Just nu i M3-nätverket
Jump to content
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Alla hjärtans virus

musikcorner

By musikcorner,
in Virus, skadliga program & botemedel

Recommended Posts

musikcorner

musikcorner

Posted
Posted

Hej!

Alltbörjade med att jag laddade ner en fil från hotmail och då började mitt antivirus program pippa, så jag g bort filen...

Allt klart, men när ja sedan började surfa på IE så börde det komma upp rutor med "din datär infekterad "osv osv.

Efter körde jag många olika scannar och programmen inga tar bort mina virus :(

Någon som kan hjälpa mig?

Här kommer hijackthiscanen:

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:02:03, on 2008-02-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

D:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

C:\Program\Bonjour\mDNSResponder.exe

D:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

D:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

D:\Program\F-Secure Internet Security\backweb\4476822\Program\fspex.exe

D:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

D:\Program\F-Secure Internet Security\Common\FSMA32.EXE

D:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

D:\Program\F-Secure Internet Security\Common\FSMB32.EXE

D:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

D:\Program\F-Secure Internet Security\Common\FCH32.EXE

D:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

D:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

D:\Program\F-Secure Internet Security\Anti-Virus\fsrw.exe

D:\Program\F-Secure Internet Security\FSPC\fspc.exe

D:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

D:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

D:\Program\F-Secure Internet Security\Common\FSM32.EXE

D:\Program\F-Secure Internet Security\FSGUI\FSSW.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

D:\Program\F-SECU~1\ANTI-S~1\fsaw.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

D:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program\Google\Web Accelerator\GoogleWebAccToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Program\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [803cd777] rundll32.exe "C:\WINDOWS\system32\jxuuofqb.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: BOBBY MCFERRIN - DON'T WORRY BE HAPPY.MP3

O4 - Global Startup: F-Secure 2006.lnk = D:\Program\F-Secure Internet Security\backweb\4476822\Program\fspex.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - D:\Program\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://194.132.44.103/activex/AMC.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~1\Office12\GR99D3~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - D:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: fsbwsys - F-Secure Corp. - D:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

O23 - Service: FSMA - F-Secure Corporation - D:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

 

--

End of file - 10339 bytes

[/log]

 

Link to comment
Share on other sites
Zipp.

Zipp.

Posted
Posted

 

[log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Använd LOG-knappen så att hela loggen kommer innanför LOG-markeringarna. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.[/log]

 

Link to comment
Share on other sites
musikcorner

musikcorner

Posted
  • Author
Posted

Här kommer loggen, dock blev det lite problem att få igång den (datan startade om, den varnade om att att den kunde paja datan osv osv)

[log]

ComboFix 08-02-17.2 - Administratör 2008-02-17 15:56:06.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.188 [GMT 1:00]

Running from: C:\Documents and Settings\Administratör\Lokala inställningar\Temporary Internet Files\Content.IE5\RCPFM4J6\ComboFix[1].exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\system32\gebyayx.dll

C:\WINDOWS\system32\mljjg.dll

C:\Documents and Settings\Administratör\Application Data\inst.exe

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\bqfouuxj.ini

C:\WINDOWS\system32\fvabgjse.dll

C:\WINDOWS\system32\gebyayx.dll

C:\WINDOWS\system32\gjjlm.ini

C:\WINDOWS\system32\gjjlm.ini2

C:\WINDOWS\system32\hxawnrff.dll

C:\WINDOWS\system32\jxuuofqb.dll

C:\WINDOWS\system32\mljjg.dll

C:\WINDOWS\system32\sysogg.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))

.

 

2008-02-17 01:58 . 2008-02-17 01:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-02-17 01:58 . 2008-02-17 01:58 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-02-17 01:58 . 2008-02-17 01:58 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-02-17 01:56 . 2008-02-17 01:56 294 ---hs---- C:\WINDOWS\system32\mtrjyfuk.ini

2008-02-16 18:17 . 2008-02-16 18:17 <KAT> d-------- C:\Program\Delade filer\Blizzard Entertainment

2008-02-15 17:48 . 2008-02-17 02:33 <KAT> d-------- C:\WINDOWS\system32\dt

2008-02-15 16:32 . 2008-02-17 02:03 11,420 --a------ C:\WINDOWS\system32\bpk.dat

2008-02-15 13:39 . 2008-02-15 13:39 15 --a------ C:\Documents and Settings\Administratör\wtf.bat

2008-02-15 13:39 . 2008-02-15 13:39 15 --a------ C:\Documents and Settings\Administratör\wtf.bat

2008-02-15 12:58 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll

2008-02-15 12:58 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-02-12 00:27 . 2008-02-12 00:27 <KAT> d-------- C:\WINDOWS\Sun

2008-02-09 20:50 . 2008-02-10 17:26 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-02-03 18:15 . 2008-02-03 18:15 <KAT> d-------- C:\Program\OpenAL

2008-02-03 18:15 . 2008-02-03 18:15 409,600 --------- C:\WINDOWS\system32\wrap_oal.dll

2008-02-03 18:15 . 2008-02-03 18:15 86,016 --------- C:\WINDOWS\system32\OpenAL32.dll

2008-01-24 19:17 . 2008-01-24 19:17 <KAT> d-------- C:\dell

2008-01-20 19:01 . 2008-01-20 19:01 <KAT> d-------- C:\Program\vso

2008-01-20 19:01 . 2008-02-02 23:55 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Vso

2008-01-20 19:01 . 2006-09-29 11:24 217,127 --------- C:\WINDOWS\system32\drv43260.dll

2008-01-20 19:01 . 2006-09-29 11:25 208,935 --------- C:\WINDOWS\system32\drv33260.dll

2008-01-20 19:01 . 2006-09-29 11:26 176,165 --------- C:\WINDOWS\system32\drv23260.dll

2008-01-20 19:01 . 2008-01-20 19:01 47,360 --------- C:\WINDOWS\system32\drivers\pcouffin.sys

2008-01-20 19:01 . 2008-01-20 19:01 47,360 --------- C:\Documents and Settings\Administratör\Application Data\pcouffin.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-17 11:53 --------- d-----w C:\Documents and Settings\Administratör\Application Data\uTorrent

2008-02-17 11:53 --------- d-----w C:\Documents and Settings\Administratör\Application Data\Audacity

2008-02-17 05:08 --------- d-----w C:\Program\EsetOnlineScanner

2008-02-17 03:11 --------- d-----w C:\Program\uTorrent

2008-02-17 03:02 --------- d-----w C:\Program\MSN Messenger

2008-02-17 02:31 --------- d-----w C:\Program\Bonjour

2008-02-14 14:23 --------- d-----w C:\Documents and Settings\Administratör\Application Data\LimeWire

2008-02-13 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-02-11 08:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll

2008-02-11 08:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll

2008-02-08 12:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll

2008-02-05 07:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe

2008-02-02 22:55 --------- d-----w C:\Documents and Settings\Administratör\Application Data\Vso

2008-01-25 18:37 23 ------w C:\Documents and Settings\Administratör\loop.bat

2008-01-25 18:37 23 ------w C:\Documents and Settings\Administratör\loop.bat

2008-01-24 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-24 17:35 12,632 ------w C:\WINDOWS\system32\lsdelete.exe

2008-01-24 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-20 18:42 --------- d--h--w C:\Program\InstallShield Installation Information

2008-01-20 18:01 --------- d-----w C:\Program\vso

2008-01-20 16:49 --------- d-----w C:\Program\Google

2008-01-11 20:50 --------- d-----w C:\Program\SystemRequirementsLab

2008-01-11 05:52 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-12-21 14:50 --------- d-----w C:\Documents and Settings\Administratör\Application Data\Nero

2007-12-21 14:48 --------- d-----w C:\Program\Delade filer\Nero

2007-12-21 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2007-12-20 17:47 --------- d-----w C:\Program\microsoft frontpage

2007-12-20 11:37 --------- d-----w C:\Program\Java

2007-12-19 22:57 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-19 16:00 --------- d-----w C:\Program\Trend Micro

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-08 05:14 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-12-06 11:07 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-12-06 11:07 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 18:42 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll

2007-11-17 12:09 155,995 ------w C:\WINDOWS\java\Packages\GUWJ7BP3.ZIP

2007-08-28 07:26 175 ------w C:\Documents and Settings\Administratör\hej.bat

2007-08-28 07:26 175 ------w C:\Documents and Settings\Administratör\hej.bat

2007-08-27 18:55 5 ------w C:\Documents and Settings\Administratör\c.bat

2007-08-27 18:55 5 ------w C:\Documents and Settings\Administratör\c.bat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-05-25 07:43 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-05-25 07:43 126976]

"F-Secure Manager"="D:\Program\F-Secure Internet Security\Common\FSM32.exe" [2005-06-02 23:37 122929]

"F-Secure TNB"="D:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]

"F-Secure Startup Wizard"="D:\Program\F-Secure Internet Security\FSGUI\FSSW.exe" [2005-08-23 14:38 372736]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2007-12-07 03:14 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSecurityTab"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSecurityTab"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\Program\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-07-01 21:00 176128 C:\Program\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Run Google Web Accelerator.lnk]

backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--------- 2007-10-23 14:18 202024 C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--------- 2006-10-26 23:47 31016 C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 08:21 1694208 C:\Program\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-09-20 08:51 1836328 D:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--------- 2007-03-01 14:57 153136 C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2007-10-23 22:18 443968 D:\Program\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--------- 2007-06-25 21:52 282624 C:\Program\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SphereXP]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2007-08-31 15:46 1460560 D:\Program\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program\Java\jre1.6.0_02\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]

--a------ 2007-06-13 16:57 1650720 D:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]

--a------ 2007-06-13 09:31 8631840 D:\Program\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_3DWonder]

 

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-08-29 15:12]

R2 F-Secure Filter;F-Secure File System Filter;D:\Program\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;D:\Program\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [2005-02-21 18:49]

R2 F-Secure Recognizer;F-Secure File System Recognizer;D:\Program\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]

S2 BackWeb Plug-in - 4476822;F-Secure 2006;D:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE [2007-06-25 12:14]

S3 atidgllk;atidgllk;E:\filer\dell\videobios\atidgllk.sys [2005-03-11 14:51]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-17 00:01:57 C:\WINDOWS\Tasks\Scheduled scanning task.job"

- D:\Program\F-SECU~1\ANTI-V~1\fsav.exeY /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=D:\Program\F-SECU~1\ANTI-V~1\report.txt

"2008-02-14 19:27:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- D:\Program\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2007-08-28 16:38:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- D:\Program\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-17 15:57:30

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\Program\Stardock\Object Desktop\WindowBlinds\tray.dll

.

Completion time: 2008-02-17 15:58:05

ComboFix-quarantined-files.txt 2008-02-17 14:57:56

ComboFix2.txt 2007-12-20 11:26:49

.

2008-02-13 21:19:19 --- E O F ---

[/log]

 

Link to comment
Share on other sites
musikcorner

musikcorner

Posted
  • Author
Posted

Jag kunde inte hitta filen, men här kommer en ny hijackthis logg, eftersom jag körde symtecs online scan och raderade 3 st filer

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:51:54, on 2008-02-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Bonjour\mDNSResponder.exe

D:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

D:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

D:\Program\F-Secure Internet Security\Common\FSMA32.EXE

D:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

D:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program\F-Secure Internet Security\Common\FSLAUNCHER0.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program\Google\Web Accelerator\GoogleWebAccToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Program\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: BOBBY MCFERRIN - DON'T WORRY BE HAPPY.MP3

O8 - Extra context menu item: &Blockera detta popup-fönster - D:\Program\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://194.132.44.103/activex/AMC.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~1\Office12\GR99D3~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - D:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: fsbwsys - F-Secure Corp. - D:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

O23 - Service: FSMA - F-Secure Corporation - D:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

 

--

End of file - 10258 bytes

[/log]

 

Link to comment
Share on other sites
musikcorner

musikcorner

Posted
  • Author
Posted

Men jag vet att datan fortfarande är infekterad :(

Jag får upp konstiga rutor och den är jätte seg ...

 

FInns det inget annat sätt att kolla om det finns virus i den??

Tips på bra online scaningar/virus program?

SNÄLLA!

 

Link to comment
Share on other sites
musikcorner

musikcorner

Posted
  • Author
Posted

Aldrig fått det förrut, dessutom är det "varningsrutor" som varnar att jag har fått virus och måste gå in på den sidan osv...

Fick det bla på denna site, och har aldrig fått det förrut ...

 

Link to comment
Share on other sites
musikcorner

musikcorner

Posted
  • Author
Posted

Okej, jag gör det när f-secure scaningen är klar än så länge har den hittat 4 spywares & ett virus på 30 000 filer ( ganska mycket med tanke på att jag har drygt 260 000 filer)

 

Link to comment
Share on other sites
musikcorner

musikcorner

Posted
  • Author
Posted

Här kommer f-secure och combofix loggen!

F-secure:

[log]

F-secure:

 

Result: 6 malware found

Tracking Cookie (spyware)

System (Disinfected)

System

System

System

VBS/CDEject.A (virus)

C:\DOCUMENTS AND SETTINGS\ADMINISTRAT&#65533;R\MINA DOKUMENT\MINA MOTTAGNA FILER\VARNING.HTML (Renamed & Submitted)

W32/Malware.AKHR (virus)

C:\PROGRAM\STARDOCK\OBJECT DESKTOP\WINDOWBLINDS\WB5.5E PATCH.EXE (Deleted & Submitted)

 

--------------------------------------------------------------------------------

 

Statistics

Scanned:

Files: 52546

System: 4559

Not scanned: 3

Actions:

Disinfected: 1

Renamed: 1

Deleted: 1

None: 3

Submitted: 2

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

[/log]

COmbofix:

[log]

ComboFix 08-02-17.2 - Administratör 2008-02-17 19:01:38.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.69 [GMT 1:00]

Running from: C:\Documents and Settings\Administratör\Lokala inställningar\Temporary Internet Files\Content.IE5\HNJS0MCL\ComboFix[1].exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))

.

 

2008-02-17 17:11 . 2008-02-17 17:11 <KAT> d-------- C:\WINDOWS\LastGood

2008-02-17 01:58 . 2008-02-17 01:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-02-17 01:58 . 2008-02-17 01:58 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-02-17 01:58 . 2008-02-17 01:58 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-02-17 01:56 . 2008-02-17 01:56 294 ---hs---- C:\WINDOWS\system32\mtrjyfuk.ini

2008-02-16 18:17 . 2008-02-16 18:17 <KAT> d-------- C:\Program\Delade filer\Blizzard Entertainment

2008-02-15 17:48 . 2008-02-17 02:33 <KAT> d-------- C:\WINDOWS\system32\dt

2008-02-15 16:32 . 2008-02-17 02:03 11,420 --a------ C:\WINDOWS\system32\bpk.dat

2008-02-15 13:39 . 2008-02-15 13:39 15 --a------ C:\Documents and Settings\Administratör\wtf.bat

2008-02-15 13:39 . 2008-02-15 13:39 15 --a------ C:\Documents and Settings\Administratör\wtf.bat

2008-02-15 12:58 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll

2008-02-15 12:58 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-02-12 00:27 . 2008-02-12 00:27 <KAT> d-------- C:\WINDOWS\Sun

2008-02-09 20:50 . 2008-02-10 17:26 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-02-03 18:15 . 2008-02-03 18:15 <KAT> d-------- C:\Program\OpenAL

2008-02-03 18:15 . 2008-02-03 18:15 409,600 --------- C:\WINDOWS\system32\wrap_oal.dll

2008-02-03 18:15 . 2008-02-03 18:15 86,016 --------- C:\WINDOWS\system32\OpenAL32.dll

2008-01-24 19:17 . 2008-01-24 19:17 <KAT> d-------- C:\dell

2008-01-20 19:01 . 2008-01-20 19:01 <KAT> d-------- C:\Program\vso

2008-01-20 19:01 . 2008-02-02 23:55 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Vso

2008-01-20 19:01 . 2006-09-29 11:24 217,127 --------- C:\WINDOWS\system32\drv43260.dll

2008-01-20 19:01 . 2006-09-29 11:25 208,935 --------- C:\WINDOWS\system32\drv33260.dll

2008-01-20 19:01 . 2006-09-29 11:26 176,165 --------- C:\WINDOWS\system32\drv23260.dll

2008-01-20 19:01 . 2008-01-20 19:01 47,360 --------- C:\WINDOWS\system32\drivers\pcouffin.sys

2008-01-20 19:01 . 2008-01-20 19:01 47,360 --------- C:\Documents and Settings\Administratör\Application Data\pcouffin.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-17 11:53 --------- d-----w C:\Documents and Settings\Administratör\Application Data\uTorrent

2008-02-17 11:53 --------- d-----w C:\Documents and Settings\Administratör\Application Data\Audacity

2008-02-17 05:08 --------- d-----w C:\Program\EsetOnlineScanner

2008-02-17 03:11 --------- d-----w C:\Program\uTorrent

2008-02-17 03:02 --------- d-----w C:\Program\MSN Messenger

2008-02-17 02:31 --------- d-----w C:\Program\Bonjour

2008-02-14 14:23 --------- d-----w C:\Documents and Settings\Administratör\Application Data\LimeWire

2008-02-13 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-02-11 08:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll

2008-02-11 08:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll

2008-02-08 12:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll

2008-02-05 07:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe

2008-02-02 22:55 --------- d-----w C:\Documents and Settings\Administratör\Application Data\Vso

2008-01-25 18:37 23 ------w C:\Documents and Settings\Administratör\loop.bat

2008-01-25 18:37 23 ------w C:\Documents and Settings\Administratör\loop.bat

2008-01-24 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-24 17:35 12,632 ------w C:\WINDOWS\system32\lsdelete.exe

2008-01-24 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-20 18:42 --------- d--h--w C:\Program\InstallShield Installation Information

2008-01-20 18:01 --------- d-----w C:\Program\vso

2008-01-20 16:49 --------- d-----w C:\Program\Google

2008-01-11 20:50 --------- d-----w C:\Program\SystemRequirementsLab

2008-01-11 05:52 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-12-21 14:50 --------- d-----w C:\Documents and Settings\Administratör\Application Data\Nero

2007-12-21 14:48 --------- d-----w C:\Program\Delade filer\Nero

2007-12-21 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2007-12-20 17:47 --------- d-----w C:\Program\microsoft frontpage

2007-12-20 11:37 --------- d-----w C:\Program\Java

2007-12-19 22:57 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-19 16:00 --------- d-----w C:\Program\Trend Micro

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-08 05:14 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-12-06 11:07 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-12-06 11:07 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 18:42 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll

2007-11-17 12:09 155,995 ------w C:\WINDOWS\java\Packages\GUWJ7BP3.ZIP

2007-08-28 07:26 175 ------w C:\Documents and Settings\Administratör\hej.bat

2007-08-28 07:26 175 ------w C:\Documents and Settings\Administratör\hej.bat

2007-08-27 18:55 5 ------w C:\Documents and Settings\Administratör\c.bat

2007-08-27 18:55 5 ------w C:\Documents and Settings\Administratör\c.bat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-05-25 07:43 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-05-25 07:43 126976]

"F-Secure Manager"="D:\Program\F-Secure Internet Security\Common\FSM32.exe" [2005-06-02 23:37 122929]

"F-Secure TNB"="D:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]

"F-Secure Startup Wizard"="D:\Program\F-Secure Internet Security\FSGUI\FSSW.exe" [2005-08-23 14:38 372736]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2007-12-07 03:14 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSecurityTab"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSecurityTab"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\Program\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-07-01 21:00 176128 C:\Program\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Run Google Web Accelerator.lnk]

backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--------- 2007-10-23 14:18 202024 C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--------- 2006-10-26 23:47 31016 C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 08:21 1694208 C:\Program\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-09-20 08:51 1836328 D:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--------- 2007-03-01 14:57 153136 C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2007-10-23 22:18 443968 D:\Program\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--------- 2007-06-25 21:52 282624 C:\Program\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SphereXP]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2007-08-31 15:46 1460560 D:\Program\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program\Java\jre1.6.0_02\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]

--a------ 2007-06-13 16:57 1650720 D:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]

--a------ 2007-06-13 09:31 8631840 D:\Program\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_3DWonder]

 

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-08-29 15:12]

R2 F-Secure Filter;F-Secure File System Filter;D:\Program\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;D:\Program\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [2005-02-21 18:49]

R2 F-Secure Recognizer;F-Secure File System Recognizer;D:\Program\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]

S2 BackWeb Plug-in - 4476822;F-Secure 2006;D:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE [2007-06-25 12:14]

S3 atidgllk;atidgllk;E:\filer\dell\videobios\atidgllk.sys [2005-03-11 14:51]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-17 00:01:57 C:\WINDOWS\Tasks\Scheduled scanning task.job"

- D:\Program\F-SECU~1\ANTI-V~1\fsav.exeY /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=D:\Program\F-SECU~1\ANTI-V~1\report.txt

"2008-02-14 19:27:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- D:\Program\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2007-08-28 16:38:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- D:\Program\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-17 19:05:06

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\Program\Stardock\Object Desktop\WindowBlinds\tray.dll

.

Completion time: 2008-02-17 19:06:24

ComboFix-quarantined-files.txt 2008-02-17 18:06:20

ComboFix2.txt 2008-02-17 14:58:06

ComboFix3.txt 2007-12-20 11:26:49

.

2008-02-13 21:19:19 --- E O F ---

[/log]

 

Link to comment
Share on other sites
musikcorner

musikcorner

Posted
  • Author
Posted

Jag har inte märkt det nu på sistånde...

kanske det har löst sig, ska köra lite online scaningar rensa registret å lite till, sen får jag hoppas att den är ren...

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing


×
×
  • Create New...