to comment
Share on other sites

Ger malou en ros också.

Det är imponerande att se hur du formulerar dina how-to-guider, det går inte att missa,

väl avvägda även för folk som har noll-koll. Få som klarar vara så pedagogiska

Så nu i efterhand/efterklok borde jag begripit att malou är en tjej - annat mot oss slarviga/kortfattade killar.

kent

Link to comment
Share on other sites

Hej Andcar!

Varsegod och tack själv för att vi fick hjälpa och tack för Dagens Ros ;)

Underbart härligt att höra att datorn mår bra igen och att allt fungerar som det sig bör igen med allt vad det innebär.

Ha det nu så bra och var rädd om datorn ;)

Edit:

Även tack till Kentan för de vänliga orden.

MVH/Malou

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.

×
×
  • Create New...