Just nu i M3-nätverket
Jump to content

Trojan Vundo


wcanka

Recommended Posts

Hej

 

Har fått en störig trojan på datorn. Både norton och nod32 misslyckades med att få bort det. Försöker därför istället förlita mig på eforum. Finns det något misstänkt i min hijackthislog? Hur ska jag få bort eländet?

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 23:35:28, on 2007-06-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program\CyberLink\PowerCinema\PCMService.exe

C:\Program\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Miranda IM\miranda32.exe

c:\windows\system\hpsysdrv.exe

C:\Program\Java\jre1.5.0_05\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=SE&language=sv&PURCH_DT_MONTH=05&PURCH_DT_DAY=18&PURCH_DT_YEAR=2006&PROD_SERIAL_ID=CZB6180660&application=305&modelID=EW055AA&LF=blue

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {A1F5BF91-2BAE-400E-B5CC-C96427AB099E} - C:\WINDOWS\system32\rqrooop.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Miranda IM.lnk = C:\Program\Miranda IM\miranda32.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: rqrooop - C:\WINDOWS\SYSTEM32\rqrooop.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[/log]

 

 

- Ju mer man vet, desto mer vet man att man inte vet

wcanka

 

Link to comment
Share on other sites

Hej

 

Ska kolla det där med java.

 

Här är en log från combofix:

 

[log]

"HP_Žgaren" - 2007-06-02 23:59:00 Service Pack 2

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\HP_Žgaren\"

 

 

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\ddccd.dll

C:\WINDOWS\system32\bdeeg.bak1

C:\WINDOWS\system32\bdeeg.bak2

C:\WINDOWS\system32\bdeeg.ini

C:\WINDOWS\system32\ccbeg.bak1

C:\WINDOWS\system32\ccbeg.ini

C:\WINDOWS\system32\dcbeg.bak1

C:\WINDOWS\system32\dcbeg.ini

C:\WINDOWS\system32\ggjlm.bak1

C:\WINDOWS\system32\ggjlm.bak2

C:\WINDOWS\system32\ggjlm.ini

C:\WINDOWS\system32\ilkkj.bak1

C:\WINDOWS\system32\ilkkj.bak2

C:\WINDOWS\system32\ilkkj.ini

C:\WINDOWS\system32\ilkkj.ini2

C:\WINDOWS\system32\ilkkj.tmp

C:\WINDOWS\system32\kmllm.bak1

C:\WINDOWS\system32\kmllm.ini

C:\WINDOWS\system32\knnmp.bak1

C:\WINDOWS\system32\knnmp.ini2

C:\WINDOWS\system32\knnmp.tmp

C:\WINDOWS\system32\llkkj.bak1

C:\WINDOWS\system32\llkkj.bak2

C:\WINDOWS\system32\llkkj.ini

C:\WINDOWS\system32\llkkj.ini2

C:\WINDOWS\system32\llkkj.tmp

C:\WINDOWS\system32\mnnmp.bak1

C:\WINDOWS\system32\mnnmp.ini

C:\WINDOWS\system32\opqss.bak1

C:\WINDOWS\system32\opqss.ini

C:\WINDOWS\system32\qqstv.bak1

C:\WINDOWS\system32\qqstv.ini2

C:\WINDOWS\system32\qqstv.tmp

C:\WINDOWS\system32\qqtwa.bak1

C:\WINDOWS\system32\qqtwa.ini

C:\WINDOWS\system32\qtstv.bak1

C:\WINDOWS\system32\qtstv.ini

C:\WINDOWS\system32\qtstv.tmp

C:\WINDOWS\system32\qtvwa.bak1

C:\WINDOWS\system32\qtvwa.ini

C:\WINDOWS\system32\stvwa.bak1

C:\WINDOWS\system32\stvwa.ini

C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\utvwa.bak1

C:\WINDOWS\system32\utvwa.ini

C:\WINDOWS\system32\yccdd.bak1

C:\WINDOWS\system32\yccdd.ini

C:\WINDOWS\system32\ilkkj.bak1

C:\WINDOWS\system32\ilkkj.bak2

C:\WINDOWS\system32\ilkkj.ini

C:\WINDOWS\system32\ilkkj.ini2

C:\WINDOWS\system32\ilkkj.tmp

C:\WINDOWS\system32\knnmp.bak1

C:\WINDOWS\system32\knnmp.ini2

C:\WINDOWS\system32\knnmp.tmp

C:\WINDOWS\system32\llkkj.bak1

C:\WINDOWS\system32\llkkj.bak2

C:\WINDOWS\system32\llkkj.ini

C:\WINDOWS\system32\llkkj.ini2

C:\WINDOWS\system32\llkkj.tmp

C:\WINDOWS\system32\prutv.bakt

C:\WINDOWS\system32\prutv.ini2

C:\WINDOWS\system32\prutv.tmp

C:\WINDOWS\system32\qqstv.bak1

C:\WINDOWS\system32\qqstv.ini2

C:\WINDOWS\system32\qqstv.tmp

C:\WINDOWS\system32\rqrooop.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

"C:\WINDOWS\NDNuninstall7_22.exe"

"C:\WINDOWS\NDNuninstall7_48.exe"

"C:\WINDOWS\system32\packet.dll"

"C:\WINDOWS\system32\pthreadVC.dll"

"C:\WINDOWS\system32\wanpacket.dll"

"C:\WINDOWS\system32\wpcap.dll"

"C:\WINDOWS\system32\drivers\npf.sys"

 

 

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_NM

-------\LEGACY_NPF

-------\nm

-------\NPF

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))

 

 

2007-06-02 17:27 <KAT> d-------- C:\WINDOWS\SxsCaPendDel

2007-06-02 17:12 <KAT> d-------- C:\Program\CCleaner

2007-06-02 10:32 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-06-02 10:32 298,104 --a------ C:\WINDOWS\system32\imon.dll

2007-06-02 10:32 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-06-01 22:25 2,580 --a------ C:\WINDOWS\system32\ggxtafqp.exe

2007-06-01 22:25 131,124 --a------ C:\WINDOWS\system32\amkhwmxe.dll

2007-06-01 18:52 131,124 --a------ C:\WINDOWS\system32\dpvagwyy.dll

2007-05-30 20:46 14,868 --a------ C:\WINDOWS\system32\vkbktkan.exe

2007-05-30 20:46 10,752 --a------ C:\WINDOWS\system32\j7231538.dll

2007-05-24 13:06 725,044 ---hs---- C:\WINDOWS\system32\mlljj.dll

2007-05-17 23:09 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-05-17 23:09 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-05-17 23:09 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-05-17 23:00 <KAT> d--hs---- C:\WINDOWS\ftpcache

2007-05-17 15:54 <KAT> d-------- C:\DOCUME~1\Philip\APPLIC~1\Google

2007-05-08 22:46 <KAT> d-------- C:\WINDOWS\system32\sv-se

2007-05-03 16:18 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-02 21:37:46 -------- d-----w C:\Program\Delade filer\Symantec Shared

2007-06-02 21:23:26 -------- d-----w C:\Program\SUPERAntiSpyware

2007-06-02 16:13:38 -------- d--h--w C:\Program\InstallShield Installation Information

2007-06-02 16:10:09 -------- d-----w C:\Program\Delade filer\Ahead

2007-05-31 12:49:08 -------- d-----w C:\Program\Steam

2007-05-30 18:50:38 -------- d-----w C:\Program\Norton Internet Security

2007-05-28 13:50:18 -------- d-----w C:\Program\mIRC

2007-05-17 21:10:15 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-05-14 13:26:59 -------- d-----w C:\Program\Nationalencyklopedin

2007-05-11 19:01:51 64,822 ----a-w C:\WINDOWS\system32\perfc01D.dat

2007-05-11 19:01:51 387,910 ----a-w C:\WINDOWS\system32\perfh01D.dat

2007-04-18 16:14:40 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-14 13:31:14 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-04-14 13:31:14 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-04-14 13:31:14 -------- d-----w C:\Program\Symantec

2007-04-12 13:16:29 -------- d-----w C:\DOCUME~1\HP_GAR~1\APPLIC~1\AdobeUM

2007-04-12 13:13:00 -------- d-----w C:\DOCUME~1\HP_GAR~1\APPLIC~1\OpenOffice.org2

2007-04-03 13:17:11 -------- d-----w C:\Program\Azureus

2007-04-01 11:01:09 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll

2007-03-31 11:54:23 4,348 ----a-w C:\WINDOWS\system32\tmp.reg

2007-03-30 20:14:39 0 ----a-w C:\WINDOWS\ORUN32.EXE

2007-03-30 20:14:26 0 ----a-w C:\WINDOWS\system32\CMMGR32.EXE

2007-03-28 16:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-03-28 16:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll

2007-03-17 13:45:59 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-08 15:39:13 577,536 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:39:13 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:39:13 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 15:38:05 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}=C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 19:29]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2006-12-01 15:52]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ftutil2"="ftutil2.dll" [2004-06-07 16:05 C:\WINDOWS\system32\ftutil2.dll]

"nwiz"="nwiz.exe" [2006-02-13 23:05 C:\WINDOWS\system32\nwiz.exe]

"CTDVDDET"="C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00]

"VolPanel"="C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 12:34]

"AudioDrvEmulator"="C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25]

"CTHelper"="CTHELPER.EXE" []

"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 16:10 C:\WINDOWS\system32\CTXFIHLP.EXE]

"HPHUPD08"="c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35]

"PCMService"="C:\Program\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 20:46]

"HPBootOp"="C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 19:29]

"HP Software Update"="C:\Program\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 00:12]

"UpdateManager"="C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]

"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-03-01 12:01]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]

"nod32kui"="C:\Program\Eset\nod32kui.exe" [2007-06-02 10:31]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2005-01-01 18:46]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 18:24]

"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-02 23:14]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]

winmqx32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Program\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]

C:\Program\MOUSEW~1\SYSTEM\EM_EXEC.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

"C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

C:\Program\Logitech\iTouch\iTouch.exe

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

AutoRun\command- H:\Autorun.exe

 

*Newly Created Service* - COMHOST

*Newly Created Service* - SASDIFSV

 

Contents of the 'Scheduled Tasks' folder

2007-06-01 18:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Sök igenom datorn - HP_Ägaren.job

 

********************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-03 00:08:52

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

 

********************************************************************

 

Completion time: 2007-06-03 0:10:27 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-03 00:10

 

--- E O F ---

[/log]

 

- Ju mer man vet, desto mer vet man att man inte vet

wcanka

 

Link to comment
Share on other sites

Ladda ner VundoFix:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter kommer Skrivbordet att försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen i normalt läge.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Klistra in C:\vundofix.txt och en ny HijackThis-logg i ditt svar.

 

Link to comment
Share on other sites

Hej

 

Jag har försökt köra vundofix två gånger men den hittar ingenting. Så den kan inte ta bort något. Kanske kan det vara så att nod32 redan har tagit bort lite av den så att inte vundofix hittar det. Men norton varnar hela tiden att det finns en infekterad fil som inte kan tas bort.

 

Något förslag på hur jag ska få bort vundo?

 

 

- Ju mer man vet, desto mer vet man att man inte vet

wcanka

 

Link to comment
Share on other sites

Javisst, då får du göra så här i stället.

 

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger.zip

Kopiera in följande i Anteckningar:[log]

Files to delete:

C:\WINDOWS\system32\rqrooop.dll

C:\WINDOWS\system32\ddccd.dll

C:\WINDOWS\system32\bdeeg.bak1

C:\WINDOWS\system32\bdeeg.bak2

C:\WINDOWS\system32\bdeeg.ini

C:\WINDOWS\system32\ccbeg.bak1

C:\WINDOWS\system32\ccbeg.ini

C:\WINDOWS\system32\dcbeg.bak1

C:\WINDOWS\system32\dcbeg.ini

C:\WINDOWS\system32\ggjlm.bak1

C:\WINDOWS\system32\ggjlm.bak2

C:\WINDOWS\system32\ggjlm.ini

C:\WINDOWS\system32\ilkkj.bak1

C:\WINDOWS\system32\ilkkj.bak2

C:\WINDOWS\system32\ilkkj.ini

C:\WINDOWS\system32\ilkkj.ini2

C:\WINDOWS\system32\ilkkj.tmp

C:\WINDOWS\system32\kmllm.bak1

C:\WINDOWS\system32\kmllm.ini

C:\WINDOWS\system32\knnmp.bak1

C:\WINDOWS\system32\knnmp.ini2

C:\WINDOWS\system32\knnmp.tmp

C:\WINDOWS\system32\llkkj.bak1

C:\WINDOWS\system32\llkkj.bak2

C:\WINDOWS\system32\llkkj.ini

C:\WINDOWS\system32\llkkj.ini2

C:\WINDOWS\system32\llkkj.tmp

C:\WINDOWS\system32\mnnmp.bak1

C:\WINDOWS\system32\mnnmp.ini

C:\WINDOWS\system32\opqss.bak1

C:\WINDOWS\system32\opqss.ini

C:\WINDOWS\system32\qqstv.bak1

C:\WINDOWS\system32\qqstv.ini2

C:\WINDOWS\system32\qqstv.tmp

C:\WINDOWS\system32\qqtwa.bak1

C:\WINDOWS\system32\qqtwa.ini

C:\WINDOWS\system32\qtstv.bak1

C:\WINDOWS\system32\qtstv.ini

C:\WINDOWS\system32\qtstv.tmp

C:\WINDOWS\system32\qtvwa.bak1

C:\WINDOWS\system32\qtvwa.ini

C:\WINDOWS\system32\stvwa.bak1

C:\WINDOWS\system32\stvwa.ini

C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\utvwa.bak1

C:\WINDOWS\system32\utvwa.ini

C:\WINDOWS\system32\yccdd.bak1

C:\WINDOWS\system32\yccdd.ini

C:\WINDOWS\system32\ilkkj.bak1

C:\WINDOWS\system32\ilkkj.bak2

C:\WINDOWS\system32\ilkkj.ini

C:\WINDOWS\system32\ilkkj.ini2

C:\WINDOWS\system32\ilkkj.tmp

C:\WINDOWS\system32\knnmp.bak1

C:\WINDOWS\system32\knnmp.ini2

C:\WINDOWS\system32\knnmp.tmp

C:\WINDOWS\system32\llkkj.bak1

C:\WINDOWS\system32\llkkj.bak2

C:\WINDOWS\system32\llkkj.ini

C:\WINDOWS\system32\llkkj.ini2

C:\WINDOWS\system32\llkkj.tmp

C:\WINDOWS\system32\prutv.bakt

C:\WINDOWS\system32\prutv.ini2

C:\WINDOWS\system32\prutv.tmp

C:\WINDOWS\system32\qqstv.bak1

C:\WINDOWS\system32\qqstv.ini2

C:\WINDOWS\system32\qqstv.tmp

C:\WINDOWS\system32\ggxtafqp.exe

C:\WINDOWS\system32\amkhwmxe.dll

C:\WINDOWS\system32\dpvagwyy.dll

C:\WINDOWS\system32\vkbktkan.exe

C:\WINDOWS\system32\j7231538.dll

C:\WINDOWS\system32\mlljj.dll

C:\WINDOWS\system32\winmqx32.dll[/log]

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om (kanske två gånger).

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny ComboFix-logg.

 

Ladda ner http://securityresponse.symantec.com/avcenter/FxNdotN.exe

Kör programmet.

 

Link to comment
Share on other sites

Hej

 

Har gjort som du skrev. men norton fortsätter att varna för virus. Och hela tiden i mappen C:\windows\temp

Här är loggarna:

 

[log]

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\lasrvcql

 

*******************

 

Script file located at: \??\C:\Documents and Settings\tmfuyruc.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

 

 

File C:\WINDOWS\system32\rqrooop.dll not found!

Deletion of file C:\WINDOWS\system32\rqrooop.dll failed!

 

Could not process line:

C:\WINDOWS\system32\rqrooop.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ddccd.dll not found!

Deletion of file C:\WINDOWS\system32\ddccd.dll failed!

 

Could not process line:

C:\WINDOWS\system32\ddccd.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\bdeeg.bak1 not found!

Deletion of file C:\WINDOWS\system32\bdeeg.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\bdeeg.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\bdeeg.bak2 not found!

Deletion of file C:\WINDOWS\system32\bdeeg.bak2 failed!

 

Could not process line:

C:\WINDOWS\system32\bdeeg.bak2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\bdeeg.ini not found!

Deletion of file C:\WINDOWS\system32\bdeeg.ini failed!

 

Could not process line:

C:\WINDOWS\system32\bdeeg.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ccbeg.bak1 not found!

Deletion of file C:\WINDOWS\system32\ccbeg.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\ccbeg.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ccbeg.ini not found!

Deletion of file C:\WINDOWS\system32\ccbeg.ini failed!

 

Could not process line:

C:\WINDOWS\system32\ccbeg.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\dcbeg.bak1 not found!

Deletion of file C:\WINDOWS\system32\dcbeg.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\dcbeg.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\dcbeg.ini not found!

Deletion of file C:\WINDOWS\system32\dcbeg.ini failed!

 

Could not process line:

C:\WINDOWS\system32\dcbeg.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ggjlm.bak1 not found!

Deletion of file C:\WINDOWS\system32\ggjlm.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\ggjlm.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ggjlm.bak2 not found!

Deletion of file C:\WINDOWS\system32\ggjlm.bak2 failed!

 

Could not process line:

C:\WINDOWS\system32\ggjlm.bak2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ggjlm.ini not found!

Deletion of file C:\WINDOWS\system32\ggjlm.ini failed!

 

Could not process line:

C:\WINDOWS\system32\ggjlm.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ilkkj.bak1 not found!

Deletion of file C:\WINDOWS\system32\ilkkj.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\ilkkj.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ilkkj.bak2 not found!

Deletion of file C:\WINDOWS\system32\ilkkj.bak2 failed!

 

Could not process line:

C:\WINDOWS\system32\ilkkj.bak2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ilkkj.ini not found!

Deletion of file C:\WINDOWS\system32\ilkkj.ini failed!

 

Could not process line:

C:\WINDOWS\system32\ilkkj.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ilkkj.ini2 not found!

Deletion of file C:\WINDOWS\system32\ilkkj.ini2 failed!

 

Could not process line:

C:\WINDOWS\system32\ilkkj.ini2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ilkkj.tmp not found!

Deletion of file C:\WINDOWS\system32\ilkkj.tmp failed!

 

Could not process line:

C:\WINDOWS\system32\ilkkj.tmp

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\kmllm.bak1 not found!

Deletion of file C:\WINDOWS\system32\kmllm.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\kmllm.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\kmllm.ini not found!

Deletion of file C:\WINDOWS\system32\kmllm.ini failed!

 

Could not process line:

C:\WINDOWS\system32\kmllm.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\knnmp.bak1 not found!

Deletion of file C:\WINDOWS\system32\knnmp.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\knnmp.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\knnmp.ini2 not found!

Deletion of file C:\WINDOWS\system32\knnmp.ini2 failed!

 

Could not process line:

C:\WINDOWS\system32\knnmp.ini2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\knnmp.tmp not found!

Deletion of file C:\WINDOWS\system32\knnmp.tmp failed!

 

Could not process line:

C:\WINDOWS\system32\knnmp.tmp

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\llkkj.bak1 not found!

Deletion of file C:\WINDOWS\system32\llkkj.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\llkkj.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\llkkj.bak2 not found!

Deletion of file C:\WINDOWS\system32\llkkj.bak2 failed!

 

Could not process line:

C:\WINDOWS\system32\llkkj.bak2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\llkkj.ini not found!

Deletion of file C:\WINDOWS\system32\llkkj.ini failed!

 

Could not process line:

C:\WINDOWS\system32\llkkj.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\llkkj.ini2 not found!

Deletion of file C:\WINDOWS\system32\llkkj.ini2 failed!

 

Could not process line:

C:\WINDOWS\system32\llkkj.ini2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\llkkj.tmp not found!

Deletion of file C:\WINDOWS\system32\llkkj.tmp failed!

 

Could not process line:

C:\WINDOWS\system32\llkkj.tmp

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\mnnmp.bak1 not found!

Deletion of file C:\WINDOWS\system32\mnnmp.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\mnnmp.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\mnnmp.ini not found!

Deletion of file C:\WINDOWS\system32\mnnmp.ini failed!

 

Could not process line:

C:\WINDOWS\system32\mnnmp.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\opqss.bak1 not found!

Deletion of file C:\WINDOWS\system32\opqss.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\opqss.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\opqss.ini not found!

Deletion of file C:\WINDOWS\system32\opqss.ini failed!

 

Could not process line:

C:\WINDOWS\system32\opqss.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qqstv.bak1 not found!

Deletion of file C:\WINDOWS\system32\qqstv.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\qqstv.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qqstv.ini2 not found!

Deletion of file C:\WINDOWS\system32\qqstv.ini2 failed!

 

Could not process line:

C:\WINDOWS\system32\qqstv.ini2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qqstv.tmp not found!

Deletion of file C:\WINDOWS\system32\qqstv.tmp failed!

 

Could not process line:

C:\WINDOWS\system32\qqstv.tmp

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qqtwa.bak1 not found!

Deletion of file C:\WINDOWS\system32\qqtwa.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\qqtwa.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qqtwa.ini not found!

Deletion of file C:\WINDOWS\system32\qqtwa.ini failed!

 

Could not process line:

C:\WINDOWS\system32\qqtwa.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qtstv.bak1 not found!

Deletion of file C:\WINDOWS\system32\qtstv.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\qtstv.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qtstv.ini not found!

Deletion of file C:\WINDOWS\system32\qtstv.ini failed!

 

Could not process line:

C:\WINDOWS\system32\qtstv.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qtstv.tmp not found!

Deletion of file C:\WINDOWS\system32\qtstv.tmp failed!

 

Could not process line:

C:\WINDOWS\system32\qtstv.tmp

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qtvwa.bak1 not found!

Deletion of file C:\WINDOWS\system32\qtvwa.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\qtvwa.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qtvwa.ini not found!

Deletion of file C:\WINDOWS\system32\qtvwa.ini failed!

 

Could not process line:

C:\WINDOWS\system32\qtvwa.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\stvwa.bak1 not found!

Deletion of file C:\WINDOWS\system32\stvwa.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\stvwa.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\stvwa.ini not found!

Deletion of file C:\WINDOWS\system32\stvwa.ini failed!

 

Could not process line:

C:\WINDOWS\system32\stvwa.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ttstv.bak1 not found!

Deletion of file C:\WINDOWS\system32\ttstv.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\ttstv.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ttstv.ini not found!

Deletion of file C:\WINDOWS\system32\ttstv.ini failed!

 

Could not process line:

C:\WINDOWS\system32\ttstv.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\utvwa.bak1 not found!

Deletion of file C:\WINDOWS\system32\utvwa.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\utvwa.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\utvwa.ini not found!

Deletion of file C:\WINDOWS\system32\utvwa.ini failed!

 

Could not process line:

C:\WINDOWS\system32\utvwa.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\yccdd.bak1 not found!

Deletion of file C:\WINDOWS\system32\yccdd.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\yccdd.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\yccdd.ini not found!

Deletion of file C:\WINDOWS\system32\yccdd.ini failed!

 

Could not process line:

C:\WINDOWS\system32\yccdd.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ilkkj.bak1 not found!

Deletion of file C:\WINDOWS\system32\ilkkj.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\ilkkj.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ilkkj.bak2 not found!

Deletion of file C:\WINDOWS\system32\ilkkj.bak2 failed!

 

Could not process line:

C:\WINDOWS\system32\ilkkj.bak2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ilkkj.ini not found!

Deletion of file C:\WINDOWS\system32\ilkkj.ini failed!

 

Could not process line:

C:\WINDOWS\system32\ilkkj.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ilkkj.ini2 not found!

Deletion of file C:\WINDOWS\system32\ilkkj.ini2 failed!

 

Could not process line:

C:\WINDOWS\system32\ilkkj.ini2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ilkkj.tmp not found!

Deletion of file C:\WINDOWS\system32\ilkkj.tmp failed!

 

Could not process line:

C:\WINDOWS\system32\ilkkj.tmp

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\knnmp.bak1 not found!

Deletion of file C:\WINDOWS\system32\knnmp.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\knnmp.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\knnmp.ini2 not found!

Deletion of file C:\WINDOWS\system32\knnmp.ini2 failed!

 

Could not process line:

C:\WINDOWS\system32\knnmp.ini2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\knnmp.tmp not found!

Deletion of file C:\WINDOWS\system32\knnmp.tmp failed!

 

Could not process line:

C:\WINDOWS\system32\knnmp.tmp

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\llkkj.bak1 not found!

Deletion of file C:\WINDOWS\system32\llkkj.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\llkkj.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\llkkj.bak2 not found!

Deletion of file C:\WINDOWS\system32\llkkj.bak2 failed!

 

Could not process line:

C:\WINDOWS\system32\llkkj.bak2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\llkkj.ini not found!

Deletion of file C:\WINDOWS\system32\llkkj.ini failed!

 

Could not process line:

C:\WINDOWS\system32\llkkj.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\llkkj.ini2 not found!

Deletion of file C:\WINDOWS\system32\llkkj.ini2 failed!

 

Could not process line:

C:\WINDOWS\system32\llkkj.ini2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\llkkj.tmp not found!

Deletion of file C:\WINDOWS\system32\llkkj.tmp failed!

 

Could not process line:

C:\WINDOWS\system32\llkkj.tmp

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\prutv.bakt not found!

Deletion of file C:\WINDOWS\system32\prutv.bakt failed!

 

Could not process line:

C:\WINDOWS\system32\prutv.bakt

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\prutv.ini2 not found!

Deletion of file C:\WINDOWS\system32\prutv.ini2 failed!

 

Could not process line:

C:\WINDOWS\system32\prutv.ini2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\prutv.tmp not found!

Deletion of file C:\WINDOWS\system32\prutv.tmp failed!

 

Could not process line:

C:\WINDOWS\system32\prutv.tmp

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qqstv.bak1 not found!

Deletion of file C:\WINDOWS\system32\qqstv.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\qqstv.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qqstv.ini2 not found!

Deletion of file C:\WINDOWS\system32\qqstv.ini2 failed!

 

Could not process line:

C:\WINDOWS\system32\qqstv.ini2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\qqstv.tmp not found!

Deletion of file C:\WINDOWS\system32\qqstv.tmp failed!

 

Could not process line:

C:\WINDOWS\system32\qqstv.tmp

Status: 0xc0000034

 

File C:\WINDOWS\system32\ggxtafqp.exe deleted successfully.

File C:\WINDOWS\system32\amkhwmxe.dll deleted successfully.

File C:\WINDOWS\system32\dpvagwyy.dll deleted successfully.

File C:\WINDOWS\system32\vkbktkan.exe deleted successfully.

File C:\WINDOWS\system32\j7231538.dll deleted successfully.

File C:\WINDOWS\system32\mlljj.dll deleted successfully.

 

 

File C:\WINDOWS\system32\winmqx32.dll not found!

Deletion of file C:\WINDOWS\system32\winmqx32.dll failed!

 

Could not process line:

C:\WINDOWS\system32\winmqx32.dll

Status: 0xc0000034

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[/log]

[log]

"HP_Žgaren" - 2007-06-03 21:01:25 Service Pack 2

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\HP_Žgaren\Skrivbord\"

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))

 

 

2007-06-03 19:18 <KAT> d-------- C:\avenger

2007-06-03 10:56 <KAT> d-------- C:\VundoFix Backups

2007-06-03 00:10 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-02 17:27 <KAT> d-------- C:\WINDOWS\SxsCaPendDel

2007-06-02 17:12 <KAT> d-------- C:\Program\CCleaner

2007-06-02 10:32 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-06-02 10:32 298,104 --a------ C:\WINDOWS\system32\imon.dll

2007-06-02 10:32 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-05-17 23:09 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-05-17 23:09 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-05-17 23:09 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-05-17 23:00 <KAT> d--hs---- C:\WINDOWS\ftpcache

2007-05-17 15:54 <KAT> d-------- C:\DOCUME~1\Philip\APPLIC~1\Google

2007-05-08 22:46 <KAT> d-------- C:\WINDOWS\system32\sv-se

2007-05-03 16:18 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-03 13:51:04 -------- d-----w C:\Program\Steam

2007-06-02 21:37:46 -------- d-----w C:\Program\Delade filer\Symantec Shared

2007-06-02 21:23:26 -------- d-----w C:\Program\SUPERAntiSpyware

2007-06-02 16:13:38 -------- d--h--w C:\Program\InstallShield Installation Information

2007-06-02 16:10:09 -------- d-----w C:\Program\Delade filer\Ahead

2007-05-30 18:50:38 -------- d-----w C:\Program\Norton Internet Security

2007-05-28 13:50:18 -------- d-----w C:\Program\mIRC

2007-05-17 21:10:15 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-05-14 13:26:59 -------- d-----w C:\Program\Nationalencyklopedin

2007-05-11 19:01:51 64,822 ----a-w C:\WINDOWS\system32\perfc01D.dat

2007-05-11 19:01:51 387,910 ----a-w C:\WINDOWS\system32\perfh01D.dat

2007-04-18 16:14:40 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-14 13:31:14 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-04-14 13:31:14 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-04-14 13:31:14 -------- d-----w C:\Program\Symantec

2007-04-12 13:16:29 -------- d-----w C:\DOCUME~1\HP_GAR~1\APPLIC~1\AdobeUM

2007-04-12 13:13:00 -------- d-----w C:\DOCUME~1\HP_GAR~1\APPLIC~1\OpenOffice.org2

2007-04-03 13:17:11 -------- d-----w C:\Program\Azureus

2007-04-01 11:01:09 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll

2007-03-31 11:54:23 4,348 ----a-w C:\WINDOWS\system32\tmp.reg

2007-03-30 20:14:39 0 ----a-w C:\WINDOWS\ORUN32.EXE

2007-03-30 20:14:26 0 ----a-w C:\WINDOWS\system32\CMMGR32.EXE

2007-03-28 16:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-03-28 16:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll

2007-03-17 13:45:59 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-08 15:39:13 577,536 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:39:13 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:39:13 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 15:38:05 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}=C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 19:29]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2006-12-01 15:52]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ftutil2"="ftutil2.dll" [2004-06-07 16:05 C:\WINDOWS\system32\ftutil2.dll]

"nwiz"="nwiz.exe" [2006-02-13 23:05 C:\WINDOWS\system32\nwiz.exe]

"CTDVDDET"="C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00]

"VolPanel"="C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 12:34]

"AudioDrvEmulator"="C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25]

"CTHelper"="CTHELPER.EXE" []

"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 16:10 C:\WINDOWS\system32\CTXFIHLP.EXE]

"HPHUPD08"="c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35]

"PCMService"="C:\Program\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 20:46]

"HPBootOp"="C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 19:29]

"HP Software Update"="C:\Program\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 00:12]

"UpdateManager"="C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]

"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-03-01 12:01]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2005-01-01 18:46]

"qjbowuge"="C:\btvbkhlh.bat" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 18:24]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]

winmqx32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Program\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]

C:\Program\MOUSEW~1\SYSTEM\EM_EXEC.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

"C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

C:\Program\Logitech\iTouch\iTouch.exe

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

*Newly Created Service* - COMHOST

*Newly Created Service* - ERASERUTILDRVI2

 

Contents of the 'Scheduled Tasks' folder

2007-06-01 18:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Sök igenom datorn - HP_Ägaren.job

 

********************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-03 21:04:18

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

 

********************************************************************

 

Completion time: 2007-06-03 21:05:10

C:\ComboFix-quarantined-files.txt ... 2007-06-03 21:05

C:\ComboFix2.txt ... 2007-06-03 00:10

 

--- E O F ---

[/log]

 

Link to comment
Share on other sites

Uppdatera Norton och SUPERAntiSpyware.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Töm mappen:

C:\windows\temp

 

Skanna igenom datorn med Norton och med SUPERAntiSpyware. Spara en logg från Norton om den hittar något.

 

Starta om i normalt läge.

Klistra in loggen från Norton om den hittade något.

Om SUPERAntiSpyware hittade något så klistra in den loggen också (starta programmet - Preferences - Statistics/Logs, dubbelklicka på nyaste SUPERAntiSpyware Scan Log).

En ny HijackThis-logg också.

 

 

Link to comment
Share on other sites

Hej

 

Jag vet inte om trojanen försvann eller inte. Men Norton varnar inte längre så det kan ju vara ett gott tecken. Superantispyware lyckades ta bort en massa saker, men mest cookies. Norton hittade ingenting.

 

[log]

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/04/2007 at 02:03 AM

 

Application Version : 3.8.1002

 

Core Rules Database Version : 3248

Trace Rules Database Version: 1259

 

Scan type : Complete Scan

Total Scan Time : 03:10:03

 

Memory items scanned : 234

Memory threats detected : 0

Registry items scanned : 6316

Registry threats detected : 2

File items scanned : 49599

File threats detected : 172

 

Trojan.Media-Codec/V3

HKCR\imageactivexobject.Ñhl

HKCR\imageactivexobject.Ñhl\CLSID

 

Adware.Tracking Cookie

C:\Documents and Settings\Anders\Cookies\anders@2o7[1].txt

C:\Documents and Settings\Anders\Cookies\anders@ad.adtoma[2].txt

C:\Documents and Settings\Anders\Cookies\anders@ad.uk.tangozebra[1].txt

C:\Documents and Settings\Anders\Cookies\anders@ad.yieldmanager[2].txt

C:\Documents and Settings\Anders\Cookies\anders@ad.zanox[2].txt

C:\Documents and Settings\Anders\Cookies\anders@ad1.emediate[1].txt

C:\Documents and Settings\Anders\Cookies\anders@ad1.emediate[2].txt

C:\Documents and Settings\Anders\Cookies\anders@adserver.eniro[2].txt

C:\Documents and Settings\Anders\Cookies\anders@adtech[2].txt

C:\Documents and Settings\Anders\Cookies\anders@advertising[2].txt

C:\Documents and Settings\Anders\Cookies\anders@apmebf[1].txt

C:\Documents and Settings\Anders\Cookies\anders@atdmt[2].txt

C:\Documents and Settings\Anders\Cookies\anders@bluestreak[2].txt

C:\Documents and Settings\Anders\Cookies\anders@bs.serving-sys[2].txt

C:\Documents and Settings\Anders\Cookies\anders@casalemedia[1].txt

C:\Documents and Settings\Anders\Cookies\anders@counter.hitslink[1].txt

C:\Documents and Settings\Anders\Cookies\anders@cpvfeed[2].txt

C:\Documents and Settings\Anders\Cookies\anders@doubleclick[2].txt

C:\Documents and Settings\Anders\Cookies\anders@ehg-hollywood.hitbox[1].txt

C:\Documents and Settings\Anders\Cookies\anders@ehg-hollywoodmedia.hitbox[1].txt

C:\Documents and Settings\Anders\Cookies\anders@ehg-two.hitbox[1].txt

C:\Documents and Settings\Anders\Cookies\anders@goodyear.122.2o7[1].txt

C:\Documents and Settings\Anders\Cookies\anders@hertz.122.2o7[1].txt

C:\Documents and Settings\Anders\Cookies\anders@hitbox[1].txt

C:\Documents and Settings\Anders\Cookies\anders@indextools[2].txt

C:\Documents and Settings\Anders\Cookies\anders@interhomeag.112.2o7[1].txt

C:\Documents and Settings\Anders\Cookies\anders@login.tracking101[2].txt

C:\Documents and Settings\Anders\Cookies\anders@mediaplex[2].txt

C:\Documents and Settings\Anders\Cookies\anders@msnportal.112.2o7[1].txt

C:\Documents and Settings\Anders\Cookies\anders@oas.247realmedia[1].txt

C:\Documents and Settings\Anders\Cookies\anders@revenue[1].txt

C:\Documents and Settings\Anders\Cookies\anders@serving-sys[2].txt

C:\Documents and Settings\Anders\Cookies\anders@statcounter[1].txt

C:\Documents and Settings\Anders\Cookies\anders@stats.drivecleaner[2].txt

C:\Documents and Settings\Anders\Cookies\anders@stats1.reliablestats[2].txt

C:\Documents and Settings\Anders\Cookies\anders@statse.webtrendslive[1].txt

C:\Documents and Settings\Anders\Cookies\anders@track.adform[1].txt

C:\Documents and Settings\Anders\Cookies\anders@tradedoubler[2].txt

C:\Documents and Settings\Anders\Cookies\anders@tribalfusion[1].txt

C:\Documents and Settings\Anders\Cookies\anders@valueclick[2].txt

C:\Documents and Settings\Anders\Cookies\anders@www.etracker[1].txt

C:\Documents and Settings\Anders\Cookies\anders@www.weiss-intermedia[1].txt

C:\Documents and Settings\Anders\Cookies\anders@zedo[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@2o7[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@ad.adtoma[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@ad.yieldmanager[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@ad1.emediate[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@ad1.emediate[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@ads.monster[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@ads.pointroll[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@advertising[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@atdmt[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@bluestreak[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@bs.serving-sys[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@c5.zedo[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@casalemedia[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@counter.hitslink[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@cpvfeed[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@doubleclick[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@ehg-hollywoodmedia.hitbox[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@hitbox[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@indexstats[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@mediaplex[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@msnportal.112.2o7[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@se.winantivirus[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@serving-sys[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@stats1.reliablestats[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@track.adform[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@tradedoubler[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@tribalfusion[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@winantivirus[2].txt

C:\Documents and Settings\Margareta\Cookies\margareta@www.winantivirus[1].txt

C:\Documents and Settings\Margareta\Cookies\margareta@zedo[2].txt

C:\Documents and Settings\Maria\Cookies\maria@2o7[2].txt

C:\Documents and Settings\Maria\Cookies\maria@ad.adtoma[2].txt

C:\Documents and Settings\Maria\Cookies\maria@ads.checkfelix[1].txt

C:\Documents and Settings\Maria\Cookies\maria@ads.monster[2].txt

C:\Documents and Settings\Maria\Cookies\maria@adserver.banneradministration[1].txt

C:\Documents and Settings\Maria\Cookies\maria@adtech[2].txt

C:\Documents and Settings\Maria\Cookies\maria@advertising[1].txt

C:\Documents and Settings\Maria\Cookies\maria@as-eu.falkag[2].txt

C:\Documents and Settings\Maria\Cookies\maria@as1.falkag[2].txt

C:\Documents and Settings\Maria\Cookies\maria@atdmt[1].txt

C:\Documents and Settings\Maria\Cookies\maria@axelspringer.122.2o7[1].txt

C:\Documents and Settings\Maria\Cookies\maria@bluestreak[1].txt

C:\Documents and Settings\Maria\Cookies\maria@bs.serving-sys[1].txt

C:\Documents and Settings\Maria\Cookies\maria@cpvfeed[2].txt

C:\Documents and Settings\Maria\Cookies\maria@doubleclick[2].txt

C:\Documents and Settings\Maria\Cookies\maria@ehg-gucciamericainc.hitbox[1].txt

C:\Documents and Settings\Maria\Cookies\maria@ehg.hitbox[2].txt

C:\Documents and Settings\Maria\Cookies\maria@falkag[1].txt

C:\Documents and Settings\Maria\Cookies\maria@hitbox[1].txt

C:\Documents and Settings\Maria\Cookies\maria@m1.webstats4u[1].txt

C:\Documents and Settings\Maria\Cookies\maria@mediaplex[1].txt

C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[1].txt

C:\Documents and Settings\Maria\Cookies\maria@overture[1].txt

C:\Documents and Settings\Maria\Cookies\maria@revsci[2].txt

C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt

C:\Documents and Settings\Maria\Cookies\maria@stat.swedbank[1].txt

C:\Documents and Settings\Maria\Cookies\maria@stats.drivecleaner[2].txt

C:\Documents and Settings\Maria\Cookies\maria@statse.webtrendslive[1].txt

C:\Documents and Settings\Maria\Cookies\maria@tradedoubler[2].txt

C:\Documents and Settings\Philip\Cookies\philip@2o7[1].txt

C:\Documents and Settings\Philip\Cookies\philip@acvs.mediaonenetwork[2].txt

C:\Documents and Settings\Philip\Cookies\philip@ad.adtoma[2].txt

C:\Documents and Settings\Philip\Cookies\philip@ad.sensismediasmart.com[1].txt

C:\Documents and Settings\Philip\Cookies\philip@ad.yieldmanager[2].txt

C:\Documents and Settings\Philip\Cookies\philip@ad.zanox[2].txt

C:\Documents and Settings\Philip\Cookies\philip@ad1.emediate[1].txt

C:\Documents and Settings\Philip\Cookies\philip@ad1.emediate[3].txt

C:\Documents and Settings\Philip\Cookies\philip@ads.gamershell[2].txt

C:\Documents and Settings\Philip\Cookies\philip@ads.monster[1].txt

C:\Documents and Settings\Philip\Cookies\philip@ads.pointroll[2].txt

C:\Documents and Settings\Philip\Cookies\philip@adserver.banneradministration[1].txt

C:\Documents and Settings\Philip\Cookies\philip@adserver[1].txt

C:\Documents and Settings\Philip\Cookies\philip@adtech[2].txt

C:\Documents and Settings\Philip\Cookies\philip@advertising[2].txt

C:\Documents and Settings\Philip\Cookies\philip@amlocalhost.trymedia[1].txt

C:\Documents and Settings\Philip\Cookies\philip@as1.falkag[1].txt

C:\Documents and Settings\Philip\Cookies\philip@atdmt[2].txt

C:\Documents and Settings\Philip\Cookies\philip@banner.eurogrand[1].txt

C:\Documents and Settings\Philip\Cookies\philip@bluestreak[1].txt

C:\Documents and Settings\Philip\Cookies\philip@bs.serving-sys[2].txt

C:\Documents and Settings\Philip\Cookies\philip@burstnet[1].txt

C:\Documents and Settings\Philip\Cookies\philip@casalemedia[2].txt

C:\Documents and Settings\Philip\Cookies\philip@clicktorrent[2].txt

C:\Documents and Settings\Philip\Cookies\philip@counter15.sextracker[2].txt

C:\Documents and Settings\Philip\Cookies\philip@cpvfeed[2].txt

C:\Documents and Settings\Philip\Cookies\philip@cs.sexcounter[2].txt

C:\Documents and Settings\Philip\Cookies\philip@doubleclick[1].txt

C:\Documents and Settings\Philip\Cookies\philip@ehg-hollywood.hitbox[1].txt

C:\Documents and Settings\Philip\Cookies\philip@ehg.hitbox[2].txt

C:\Documents and Settings\Philip\Cookies\philip@fastclick[1].txt

C:\Documents and Settings\Philip\Cookies\philip@goclick[1].txt

C:\Documents and Settings\Philip\Cookies\philip@hitbox[2].txt

C:\Documents and Settings\Philip\Cookies\philip@indextools[1].txt

C:\Documents and Settings\Philip\Cookies\philip@m1.webstats4u[1].txt

C:\Documents and Settings\Philip\Cookies\philip@mediaonenetwork[1].txt

C:\Documents and Settings\Philip\Cookies\philip@mediaplex[2].txt

C:\Documents and Settings\Philip\Cookies\philip@metacafe.122.2o7[1].txt

C:\Documents and Settings\Philip\Cookies\philip@msnportal.112.2o7[1].txt

C:\Documents and Settings\Philip\Cookies\philip@revenue[2].txt

C:\Documents and Settings\Philip\Cookies\philip@revsci[2].txt

C:\Documents and Settings\Philip\Cookies\philip@server.cpmstar[2].txt

C:\Documents and Settings\Philip\Cookies\philip@server.iad.liveperson[1].txt

C:\Documents and Settings\Philip\Cookies\philip@serving-sys[1].txt

C:\Documents and Settings\Philip\Cookies\philip@sexlist[1].txt

C:\Documents and Settings\Philip\Cookies\philip@sextracker[2].txt

C:\Documents and Settings\Philip\Cookies\philip@stat.swedbank[1].txt

C:\Documents and Settings\Philip\Cookies\philip@stat.www[1].txt

C:\Documents and Settings\Philip\Cookies\philip@statcounter[2].txt

C:\Documents and Settings\Philip\Cookies\philip@stats.bmw[1].txt

C:\Documents and Settings\Philip\Cookies\philip@stats.drivecleaner[2].txt

C:\Documents and Settings\Philip\Cookies\philip@stats1.reliablestats[2].txt

C:\Documents and Settings\Philip\Cookies\philip@statse.webtrendslive[2].txt

C:\Documents and Settings\Philip\Cookies\philip@tacoda[2].txt

C:\Documents and Settings\Philip\Cookies\philip@targetnet[1].txt

C:\Documents and Settings\Philip\Cookies\philip@track.adform[1].txt

C:\Documents and Settings\Philip\Cookies\philip@tradedoubler[1].txt

C:\Documents and Settings\Philip\Cookies\philip@tribalfusion[2].txt

C:\Documents and Settings\Philip\Cookies\philip@upspiral[2].txt

C:\Documents and Settings\Philip\Cookies\philip@valueclick[1].txt

C:\Documents and Settings\Philip\Cookies\philip@winantivirus[2].txt

C:\Documents and Settings\Philip\Cookies\philip@www.addfreestats[1].txt

C:\Documents and Settings\Philip\Cookies\philip@www.burstnet[1].txt

C:\Documents and Settings\Philip\Cookies\philip@www.googleadservices[1].txt

C:\Documents and Settings\Philip\Cookies\philip@www8.addfreestats[1].txt

C:\Documents and Settings\Philip\Cookies\philip@xiti[1].txt

C:\Documents and Settings\Philip\Cookies\philip@zedo[2].txt

 

Trojan.NewDotNet

C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_22.EXE.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_48.EXE.VIR

 

Trojan.Downloader-Gen/SwampDonk

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RQROOOP.DLL.VIR

[/log]

[log]

Logfile of HijackThis v1.99.1

Scan saved at 14:33, on 2007-06-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program\CyberLink\PowerCinema\PCMService.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program\HP\HP Software Update\HPwuSchd2.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

c:\windows\system\hpsysdrv.exe

C:\Program\Java\jre1.5.0_05\bin\jusched.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=SE&language=sv&PURCH_DT_MONTH=05&PURCH_DT_DAY=18&PURCH_DT_YEAR=2006&PROD_SERIAL_ID=CZB6180660&application=305&modelID=EW055AA&LF=blue

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [qjbowuge] C:\btvbkhlh.bat

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Startup: Miranda IM.lnk = C:\Program\Miranda IM\miranda32.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[/log]

 

Link to comment
Share on other sites

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java/J2SE i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny från http://www.java.com/sv/

 

Skanna med HijackThis och bocka för:

 

O4 - HKLM\..\Run: [qjbowuge] C:\btvbkhlh.bat

O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Välj alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix.

 

Link to comment
Share on other sites

Här är loggen från smitfraudfix

 

[log]

SmitFraudFix v2.191

 

Scan done at 17:40:38.04, 2007-06-04

Run from C:\Documents and Settings\HP_Žgaren\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program\CyberLink\PowerCinema\PCMService.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program\HP\HP Software Update\HPwuSchd2.exe

C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Miranda IM\miranda32.exe

C:\WINDOWS\system32\wuauclt.exe

c:\windows\system\hpsysdrv.exe

C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\Program\Symantec\LiveUpdate\AUpdate.exe

C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\WINDOWS\system32\cmd.exe

C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Žgaren

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Žgaren\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_GAR~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport för paketschemaläggning

DNS Server Search Order: 16.92.3.242

DNS Server Search Order: 16.92.3.243

DNS Server Search Order: 16.81.3.243

DNS Server Search Order: 16.118.3.243

 

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport för paketschemaläggning

DNS Server Search Order: 195.67.199.9

DNS Server Search Order: 195.67.199.10

DNS Server Search Order: 195.67.199.11

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCEC40D1-52C3-4FC7-A317-86EA9E68A549}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D6857569-12A1-4958-B8CB-40B34259E713}: DhcpNameServer=195.67.199.9 195.67.199.10 195.67.199.11

HKLM\SYSTEM\CS1\Services\Tcpip\..\{BCEC40D1-52C3-4FC7-A317-86EA9E68A549}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

HKLM\SYSTEM\CS1\Services\Tcpip\..\{D6857569-12A1-4958-B8CB-40B34259E713}: DhcpNameServer=195.67.199.9 195.67.199.10 195.67.199.11

HKLM\SYSTEM\CS3\Services\Tcpip\..\{BCEC40D1-52C3-4FC7-A317-86EA9E68A549}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

HKLM\SYSTEM\CS3\Services\Tcpip\..\{D6857569-12A1-4958-B8CB-40B34259E713}: DhcpNameServer=195.67.199.9 195.67.199.10 195.67.199.11

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.9 195.67.199.10 195.67.199.11

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.9 195.67.199.10 195.67.199.11

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.9 195.67.199.10 195.67.199.11

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

Link to comment
Share on other sites

Inget otrevligt i loggen.

Har du två nätverksanslutningar i datorn?

Den ena har DNSer som hör till HP. Kan det stämma att det ska vara så?

Den andra har DNSer som hör till Telia, så det är ju normalt.

 

Verkar datorn normal nu?

 

[inlägget ändrat 2007-06-04 17:56:09 av Cecilia]

Link to comment
Share on other sites

Jag vet inte riktigt vad DNS är för något. Men jag har en modem som är anslutet till en zyxel router där en kabel sedan går vidare till denna dator. Men datorn kan också få signalen trådlöst från routern, men det ska vara inaktiverat.

 

Annars så verkar det som datorn är normal. Lite slöa boottider, men annars ok.

 

 

Tack så hemskt mycket för hjälpen!

 

 

- Ju mer man vet, desto mer vet man att man inte vet

wcanka

 

Link to comment
Share on other sites

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware och/eller Spybot S&D regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

 

Använd en brandvägg (bättre än den inbyggda i XP), det finns gratis t ex Comodo och ZoneAlarm.

http://www.personalfirewall.comodo.com/

http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

Länken "I only want basic ZoneAlarm protection" eller på

http://www.majorgeeks.com/ZoneAlarm_Free_d388.html

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmet SpywareBlaster, vilket hindrar en hel del otrevliga program från att laddas ner resp. köras http://www.javacoolsoftware.com , samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn http://www.spywarewarrior.com/uiuc/resource.htm

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Om man använder webbläsaren Firefox så är det lämpligt att ha tillägget NoScript.

http://www.mozilla.com

https://addons.mozilla.org/firefox/722/

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Tack igen!

 

Poäng till dig

 

 

- Ju mer man vet, desto mer vet man att man inte vet

wcanka

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...