Behöver hjälp med min HJT-logg

[Lars_Ohman]

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:19:02, on 2007-12-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\Program\SlySoft\VirtualCloneDrive\VCDDaemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\uTorrent\uTorrent.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\explorer.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/ie

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program\SlySoft\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

O4 - Global Startup: µTorrent.lnk = C:\Program\uTorrent\uTorrent.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\blockpopups.htm

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6\ICQ.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 6607 bytes

[/log]

 

[Cecilia]

Starta inte upp nya trådar utan fortsätt i den här genom att trycka på Besvara under ett inlägg. Dina andra trådar tar jag bort för det blir bara rörigt med dem.

 

Cecilia - Moderator för Virus - Antivirus

----------------

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av antivirusprogram och antispionprogram.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera

eller starta om datorn.

 

[Lars_Ohman]

[log]

ComboFix 07-12-21.4 - Lars-Göran 2007-12-28 9:17:09.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1065 [GMT 1:00]

Running from: C:\Documents and Settings\Lars-Göran\Skrivbord\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))

.

 

2007-12-28 07:07 . 2007-12-28 07:07 <KAT> d-------- C:\VundoFix Backups

2007-12-28 07:05 . 2007-12-28 07:05 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2007-12-28 07:05 . 2007-12-28 07:05 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2007-12-28 07:05 . 2007-12-28 07:05 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2007-12-28 07:05 . 2007-12-28 07:05 <KAT> d-------- C:\Documents and Settings\Default User\Lokala instõllningar

2007-12-28 07:03 . 2007-12-28 07:03 <KAT> d-------- C:\WINDOWS\system32\xircom

2007-12-28 07:03 . 2007-12-28 07:03 <KAT> d-------- C:\Program\microsoft frontpage

2007-12-28 03:18 . 2007-12-28 03:18 <KAT> d-------- C:\Program\Trend Micro

2007-12-27 19:23 . 2007-12-27 19:23 <KAT> d-------- C:\Program\Delade filer\xing shared

2007-12-27 19:22 . 2007-12-27 19:23 <KAT> d-------- C:\Program\Delade filer\Real

2007-12-27 19:22 . 2007-12-27 19:22 <KAT> d-------- C:\Program Files

2007-12-27 18:45 . 2007-12-27 18:45 294 ---hs---- C:\WINDOWS\system32\acurtjqp.ini

2007-12-26 13:05 . 2007-12-26 13:05 294 ---hs---- C:\WINDOWS\system32\otbnyehh.ini

2007-12-26 11:16 . 2007-12-26 11:16 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\Apple Computer

2007-12-26 11:16 . 2007-12-27 19:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-26 11:16 . 2007-12-26 11:16 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-26 11:10 . 2007-12-26 11:10 <KAT> d-------- C:\Program\Apple Software Update

2007-12-26 11:10 . 2007-12-26 11:10 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2007-12-26 05:05 . 2007-12-26 13:30 143 --a------ C:\WINDOWS\system32\mcrh.tmp

2007-12-26 01:26 . 2007-12-26 01:28 <KAT> d-------- C:\Program\Bit Che

2007-12-25 13:04 . 2007-12-25 13:04 294 ---hs---- C:\WINDOWS\system32\mwlbmrsn.ini

2007-12-25 01:50 . 2007-12-25 01:50 0 ---hs---- C:\WINDOWS\SFE800FF0.tmp

2007-12-24 22:24 . 2007-12-24 22:24 <KAT> d-------- C:\Program\RAR Password Cracker

2007-12-24 21:52 . 2007-12-24 21:56 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\dvdcss

2007-12-24 21:48 . 2007-12-24 21:48 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\vlc

2007-12-24 21:47 . 2007-12-24 21:47 <KAT> d-------- C:\Program\VideoLAN

2007-12-24 12:29 . 2007-12-24 12:29 <KAT> d-------- C:\Program\Delade filer\Adobe

2007-12-24 11:36 . 2007-12-24 11:36 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\Lavasoft

2007-12-24 10:59 . 2007-12-24 12:06 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-24 10:34 . 2007-12-24 10:34 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\Jasc

2007-12-24 08:36 . 2007-12-24 08:36 <KAT> d-------- C:\Program\WinAVI Video Converter

2007-12-24 08:36 . 2007-12-24 22:30 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys

2007-12-24 07:54 . 2007-12-28 07:49 69 --a------ C:\WINDOWS\NeroDigital.ini

2007-12-24 06:03 . 2007-12-24 06:05 <KAT> d-------- C:\Program\Jasc Software Inc

2007-12-24 06:03 . 2007-12-24 06:03 <KAT> d-------- C:\Program\Delade filer\Jasc Software Inc

2007-12-24 06:03 . 2007-12-24 06:03 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\Jasc Software Inc

2007-12-24 05:24 . 2007-12-24 05:31 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\Ahead

2007-12-24 05:24 . 2007-12-24 05:24 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Ahead

2007-12-24 05:22 . 2007-12-24 05:22 <KAT> d-------- C:\Program\Nero

2007-12-24 05:22 . 2007-12-24 05:23 <KAT> d-------- C:\Program\Delade filer\Ahead

2007-12-24 05:22 . 2007-12-24 05:22 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Nero

2007-12-23 08:22 . 2007-12-23 08:22 <KAT> d-------- C:\WINDOWS\system32\Lang

2007-12-23 08:22 . 2007-12-23 08:22 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2007-12-23 08:22 . 2007-12-23 08:22 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2007-12-23 07:37 . 2007-12-23 07:37 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\CD-LabelPrint

2007-12-23 07:34 . 2007-12-23 07:36 <KAT> d-------- C:\Program\Canon

2007-12-23 07:11 . 2007-12-28 07:48 63 --a------ C:\WINDOWS\Print.cdl

2007-12-23 06:20 . 2007-12-23 06:20 <KAT> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ

2007-12-23 06:20 . 2005-04-15 06:00 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL

2007-12-23 06:20 . 2005-03-08 19:17 90,112 --a------ C:\WINDOWS\system32\CNMCP78.exe

2007-12-23 06:20 . 2005-04-15 06:00 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL

2007-12-23 05:32 . 2007-12-23 05:32 <KAT> d-------- C:\Program\CD Label 98

2007-12-23 05:32 . 2007-12-23 05:32 <KAT> d-------- C:\Documents and Settings\Lars-Göran\WINDOWS

2007-12-23 05:32 . 2007-12-23 05:32 <KAT> d-------- C:\Documents and Settings\Lars-Göran\WINDOWS

2007-12-23 05:32 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe

2007-12-23 01:14 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe

2007-12-23 01:14 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf

2007-12-23 00:49 . 2007-12-23 00:49 <KAT> d--h----- C:\Program\InstallShield Installation Information

2007-12-23 00:48 . 2007-12-23 00:59 <KAT> d-------- C:\Program\ICQ6

2007-12-23 00:48 . 2007-12-23 00:59 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\ICQ

2007-12-23 00:47 . 2007-12-23 00:47 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\InstallShield

2007-12-22 23:28 . 2007-12-27 08:19 <KAT> d-------- C:\TorrentFärdig

2007-12-22 23:27 . 2007-12-27 05:09 <KAT> d-------- C:\TorrentNy

2007-12-22 23:24 . 2007-12-22 23:24 <KAT> d-------- C:\Program\uTorrent

2007-12-22 23:24 . 2007-12-28 09:15 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\uTorrent

2007-12-22 09:56 . 2007-12-23 06:30 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2007-12-22 07:37 . 2007-12-22 07:37 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\Media Player Classic

2007-12-22 06:52 . 2007-12-22 06:52 107,134 --a------ C:\WINDOWS\UninstallFirefox.exe

2007-12-22 03:00 . 2007-12-22 03:00 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-12-21 12:13 . 2007-12-21 12:13 <KAT> d-------- C:\Program\Delade filer\mozilla.org

2007-12-21 12:13 . 2007-12-21 12:13 <KAT> d-------- C:\Documents and Settings\Lars-Göran\Application Data\Talkback

2007-12-21 12:13 . 2007-12-22 06:55 7,480 --a------ C:\WINDOWS\mozver.dat

2007-12-21 12:13 . 2007-12-21 12:13 335 --a------ C:\WINDOWS\nsreg.dat

2007-12-21 09:57 . 2007-12-21 09:58 <KAT> d-------- C:\WINDOWS\system32\MsDtc

2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-27 18:22 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-12-27 18:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-12-27 18:19 --------- d-----w C:\Program\Multimedia

2007-12-26 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-12-25 00:49 --------- d-----w C:\Program\SlySoft

2007-12-24 20:48 --------- d-----w C:\Documents and Settings\Lars-Göran\Application Data\vlc

2007-12-24 11:13 --------- d-----w C:\Program\K-Lite Codec Pack

2007-12-21 09:54 --------- d-----w C:\Program\MSXML 4.0

2007-12-21 09:52 --------- d-----w C:\Program\Delade filer\SpeechEngines

2007-12-21 09:52 --------- d-----w C:\Program\Delade filer\ODBC

2007-12-21 09:52 --------- d-----w C:\Documents and Settings\Lars-Göran\Application Data\F-Secure

2007-12-21 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure

2007-12-21 09:35 118,842 ------r C:\WINDOWS\bwUnin-6.3.2.123-7836882L.exe

2007-12-21 09:35 --------- d-----w C:\Program\Telia

2007-12-21 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Support.com

2007-12-21 09:21 --------- d-----w C:\Program\motherboardmonitor

2007-12-21 09:21 --------- d-----w C:\Program\DAMN NFO Viewer

2007-12-21 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield

2007-12-21 09:19 --------- d-----w C:\Program\Delade filer\InstallShield

2007-12-21 09:19 --------- d-----w C:\Documents and Settings\Lars-Göran\Application Data\Corel

2007-12-21 09:17 --------- d-----w C:\Program\Tolken

2007-12-21 09:04 --------- d-----w C:\Program\MSN Messenger

2007-12-21 09:03 --------- d-----w C:\Program\WGAFixer

2007-12-21 09:00 --------- d-----w C:\Program\Onlinetjänster

2007-12-21 09:00 --------- d-----w C:\Program\Delade filer\MSSoap

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-31 03:57 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,289,728 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:44 8,467,968 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-11 06:10 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-10-11 06:10 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-10-11 06:10 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-10-11 06:10 1,055,232 ------w C:\WINDOWS\system32\dllcache\danim.dll

2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2007-10-10 23:53 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-10 23:53 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-10-10 23:53 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-10 23:53 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-10-10 23:53 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-10 23:53 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-10-10 23:53 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll

2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll

2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll

2007-10-10 23:53 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-10 11:04 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-10-10 11:04 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2CEF0C8-8D96-41E1-9F4A-E1ABEBF89621}]

C:\WINDOWS\system32\awvtt.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.exe" [2005-10-26 02:51]

"F-Secure TNB"="C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" [2005-07-18 15:51]

"F-Secure Startup Wizard"="C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.exe" [2005-10-18 09:29]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"VirtualCloneDrive"="C:\Program\SlySoft\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide3"="cmd.exe" [2006-10-24 15:35 C:\WINDOWS\system32\cmd.exe]

"nltide2"="cmd.exe" [2006-10-24 15:35 C:\WINDOWS\system32\cmd.exe]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartæTorrent.lnk - C:\Program\uTorrent\uTorrent.exe [2007-12-22 23:24:50]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\74715499]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

C:\Program\SlySoft\CloneCD\CloneCDTray.exe /s

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intranet]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 15:57 153136 --a------ C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2007-08-31 16:46 1460560 --a------ C:\Program\Spybot - Search & Destroy\TeaTimer.exe

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]

R0 m5289;m5289;C:\WINDOWS\system32\drivers\m5289.sys [2006-08-14 19:18]

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2006-02-26 16:03]

R2 F-Secure Filter;F-Secure File System Filter;C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSgk.sys [2005-02-21 18:49]

R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]

S2 BackWeb Plug-in - 7836882;Telias säkerhetstjänster;C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE [2007-12-21 10:35]

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-26 10:10:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-28 09:18:21

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-28 9:18:50

C:\ComboFix2.txt ... 2007-12-28 07:05

.

2007-12-21 10:06:09 --- E O F ---

[/log]

 

[Lars_Ohman]

Min ComboFixlogg. Ser du nåt skumt?

 

[Lars_Ohman]

Är stört omöjligt att få bort filen nnnklmm.dll som enligt F-Secure är skadlig?

Snälla, hjälp!

 

[Cecilia]

Ta det lugnt.

 

C:\Program\RAR Password Cracker

Vill man inte ha sin dator infekterad så låter man bli crack-filer.

 

Kopiera alla rader nedan

[log]

File::

C:\WINDOWS\system32\acurtjqp.ini

C:\WINDOWS\system32\otbnyehh.ini

C:\WINDOWS\system32\mwlbmrsn.ini

C:\WINDOWS\SFE800FF0.tmp

[/log]

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Dra CFScript med musen och släpp den ovanpå Combofix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Skicka loggen som kommer ut och en ny HijackThis-logg.

 

[Lars_Ohman]

You are right!

Men med min pension så är det svårt att tex. köpa Office för ca 5000 kr :-((

Hoppas du inte för detta vidare till Mr Gates?

 

[Cecilia]

Jag vill inte heller betala för MS Office så därför använder jag inte det utan gratis OpenOffice i stället:

http://www.openoffice.org/

 

Annars så kostar inte MS Office 2007 mer än ca 900 kronor

http://www.prisjakt.nu/produkt.php?p=162255

om det gäller vanlig hemanvändning och man nöjer sig med Word, Excel och PowerPoint.

 

[Lars_Ohman]

Tusen tack. You must bu born in heaven :-)

Fick detta bifogade meddelande?

 

[bild bifogad 2007-12-28 10:24:28 av Lars_Ohman]

[Lars_Ohman]

Så duktig som du är så är du född i nåt paradis?

 

[Lars_Ohman]

Min senaste HJT-logg. Har tagit bort en massa skräp i Regedit. Nån förbättring?

Men fortfarande verkar nnnklmm.dll vare en svår fil att få bort. Du fick väl min skärmdump?

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:29, on 2007-12-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\SlySoft\VirtualCloneDrive\VCDDaemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {F2CEF0C8-8D96-41E1-9F4A-E1ABEBF89621} - C:\WINDOWS\system32\awvtt.dll (file missing)

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program\SlySoft\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

O4 - Global Startup: µTorrent.lnk = C:\Program\uTorrent\uTorrent.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\blockpopups.htm

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6\ICQ.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 7049 bytes

[/log]

 

[Lars_Ohman]

Är det nåt Stavfel??

 

[Cecilia]

Bara hållit på med datorer i många många år.

 

Byt namn på filen så att den heter CFScript.txt

 

[Lars_Ohman]

Ursäkta savfelen :-)

 

[Lars_Ohman]

Datorn har funkat bra i 5 dagar nu. Innan så fick jag sk. "blue screen" varje dag men inte nu. Den tjatade om "Ingen bootdisk och om Windows-kernel-fault, som vad jag kan fårstå är själva kärnan i OS?

 

PS: 950 kr är mycket för en förtidspensionerad man!

Men jag tror inte att Mr. Gates kommer att kunna förhindra "piratcopy" Då måste han sänka priset rejält på d.s.k. box-versionen.

Hoppas du svarar Cecilia?

 

[Lars_Ohman]

Kommer du ihåg den gamla C64:an? Där slösas det inte inte med programkod. Otroligt med bara 64 KB?

 

[Cecilia]

Hur har det gått med CFScript.txt?

 

Den tjatade om "Ingen bootdisk och om Windows-kernel-fault, som vad jag kan fårstå är själva kärnan i OS?

Hmm, är det problem med hårddisken eftersom den hade svårt att hitta den?

 

PS: 950 kr är mycket

Då finns OpenOffice som sagt. Det är ett bra program som räcker till för normal användning.

 

Är stört omöjligt att få bort filen nnnklmm.dll som enligt F-Secure är skadlig?

I vilken mapp finns filen enligt F-secure?

 

[Lars_Ohman]

Den heter ju CFScript.txt?

 

[Cecilia]

Ta bort den och försök från början utifall att det har blivit något konstigt.

 

[Lars_Ohman]

Chdsk visar "INGA skadade sektorer, men hårdvaruproblem rår ju inte mjukvara på!

Filen finns i C:\Windows\System32 och går inte att ta bort, ens i felsäkert läge?

 

[Lars_Ohman]

Nåt skumt i min senaste logg?

 

[Cecilia]

I ComboFix-loggen fanns det otrevliga filer, vilka det är meningen att CFScript + ComboFix ska åtgärda. Allt otrevligt syns inte i en HijackThis-logg. Om du får CFScript att fungera så kan man använda den till att ta bort nnnklmm.dll också.

 

[Lars_Ohman]

Men hur får jag den att funka? Filen heter CFScript.txt, med rätt ext.)

 

[Cecilia]

Vi försöker på ett annat sätt då.

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger.zip

Kopiera in följande i Anteckningar:

Files to delete:
C:\WINDOWS\system32\acurtjqp.ini
C:\WINDOWS\system32\otbnyehh.ini
C:\WINDOWS\system32\mwlbmrsn.ini
C:\WINDOWS\SFE800FF0.tmp

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om (kanske två gånger).

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny ComboFix- och HijackThis-logg.

 

[Lars_Ohman]

Vilka otrevliga saker? Kan du specifiera filerna?