Kan inte läsa pltpbnkq.dll.

[HerrNilsson]

Hej

 

När jag har startat datorn och kommit in i Windows så får jag ett felmeddelande.

Det går inte att läsa C:\windows\system32\pltpbnkq.dll

Det går inte att hitta den angivna modulen.

 

Är det någon som har en aning om vad denna filen är till för och.

 

[bild bifogad 2008-01-31 09:05:36 av HerrNilsson]

[Cecilia]

Det är troligen en fil som tillhör en infektion så det är i och för sig bra att den inte finns längre. Har ditt antivirusprogram eller antispionprogram reagerat på något nyligen?

Det är väl bäst att kolla upp hur datorn mår.

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

[HerrNilsson]

Jag har nyss rensat datorn från ett gäng virus mm.

 

Men här är loggen från ComboFix

 

[log]

ComboFix 08-01-31.3 - Administratör 2008-01-31 9:23:32.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.252 [GMT 1:00]

Running from: C:\Documents and Settings\Administratör\Skrivbord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administratör\Application Data\DriveCleaner 2006 Free

C:\Documents and Settings\Administratör\Application Data\DriveCleaner 2006 Free\Logs\update.log

C:\Documents and Settings\Administratör\ResErrors.log

C:\Documents and Settings\All Users\Application Data\salesmonitor

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode

C:\Program\Helper

C:\Program\Helper\turbosearchsite.dll

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\ajtchkvu.ini

C:\WINDOWS\system32\axypphcs.ini

C:\WINDOWS\system32\cclwyevn.ini

C:\WINDOWS\system32\cdqdljrp.ini

C:\WINDOWS\system32\confiplp.ini

C:\WINDOWS\system32\cucmfrbx.ini

C:\WINDOWS\system32\elnxftir.ini

C:\WINDOWS\system32\fpqefqdm.ini

C:\WINDOWS\system32\gbanfcmw.ini

C:\WINDOWS\system32\hfmsjcoo.ini

C:\WINDOWS\system32\klnmp.bak1

C:\WINDOWS\system32\klnmp.bak2

C:\WINDOWS\system32\klnmp.ini

C:\WINDOWS\system32\klnmp.ini2

C:\WINDOWS\system32\klnmp.tmp

C:\WINDOWS\system32\kxsvsimo.ini

C:\WINDOWS\system32\lpjhlaje.ini

C:\WINDOWS\system32\lwtsmwor.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\oaxjfdbg.ini

C:\WINDOWS\system32\ohbbctgn.ini

C:\WINDOWS\system32\pfxuhnbu.ini

C:\WINDOWS\system32\qknbptlp.ini

C:\WINDOWS\system32\sbsexwln.ini

C:\WINDOWS\system32\stera.log

C:\WINDOWS\system32\tqsbggkw.ini

C:\WINDOWS\system32\wcvmovvk.ini

C:\WINDOWS\system32\vxxdllxy.ini

C:\WINDOWS\system32\xfxfdnux.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_DOMAINSERVICE

-------\LEGACY_FOPN

-------\DomainService

 

 

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))

.

 

2008-01-31 09:04 . 2008-01-31 09:11 <KAT> d-------- C:\Program\Wise Registry Cleaner

2008-01-30 16:22 . 2008-01-31 09:19 3,768 --a------ C:\WINDOWS\system32\Config.MPF

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Program\SiteAdvisor

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\LocalService\Skrivbord

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2008-01-30 16:16 . 2006-12-22 16:02 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2008-01-30 16:16 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2008-01-30 16:16 . 2006-12-22 16:02 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-01-30 16:16 . 2006-12-22 16:02 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2008-01-30 16:16 . 2006-12-22 16:02 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-01-30 16:16 . 2006-12-22 16:02 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2008-01-30 16:15 . 2008-01-30 16:15 <KAT> d-------- C:\Program\McAfee.com

2008-01-30 16:15 . 2008-01-31 08:53 <KAT> d-------- C:\Program\McAfee

2008-01-30 16:15 . 2008-01-30 16:16 <KAT> d-------- C:\Program\Delade filer\McAfee

2008-01-30 16:02 . 2008-01-30 16:02 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-01-28 16:20 . 2008-01-31 09:12 <KAT> d-------- C:\WINDOWS\SxsCaPendDel

2008-01-22 15:48 . 2008-01-22 15:48 <KAT> d-------- C:\Program\Alwil Software

2008-01-19 15:02 . 2008-01-30 16:21 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2008-01-18 15:28 . 2008-01-18 15:28 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-01-16 19:51 . 2008-01-18 15:13 <KAT> d-------- C:\Program\WinPCDoctor

2008-01-13 16:51 . 2008-01-18 16:03 <KAT> d-------- C:\Program\Delade filer\WinAnonymous

2008-01-13 16:51 . 2008-01-13 16:51 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\WinAnonymous

2007-12-29 19:18 . 2008-01-18 16:03 <KAT> d-------- C:\Program\Delade filer\WinPCDoctor

2007-12-29 19:18 . 2007-12-29 19:18 <KAT> dr------- C:\Documents and Settings\All Users\Application Data\winpcdoctor

2007-12-29 15:18 . 2007-12-29 15:18 <KAT> d--hs---- C:\WinSpyControl

2007-12-29 15:18 . 2007-12-29 15:18 <KAT> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon

2007-12-28 23:20 . 2008-01-18 16:03 <KAT> d-------- C:\Program\Delade filer\DiskRensare

2007-12-26 06:11 . 2007-12-29 18:30 <KAT> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-03 03:40 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-12-03 03:40 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-12-03 03:40 . 2007-03-08 06:12 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2007-12-03 03:40 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-12-03 03:40 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-12-03 03:40 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-12-03 03:40 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-12-03 03:40 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-12-03 03:40 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-03 03:39 . 2007-12-03 03:41 <KAT> d-------- C:\WINDOWS\system32\sv-se

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-18 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com

2008-01-18 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure

2008-01-18 14:19 --------- d--h--w C:\Program\InstallShield Installation Information

2008-01-18 14:19 --------- d-----w C:\Program\HPQ

2008-01-05 16:26 --------- d-----w C:\Program\Altiris

2007-12-04 15:27 --------- d-----w C:\Program\Java

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b17b97b-2ef9-4b98-8639-94af836d0916}]

C:\WINDOWS\system32\vecxxwof.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF775AB8-1B36-4EEC-855D-1310EE39A6A4}]

C:\WINDOWS\system32\pmnlk.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 18:46 68856]

"WMPNSCFG"="C:\Program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:49 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 11:32 94208]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 11:29 77824]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 11:32 114688]

"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 88363 C:\WINDOWS\AGRSMMSG.exe]

"SoundMAXPnP"="C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"SoundMAX"="C:\Program\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 04:33 122941]

"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 12:50 729178]

"hpWirelessAssistant"="C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59 794624]

"eabconfg.cpl"="C:\Program\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24 290816]

"Cpqset"="C:\Program\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28 213054]

"WatchDog"="C:\Program\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 13:54 184320]

"Telia"="C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" [2007-01-31 12:08 192512]

"029c8b74"="C:\WINDOWS\system32\pltpbnkq.dll" [ ]

"SiteAdvisor"="C:\Program\SiteAdvisor\6170\SiteAdv.exe" [2007-07-27 18:12 36640]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

"DWQueuedReporting"="C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [ ]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartDVD Check.lnk - C:\Program\InterVideo\DVD Check\DVDCheck.exe [2006-04-03 12:18:00 184320]

Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

 

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2003-10-17 17:07]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2003-10-08 18:20]

S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-30 15:15:59 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\program\mcafee\mqc\QcConsol.exe'

"2008-01-30 15:15:57 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-31 09:27:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program\HPQ\Default Settings\cpqset.exe?|????????????1?0?1?6??????? ???B????????? ?????B????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\System32\SCardSvr.exe

C:\Program\Delade filer\McAfee\HackerWatch\HWAPI.exe

C:\Program\McAfee\MSC\mcmscsvc.exe

c:\program\delade filer\mcafee\mna\mcnasvc.exe

C:\Program\McAfee\VIRUSS~1\mcods.exe

C:\Program\McAfee\MSC\mcpromgr.exe

c:\program\DELADE~1\mcafee\redirsvc\redirsvc.exe

C:\Program\McAfee\VIRUSS~1\mcshield.exe

C:\Program\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

c:\program\mcafee.com\agent\mcagent.exe

C:\Program\McAfee\MPF\MPFSrv.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\SiteAdvisor\6170\SAService.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Program\Windows Media Player\WMPNetwk.exe

c:\program\mcafee\VIRUSS~1\mcvsshld.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\SiteAdvisor\6170\SiteAdv.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\HPQ\Shared\hpqwmi.exe

.

**************************************************************************

.

Completion time: 2008-01-31 9:29:47 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-31 08:29:37

.

2007-12-12 20:38:40 --- E O F ---

[/log]

 

[Cecilia]

Det var många otrevliga filer kvar i alla fall som ComboFix tog bort och väldigt mycket kvar efter det också.

 

Kontrollpanelen - Lägg till eller ta bort program

Ta bort följande om de finns där:

WinPCDoctor

WinAnonymous

WinSpyControl

SalesMon

DiskRensare

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix.

 

[HerrNilsson]

Finns inga av de programmen i Lägg till / Ta bort program.

 

Här är loggen från AmitfraudFix.

 

[log]

SmitFraudFix v2.277

 

Scan done at 10:11:43,51, 2008-01-31

Run from C:\Documents and Settings\Administratör\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\McAfee\HackerWatch\HWAPI.exe

C:\Program\McAfee\MSC\mcmscsvc.exe

c:\program\delade filer\mcafee\mna\mcnasvc.exe

C:\Program\McAfee\VIRUSS~1\mcods.exe

C:\Program\McAfee\MSC\mcpromgr.exe

c:\program\DELADE~1\mcafee\redirsvc\redirsvc.exe

C:\Program\McAfee\VIRUSS~1\mcshield.exe

C:\Program\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

c:\program\mcafee.com\agent\mcagent.exe

C:\Program\McAfee\MPF\MPFSrv.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\SiteAdvisor\6170\SAService.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\SiteAdvisor\6170\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\HPQ\Shared\hpqwmi.exe

C:\WINDOWS\system32\wuauclt.exe

c:\program\mcafee\VIRUSS~1\mcvsshld.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administratör

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administratör\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix.exe by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"system"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

 

Description: Broadcom 440x 10/100 Integrated Controller - Miniport för paketschemaläggning

DNS Server Search Order: 85.255.114.34

DNS Server Search Order: 85.255.112.132

 

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

 

Description: Broadcom 802.11b/g WLAN - Miniport för paketschemaläggning

DNS Server Search Order: 85.255.114.34

DNS Server Search Order: 85.255.112.132

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1402D899-438F-4349-8200-A47DBE16413A}: NameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2118F823-9FB4-4D68-BEFF-EF33BA872F19}: DhcpNameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2118F823-9FB4-4D68-BEFF-EF33BA872F19}: NameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4702F99C-4A86-4C84-8A16-D76CC7E03443}: DhcpNameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E8A04699-1364-499A-81AB-0AE35C14DE89}: NameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CS1\Services\Tcpip\..\{1402D899-438F-4349-8200-A47DBE16413A}: NameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CS1\Services\Tcpip\..\{2118F823-9FB4-4D68-BEFF-EF33BA872F19}: DhcpNameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CS1\Services\Tcpip\..\{2118F823-9FB4-4D68-BEFF-EF33BA872F19}: NameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CS1\Services\Tcpip\..\{4702F99C-4A86-4C84-8A16-D76CC7E03443}: DhcpNameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CS1\Services\Tcpip\..\{E8A04699-1364-499A-81AB-0AE35C14DE89}: NameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CS2\Services\Tcpip\..\{1402D899-438F-4349-8200-A47DBE16413A}: NameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CS2\Services\Tcpip\..\{2118F823-9FB4-4D68-BEFF-EF33BA872F19}: DhcpNameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CS2\Services\Tcpip\..\{2118F823-9FB4-4D68-BEFF-EF33BA872F19}: NameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CS2\Services\Tcpip\..\{4702F99C-4A86-4C84-8A16-D76CC7E03443}: DhcpNameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CS2\Services\Tcpip\..\{E8A04699-1364-499A-81AB-0AE35C14DE89}: NameServer=85.255.114.34,85.255.112.132

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.34 85.255.112.132

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.34 85.255.112.132

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.114.34 85.255.112.132

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

[Cecilia]

Ladda ner FixWareout från en av dessa platser och spara t ex på Skrivbordet:

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

 

Stäng alla program eftersom datorn kommer att startas om snart.

 

Dubbelklicka på den just nedladdade filen för att starta programmet FixWareout.

 

Tryck sedan Next, Install, kolla att Run fixit är förbockad och tryck Finish.

Fixen börjar köra, följ alla anvisningar. När du blir ombedd att starta om datorn så gör det. Det är normalt att omstarten tar längre tid än vanligt.

Klistra in loggfilen C:\fixwareout\report.txt som normalt öppnas automatiskt i ditt svar.

 

Om du får problem att komma ut på internet så gå till Kontrollpanelen - Nätverksanslutningar och högerklicka på anslutningen till internet och välj Egenskaper. På fliken Allmänt dubbel-klicka på Internet Protocol (TCP/IP) och ställ in enligt riktlinjerna från din internet-leverantör, oftast ska du få DNS-servrar automatiskt. Avsluta med OK - OK.

Starta om datorn.

 

[HerrNilsson]

Här är loggen från Fixwareout.

 

[log]

Username "Administratör" - 2008-01-31 10:29:05 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

"nameserver"="85.255.114.34 85.255.112.132" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1402D899-438F-4349-8200-A47DBE16413A}

"nameserver"="85.255.114.34,85.255.112.132" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2118F823-9FB4-4D68-BEFF-EF33BA872F19}

"nameserver"="85.255.114.34,85.255.112.132" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E8A04699-1364-499A-81AB-0AE35C14DE89}

"nameserver"="85.255.114.34,85.255.112.132" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2118F823-9FB4-4D68-BEFF-EF33BA872F19}

"DhcpNameServer"="85.255.114.34,85.255.112.132" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4702F99C-4A86-4C84-8A16-D76CC7E03443}

"DhcpNameServer"="85.255.114.34,85.255.112.132" <Value cleared.

 

DNS-matcharens cacheminne har rensats.

 

 

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "system"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"

"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"

"AGRSMMSG"="AGRSMMSG.exe"

"SoundMAXPnP"="C:\\Program\\Analog Devices\\SoundMAX\\SMax4PNP.exe"

"SoundMAX"="C:\\Program\\Analog Devices\\SoundMAX\\Smax4.exe /tray"

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.6.0_03\\bin\\jusched.exe\""

"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"

"SynTPEnh"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"

"hpWirelessAssistant"="C:\\Program\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"

"eabconfg.cpl"="C:\\Program\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"

"Cpqset"="C:\\Program\\HPQ\\Default Settings\\cpqset.exe"

"WatchDog"="C:\\Program\\InterVideo\\DVD Check\\DVDCheck.exe"

"Telia"="\"C:\\Program\\Telia\\Supportassistent\\bin\\sprtcmd.exe\" /P Telia"

"029c8b74"="rundll32.exe \"C:\\WINDOWS\\system32\\pltpbnkq.dll\",b"

"SiteAdvisor"="C:\\Program\\SiteAdvisor\\6170\\SiteAdv.exe"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"swg"="C:\\Program\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

"WMPNSCFG"="C:\\Program\\Windows Media Player\\WMPNSCFG.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

[/log]

 

[Cecilia]

Kopiera alla rader nedan

Folder::
C:\Program\WinPCDoctor
C:\Program\Delade filer\WinAnonymous
C:\Documents and Settings\All Users\Application Data\WinAnonymous
C:\Program\Delade filer\WinPCDoctor
C:\Documents and Settings\All Users\Application Data\winpcdoctor
C:\WinSpyControl
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Program\Delade filer\DiskRensare
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b17b97b-2ef9-4b98-8639-94af836d0916}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF775AB8-1B36-4EEC-855D-1310EE39A6A4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"029c8b74"=-

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

[HerrNilsson]

Här är den:

 

[log]

ComboFix 08-01-31.3 - Administratör 2008-01-31 10:53:19.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.214 [GMT 1:00]

Running from: C:\Documents and Settings\Administratör\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administratör\Skrivbord\CFScript

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\SalesMon

C:\Documents and Settings\All Users\Application Data\WinAnonymous

C:\Documents and Settings\All Users\Application Data\WinAnonymous\Abbr

C:\Documents and Settings\All Users\Application Data\WinAnonymous\ProdCode

C:\Documents and Settings\All Users\Application Data\winpcdoctor

C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac

C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em

C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid

C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user

C:\Program\Delade filer\DiskRensare

C:\Program\Delade filer\WinAnonymous

C:\Program\Delade filer\WinPCDoctor

C:\Program\WinPCDoctor

C:\Program\WinPCDoctor\swupd.log

C:\WinSpyControl

 

.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))

.

 

2008-01-31 10:11 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-01-31 10:11 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-01-31 10:11 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-01-31 10:11 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-01-31 10:11 . 2008-01-31 10:11 3,100 --a------ C:\WINDOWS\system32\tmp.reg

2008-01-31 09:29 . 2008-01-31 09:29 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-01-31 09:29 . 2008-01-31 09:29 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-01-31 09:29 . 2008-01-31 09:29 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-01-31 09:29 . 2008-01-31 09:29 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar

2008-01-31 09:04 . 2008-01-31 09:11 <KAT> d-------- C:\Program\Wise Registry Cleaner

2008-01-30 16:22 . 2008-01-31 10:32 3,768 --a------ C:\WINDOWS\system32\Config.MPF

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Program\SiteAdvisor

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\LocalService\Skrivbord

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\SiteAdvisor

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\SiteAdvisor

2008-01-30 16:16 . 2006-12-22 16:02 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2008-01-30 16:16 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2008-01-30 16:16 . 2006-12-22 16:02 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-01-30 16:16 . 2006-12-22 16:02 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2008-01-30 16:16 . 2006-12-22 16:02 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-01-30 16:16 . 2006-12-22 16:02 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2008-01-30 16:15 . 2008-01-30 16:15 <KAT> d-------- C:\Program\McAfee.com

2008-01-30 16:15 . 2008-01-31 08:53 <KAT> d-------- C:\Program\McAfee

2008-01-30 16:15 . 2008-01-30 16:16 <KAT> d-------- C:\Program\Delade filer\McAfee

2008-01-30 16:02 . 2008-01-30 16:02 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-01-28 16:20 . 2008-01-31 09:12 <KAT> d-------- C:\WINDOWS\SxsCaPendDel

2008-01-22 15:48 . 2008-01-22 15:48 <KAT> d-------- C:\Program\Alwil Software

2008-01-19 15:02 . 2008-01-30 16:21 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2008-01-18 15:28 . 2008-01-18 15:28 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-01-13 16:56 . 2008-01-13 16:56 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\WinAnonymous

2008-01-13 16:56 . 2008-01-13 16:56 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\WinAnonymous

2008-01-07 04:39 . 2008-01-07 04:39 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\winpcdoctor

2008-01-07 04:39 . 2008-01-07 04:39 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\winpcdoctor

2008-01-07 04:30 . 2008-01-17 22:52 260,640 --a------ C:\Documents and Settings\Administratör\Application Data\setup_se[1].exe

2008-01-07 04:30 . 2008-01-17 22:52 260,640 --a------ C:\Documents and Settings\Administratör\Application Data\setup_se[1].exe

2007-12-29 15:18 . 2007-12-29 15:18 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\WinSpyControl

2007-12-29 15:18 . 2007-12-29 15:18 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\WinSpyControl

2007-12-28 23:17 . 2007-12-28 23:17 255,520 --a--c--- C:\Documents and Settings\Administratör\Application Data\installer_se[1].exe

2007-12-28 23:17 . 2007-12-28 23:17 255,520 --a--c--- C:\Documents and Settings\Administratör\Application Data\installer_se[1].exe

2007-12-26 06:11 . 2007-12-29 18:30 <KAT> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-03 03:40 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-12-03 03:40 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-12-03 03:40 . 2007-03-08 06:12 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2007-12-03 03:40 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-12-03 03:40 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-12-03 03:40 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-12-03 03:40 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-12-03 03:40 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-12-03 03:40 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-03 03:39 . 2007-12-03 03:41 <KAT> d-------- C:\WINDOWS\system32\sv-se

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-18 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com

2008-01-18 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure

2008-01-18 14:19 --------- d--h--w C:\Program\InstallShield Installation Information

2008-01-18 14:19 --------- d-----w C:\Program\HPQ

2008-01-05 16:26 --------- d-----w C:\Program\Altiris

2007-12-04 15:27 --------- d-----w C:\Program\Java

2007-10-29 22:45 1,289,728 -c--a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll

2007-10-10 23:53 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-10-10 11:04 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-07-28 19:03 20,344 -c--a-w C:\Documents and Settings\Administratör\Application Data\GDIPFONTCACHEV1.DAT

2007-07-28 19:03 20,344 -c--a-w C:\Documents and Settings\Administratör\Application Data\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b17b97b-2ef9-4b98-8639-94af836d0916}]

C:\WINDOWS\system32\vecxxwof.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF775AB8-1B36-4EEC-855D-1310EE39A6A4}]

C:\WINDOWS\system32\pmnlk.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 18:46 68856]

"WMPNSCFG"="C:\Program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:49 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 11:32 94208]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 11:29 77824]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 11:32 114688]

"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 88363 C:\WINDOWS\AGRSMMSG.exe]

"SoundMAXPnP"="C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"SoundMAX"="C:\Program\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 04:33 122941]

"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 12:50 729178]

"hpWirelessAssistant"="C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59 794624]

"eabconfg.cpl"="C:\Program\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24 290816]

"Cpqset"="C:\Program\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28 213054]

"WatchDog"="C:\Program\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 13:54 184320]

"Telia"="C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" [2007-01-31 12:08 192512]

"029c8b74"="C:\WINDOWS\system32\pltpbnkq.dll" [ ]

"SiteAdvisor"="C:\Program\SiteAdvisor\6170\SiteAdv.exe" [2007-07-27 18:12 36640]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

"DWQueuedReporting"="C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [ ]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartDVD Check.lnk - C:\Program\InterVideo\DVD Check\DVDCheck.exe [2006-04-03 12:18:00 184320]

Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

 

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2003-10-17 17:07]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2003-10-08 18:20]

S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-30 15:15:59 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\program\mcafee\mqc\QcConsol.exe'

"2008-01-30 15:15:57 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-31 10:55:20

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program\HPQ\Default Settings\cpqset.exe?|????????????1?0?1?6??????? ???B????????? ?????B????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-31 10:56:01

ComboFix-quarantined-files.txt 2008-01-31 09:55:44

ComboFix2.txt 2008-01-31 08:29:47

.

2007-12-12 20:38:40 --- E O F ---

[/log]

 

[Cecilia]

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen här. Upprepa med nästa filnamn.

C:\Documents and Settings\Administratör\Application Data\setup_se[1].exe

C:\Documents and Settings\Administratör\Application Data\installer_se[1].exe

 

 

[HerrNilsson]

 

 

[log]

Fil setup_se_1_.exe mottagen 2007.12.19 21:33:45 (CET)

Närvarande status: genomförd

 

Resultat: 17/32 (53.12%)

Compact Skriv ut resultat

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 - - -

AntiVir - - -

Authentium - - -

Avast - - -

AVG - - Potentially harmful program Downloader.LH

BitDefender - - -

CAT-QuickHeal - - Downloader.WinFixer.bl (Not a Virus)

ClamAV - - -

DrWeb - - -

eSafe - - Downloader.MisleadAp

eTrust-Vet - - -

Ewido - - -

FileAdvisor - - -

Fortinet - - W32/FakeAV!tr.dldr

F-Prot - - W32/Heuristic-162!Eldorado

F-Secure - - W32/DLoader.ENED

Ikarus - - not-a-virus:Downloader.Win32.WinFixer.bl

Kaspersky - - not-a-virus:Downloader.Win32.WinFixer.bl

McAfee - - -

Microsoft - - -

NOD32v2 - - Win32/Adware.WinFixer

Norman - - W32/DLoader.ENED

Panda - - Application/SystemOrdnare

Prevx1 - - -

Rising - - Trojan.DL.Win32.WinFixer.au

Sophos - - System Ordnare Installer

Sunbelt - - VIPRE.Suspicious

Symantec - - Downloader.MisleadApp

TheHacker - - -

VBA32 - - Downloader.Win32.WinFixer.bl

VirusBuster - - -

Webwasher-Gateway - - Riskware.Fake.Syscontrol

Övrig information

MD5: 8be4591846e4bdc54bd4af8bd65ab33c

SHA1: d9ae31bd08e595a17234d548e5afe8af7b3ce7b0

SHA256: 8bee806cd4aeed0f62c3770cb29e115a9c48cfa82f2fba5d78deaa142949ccee

SHA512: 0dd286fa3c336cc194bb9901d565343de68ef85f47fb133d9bde708c150d533c d7847e610d576fb93b987339e2093788bc51891c5e2de44d75474df1d90d755d

 

 

 

 

Fil installer_se_1_.exe mottagen 2008.01.12 22:43:05 (CET)

Närvarande status: genomförd

 

Resultat: 7/32 (21.88%)

Compact Skriv ut resultat

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 - - -

AntiVir - - -

Authentium - - -

Avast - - -

AVG - - -

BitDefender - - -

CAT-QuickHeal - - (Suspicious) - DNAScan

ClamAV - - -

DrWeb - - -

eSafe - - -

eTrust-Vet - - -

Ewido - - -

FileAdvisor - - -

Fortinet - - -

F-Prot - - W32/Heuristic-162!Eldorado

F-Secure - - -

Ikarus - - -

Kaspersky - - -

McAfee - - -

Microsoft - - -

NOD32v2 - - -

Norman - - -

Panda - - Suspicious file

Prevx1 - - -

Rising - - Trojan.DL.Win32.WinFixer.au

Sophos - - -

Sunbelt - - VIPRE.Suspicious

Symantec - - Downloader.MisleadApp

TheHacker - - -

VBA32 - - -

VirusBuster - - -

Webwasher-Gateway - - Riskware.Fake.Syscontrol

Övrig information

MD5: d7bb39f731e84fd7e9a87ab6c7f4475e

SHA1: d416d19e630ff8411706c32dc56669fb58f7a9cc

SHA256: 36aa6c14967bf8836525887e6daf7787892b8fd5f552d88947cbedc46d0fa7f0

SHA512: ad5a16b45f527a9598a91840f232aad6fc6d0b42358e7b7abb47962c0ff477e9 2dfb2f369acabf1c6a39975e47c94f21dfb3ece8484b6e398b211f96b2878c50

[/log]

 

[Cecilia]

Kopiera alla rader nedan

Folder::
C:\Documents and Settings\Administratör\Application Data\WinAnonymous
C:\Documents and Settings\Administratör\Application Data\WinAnonymous
C:\Documents and Settings\Administratör\Application Data\winpcdoctor
C:\Documents and Settings\Administratör\Application Data\winpcdoctor
C:\Documents and Settings\Administratör\Application Data\setup_se[1].exe
C:\Documents and Settings\Administratör\Application Data\setup_se[1].exe
C:\Documents and Settings\Administratör\Application Data\WinSpyControl
C:\Documents and Settings\Administratör\Application Data\WinSpyControl
C:\Documents and Settings\Administratör\Application Data\installer_se[1].exe
C:\Documents and Settings\Administratör\Application Data\installer_se[1].exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b17b97b-2ef9-4b98-8639-94af836d0916}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF775AB8-1B36-4EEC-855D-1310EE39A6A4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"029c8b74"=-

och klistra in i Anteckningar. Se till att hela filnamnet hamnar på en och samma rad, likaså ska det som står inom [] vara på samma rad.

Spara filen på Skrivbordet med namnet CFScript.

 

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

[HerrNilsson]

[log]ComboFix 08-01-31.3 - Administratör 2008-01-31 11:47:37.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.189 [GMT 1:00]

Running from: C:\Documents and Settings\Administratör\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administratör\Skrivbord\CFScript

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administratör\Application Data\installer_se[1].exeC:\Documents and Settings\Administratör\Application Data\setup_se[1].exeC:\Documents and Settings\Administratör\Application Data\WinAnonymous

C:\Documents and Settings\Administratör\Application Data\WinAnonymous\Logs\update.log

C:\Documents and Settings\Administratör\Application Data\winpcdoctor

C:\Documents and Settings\Administratör\Application Data\winpcdoctor\Logs\update.log

C:\Documents and Settings\Administratör\Application Data\WinSpyControl

C:\Documents and Settings\Administratör\Application Data\WinSpyControl\Logs\threats.log

C:\Documents and Settings\Administratör\Application Data\WinSpyControl\Logs\update.log

 

.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))

.

 

2008-01-31 11:06 . 2008-01-31 11:06 <KAT> d-------- C:\WINDOWS\LastGood

2008-01-31 10:11 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-01-31 10:11 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-01-31 10:11 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-01-31 10:11 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-01-31 10:11 . 2008-01-31 10:11 3,100 --a------ C:\WINDOWS\system32\tmp.reg

2008-01-31 09:29 . 2008-01-31 09:29 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-01-31 09:29 . 2008-01-31 09:29 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-01-31 09:29 . 2008-01-31 09:29 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-01-31 09:29 . 2008-01-31 09:29 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar

2008-01-31 09:04 . 2008-01-31 09:11 <KAT> d-------- C:\Program\Wise Registry Cleaner

2008-01-30 16:22 . 2008-01-31 11:05 3,768 --a------ C:\WINDOWS\system32\Config.MPF

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Program\SiteAdvisor

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\LocalService\Skrivbord

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\SiteAdvisor

2008-01-30 16:18 . 2008-01-30 16:18 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\SiteAdvisor

2008-01-30 16:16 . 2006-12-22 16:02 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2008-01-30 16:16 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2008-01-30 16:16 . 2006-12-22 16:02 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-01-30 16:16 . 2006-12-22 16:02 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2008-01-30 16:16 . 2006-12-22 16:02 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-01-30 16:16 . 2006-12-22 16:02 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2008-01-30 16:15 . 2008-01-30 16:15 <KAT> d-------- C:\Program\McAfee.com

2008-01-30 16:15 . 2008-01-31 08:53 <KAT> d-------- C:\Program\McAfee

2008-01-30 16:15 . 2008-01-30 16:16 <KAT> d-------- C:\Program\Delade filer\McAfee

2008-01-30 16:02 . 2008-01-30 16:02 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-01-28 16:20 . 2008-01-31 09:12 <KAT> d-------- C:\WINDOWS\SxsCaPendDel

2008-01-22 15:48 . 2008-01-22 15:48 <KAT> d-------- C:\Program\Alwil Software

2008-01-19 15:02 . 2008-01-30 16:21 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2008-01-18 15:28 . 2008-01-18 15:28 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-01-07 04:30 . 2008-01-17 22:52 260,640 --a------ C:\Documents and Settings\Administratör\Application Data\setup_se[1].exe

2008-01-07 04:30 . 2008-01-17 22:52 260,640 --a------ C:\Documents and Settings\Administratör\Application Data\setup_se[1].exe

2007-12-28 23:17 . 2007-12-28 23:17 255,520 --a--c--- C:\Documents and Settings\Administratör\Application Data\installer_se[1].exe

2007-12-28 23:17 . 2007-12-28 23:17 255,520 --a--c--- C:\Documents and Settings\Administratör\Application Data\installer_se[1].exe

2007-12-26 06:11 . 2007-12-29 18:30 <KAT> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-03 03:40 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-12-03 03:40 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-12-03 03:40 . 2007-03-08 06:12 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2007-12-03 03:40 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-12-03 03:40 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-12-03 03:40 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-12-03 03:40 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-12-03 03:40 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-12-03 03:40 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-03 03:39 . 2007-12-03 03:41 <KAT> d-------- C:\WINDOWS\system32\sv-se

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-18 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com

2008-01-18 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure

2008-01-18 14:19 --------- d--h--w C:\Program\InstallShield Installation Information

2008-01-18 14:19 --------- d-----w C:\Program\HPQ

2008-01-05 16:26 --------- d-----w C:\Program\Altiris

2007-12-04 15:27 --------- d-----w C:\Program\Java

2007-10-29 22:45 1,289,728 -c--a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll

2007-10-10 23:53 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-10-10 11:04 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-07-28 19:03 20,344 -c--a-w C:\Documents and Settings\Administratör\Application Data\GDIPFONTCACHEV1.DAT

2007-07-28 19:03 20,344 -c--a-w C:\Documents and Settings\Administratör\Application Data\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 18:46 68856]

"WMPNSCFG"="C:\Program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:49 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 11:32 94208]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 11:29 77824]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 11:32 114688]

"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 88363 C:\WINDOWS\AGRSMMSG.exe]

"SoundMAXPnP"="C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"SoundMAX"="C:\Program\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 04:33 122941]

"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 12:50 729178]

"hpWirelessAssistant"="C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59 794624]

"eabconfg.cpl"="C:\Program\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24 290816]

"Cpqset"="C:\Program\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28 213054]

"WatchDog"="C:\Program\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 13:54 184320]

"Telia"="C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" [2007-01-31 12:08 192512]

"029c8b74"="C:\WINDOWS\system32\pltpbnkq.dll" [ ]

"SiteAdvisor"="C:\Program\SiteAdvisor\6170\SiteAdv.exe" [2007-07-27 18:12 36640]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

"DWQueuedReporting"="C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [ ]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartDVD Check.lnk - C:\Program\InterVideo\DVD Check\DVDCheck.exe [2006-04-03 12:18:00 184320]

Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

 

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2003-10-17 17:07]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2003-10-08 18:20]

S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-30 15:15:59 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\program\mcafee\mqc\QcConsol.exe'

"2008-01-30 15:15:57 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-31 11:49:21

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program\HPQ\Default Settings\cpqset.exe?|????????????1?0?1?6??????? ???B????????? ?????B????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-31 11:50:06

ComboFix-quarantined-files.txt 2008-01-31 10:49:44

ComboFix2.txt 2008-01-31 09:56:02

ComboFix3.txt 2008-01-31 08:29:47

.

2007-12-12 20:38:40 --- E O F ---

[/log]

 

[Cecilia]

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna:

C:\Documents and Settings\Administratör\Application Data\setup_se[1].exe

C:\Documents and Settings\Administratör\Application Data\installer_se[1].exe

 

En ny ComboFix-logg.

 

Ladda ner HijackThis:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, kör, skanna och spara loggen (inget annat).

Klistra in loggen här.

 

[HerrNilsson]

Här har vi den

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:29:09, on 2008-01-31

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\McAfee\HackerWatch\HWAPI.exe

C:\Program\McAfee\MSC\mcmscsvc.exe

c:\program\delade filer\mcafee\mna\mcnasvc.exe

C:\Program\McAfee\VIRUSS~1\mcods.exe

C:\Program\McAfee\MSC\mcpromgr.exe

c:\program\DELADE~1\mcafee\redirsvc\redirsvc.exe

C:\Program\McAfee\VIRUSS~1\mcshield.exe

C:\Program\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\McAfee\MPF\MPFSrv.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\SiteAdvisor\6170\SAService.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\SiteAdvisor\6170\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

c:\program\mcafee.com\agent\mcagent.exe

C:\Program\HPQ\Shared\hpqwmi.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program\SiteAdvisor\6170\SiteAdv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program\mcafee\virusscan\scriptcl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program\SiteAdvisor\6170\SiteAdv.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [WatchDog] C:\Program\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [029c8b74] rundll32.exe "C:\WINDOWS\system32\pltpbnkq.dll",b

O4 - HKLM\..\Run: [siteAdvisor] C:\Program\SiteAdvisor\6170\SiteAdv.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: DVD Check.lnk = C:\Program\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php'>http://www.updatesgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .mid: C:\Program\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program\DELADE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\Shared\hpqwmi.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program\Delade filer\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program\delade filer\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\program\DELADE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program\McAfee\MPF\MPFSrv.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: SiteAdvisor-tjänst (SiteAdvisor Service) - Unknown owner - C:\Program\SiteAdvisor\6170\SAService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 7897 bytes

[/log]

 

[Cecilia]

Gick det bra att ta bort filerna? De är väl fortfarande borta?

 

Skanna med HijackThis och bocka för:

 

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [029c8b74] rundll32.exe "C:\WINDOWS\system32\pltpbnkq.dll",b

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

 

Verkar datorn normal nu eller tror du att det är något mer kvar?

 

Det finns rester av Panda i loggarna.

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp Panda Process Protection Service i listan, dubbelklicka och välj Startmetod Inaktiverad.

 

[HerrNilsson]

Det gick bra, ja dom är borta helt.

 

Datorn verkar bättre och jag får inte upp felmeddelandet längre.

Jag tror detta hjälpte.

 

Jag tackar väldigt mycket för hjälpen och hoppas att du får en trevlig dag.

 

[Cecilia]

Tack detsamma och tack för alla poäng! :)

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home