Just nu i M3-nätverket
Jump to content

Kaos i min laptop


Becka89

Recommended Posts

Hej! Jag är ny här och behöver vägledning om hur jag ska få bort alla virus, trojaner, spyware m.m...m.m. ar provat med mitt virusprogram & AD-AWARE, men det räckte förstås inte. datorn strular massor :(

Tack på förhand, Becka89

 

Link to comment
Share on other sites

Här kommer loggen[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:28:14, on 2008-09-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\AVG\AVG8\avgfws8.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\AVG\AVG8\avgam.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Logitech\QuickCam10\COCIManager.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Rebecka.Eloff\Skrivbord\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5BFA207D-A88D-450A-870A-28001752631A} - C:\WINDOWS\system32\iifgHyXQ.dll (file missing)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: {0eff5b98-6aef-ec5a-a894-9e2edf3fd799} - {997df3fd-e2e9-498a-a5ce-fea689b5ffe0} - C:\WINDOWS\system32\gbonbt.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O2 - BHO: (no name) - {A39F3CC6-5D6E-4A86-9295-6BD60D5C3471} - C:\WINDOWS\system32\opnnmMFy.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [LogitechSetup] D:\Setup\Setup.exe /restart /l:sve

O4 - HKLM\..\Run:

  1. C:\Documents and Settings\All Users\Application Data\manager exit list active\data ante.exe

O4 - HKLM\..\Run: [74221ff6] rundll32.exe "C:\WINDOWS\system32\uauotwik.dll",b

O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Poke Loud.exe

O4 - HKLM\..\Run: [bM77112c6a] Rundll32.exe "C:\WINDOWS\system32\jvdyhthv.dll",s

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [blazeServoTool] "C:\Program\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Dentpile] C:\DOCUME~1\REBECK~1.ELO\APPLIC~1\AXISIN~1\obj bait.exe

O4 - HKCU\..\Run: [34734397015435545994979202017883] C:\Program\Antivirus 2009\av2009.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?5c538857529e490b83640cd2578ca5b6

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?5c538857529e490b83640cd2578ca5b6

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skolan.local

O17 - HKLM\Software\..\Telephony: DomainName = skolan.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skolan.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skolan.local

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: gbonbt.dll,avgrsstx.dll

O20 - Winlogon Notify: opnnmMFy - opnnmMFy.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgfws8.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe

 

--

End of file - 10232 bytes

[/log]

 

Link to comment
Share on other sites

 

[log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar.

 

Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.[/log]

 

Link to comment
Share on other sites

Detta funkar inte, tyvärr. Min dator är helt "keff". Combofix kör bara till "steg 8" i fönstret sen hänger det sig. får starta om datorn eftersom alla ikoner försvinner på skrivbordet, om jag ens lyckas stänga Combofix.

Har försökt flera gånger med samma resultat att prorammet hänger sig. Har fått "tvångsstänga" datorn genom att hålla nere av/på-knappen tills den slocknar och sedan starta om den. Hittade efter en stunds letande min recoverskiva. Tänkte köra den, men det visade sig att det verkar som om spelaren har packat ihop. Den finns ej med i mappen:Den här daorn ens. Testade att köra olika skivor, men inget hände :(

Det här suger verkligen...

 

 

[inlägget ändrat 2008-09-14 22:20:19 av Becka89]

Link to comment
Share on other sites

  • 2 weeks later...

Ladda ner Malwarebytes Anti-Malware från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup.exe för att installera programmet.

 

[log]Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites

Äntligen!:thumbsup: Dels för ditt svar & så lyckades Combofix ordna loggen,. Ska ändå köra det du rekommenderar:) Här kommer loggen

[log]ComboFix 08-09-05.03 - Rebecka.Eloff 2008-09-28 18:48:13.4 - NTFSx86

Running from: C:\Documents and Settings\Rebecka.Eloff\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\mcrh.tmp

.

---- Previous Run -------

.

C:\Program\Antivirus 2009\av2009.exe

C:\WINDOWS\cookies.ini

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\photos.zip

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\mcrh.tmp

 

.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))

.

 

2008-09-28 17:49 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-28 17:49 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-14 23:03 . 2008-09-14 23:03 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\Uniblue

2008-09-14 23:02 . 2008-09-14 23:02 <KAT> d-------- C:\Program\Uniblue

2008-09-14 23:00 . 2008-09-14 23:02 <KAT> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}

2008-09-14 22:30 . 2008-09-14 22:30 <KAT> d-------- C:\fsaua.data

2008-09-14 15:38 . 2008-09-14 15:38 <KAT> d-------- C:\Program\Delade filer\Application

2008-09-14 15:37 . 2008-09-14 15:40 <KAT> d-------- C:\Program\SPYWAREfighter

2008-09-07 17:11 . 2008-09-28 18:01 <KAT> d--h----- C:\$AVG8.VAULT$

2008-09-07 17:09 . 2008-09-28 17:33 <KAT> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-07 17:09 . 2008-09-07 17:50 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\AVGTOOLBAR

2008-09-07 17:09 . 2008-09-07 17:09 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-07 17:09 . 2008-09-07 17:09 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-07 17:09 . 2008-09-07 17:09 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll

2008-09-07 17:09 . 2008-09-07 17:09 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys

2008-09-07 17:09 . 2008-09-07 17:09 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-09-07 17:09 . 2008-09-07 17:09 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-07 17:08 . 2008-09-07 17:08 <KAT> d-------- C:\Program\AVG

2008-09-07 17:08 . 2008-09-07 17:08 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-09-07 13:28 . 2008-09-07 13:28 119,808 --a------ C:\WINDOWS\system32\pbunxgan.dll

2008-09-07 13:28 . 2008-09-07 13:28 119,808 --a------ C:\WINDOWS\system32\gbonbt.dll

2008-09-07 13:27 . 2008-09-07 13:27 119,808 --a------ C:\WINDOWS\system32\gvewjhky.dll

2008-09-07 13:24 . 2008-09-07 13:24 82,944 --a------ C:\WINDOWS\system32\uauotwik.dll

2008-09-07 13:24 . 2008-09-28 18:41 1,437 ---hs---- C:\WINDOWS\system32\kiwtouau.ini

2008-09-07 13:22 . 2008-09-07 13:22 89,600 --a------ C:\WINDOWS\system32\ydxvexxb.dll

2008-09-05 22:14 . 2008-09-05 22:14 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2008-09-05 11:01 . 2008-09-07 13:22 233 ---hs---- C:\WINDOWS\system32\mingdbca.ini

2008-09-05 10:59 . 2008-09-05 10:59 0 --a------ C:\WINDOWS\system32\yrsmsprk.tmp

2008-09-03 20:47 . 2008-09-05 10:59 2,876,935 ---hs---- C:\WINDOWS\system32\yrsmsprk.ini

2008-09-02 15:12 . 2008-09-02 15:12 <KAT> d--h----- C:\WINDOWS\PIF

2008-09-02 12:25 . 2008-09-03 20:46 2,984,531 ---hs---- C:\WINDOWS\system32\jpanlvop.ini

2008-08-30 20:46 . 2008-09-02 12:23 3,080,922 ---hs---- C:\WINDOWS\system32\ceuaaiae.ini

2008-08-29 20:42 . 2008-08-30 20:43 3,265,994 ---hs---- C:\WINDOWS\system32\vcoamvma.ini

2008-08-28 13:07 . 2008-08-29 20:40 2,578,321 ---hs---- C:\WINDOWS\system32\qqqdqagn.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-28 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\file joy proc deaf

2008-09-14 22:21 --------- d-----w C:\Documents and Settings\Rebecka.Eloff\Application Data\AxisInternet

2008-09-14 15:42 --------- d-----w C:\Program\Delade filer\Teleca Shared

2008-09-14 15:37 --------- d-----w C:\Program\Delade filer\Symantec Shared

2008-09-14 13:27 --------- d-----w C:\Documents and Settings\Administratör\Application Data\AxisInternet

2008-09-05 20:15 --------- d-----w C:\Program\Lavasoft

2008-09-05 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-05-15 12:38 14,336 ----a-w C:\Program\Faktura 2007042.xls

2007-05-10 13:47 18,944 ----a-w C:\Program\BosseAbrahamssonFaktura.xls

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{997df3fd-e2e9-498a-a5ce-fea689b5ffe0}]

2008-09-07 13:28 119808 --a------ C:\WINDOWS\system32\gbonbt.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCommunicationsManager"="C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]

"LogitechQuickCamRibbon"="C:\Program\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]

"LVCOMSX"="C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]

"74221ff6"="C:\WINDOWS\system32\uauotwik.dll" [2008-09-07 82944]

"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-09-07 1235736]

"spywarefighterguard"="C:\Program\SPYWAREfighter\spftray.exe" [2008-02-21 115344]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=gbonbt.dll,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iifgHyXQ

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program\\AVG\\AVG8\\avgnsx.exe"=

 

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-07 12936]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-07 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\Program\AVG\AVG8\avgemc.exe [2008-09-07 875288]

R2 avg8wd;AVG8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-09-07 231704]

R2 avgfws8;AVG8 Firewall;C:\Program\AVG\AVG8\avgfws8.exe [2008-09-07 1220888]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-07 76040]

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-09-07 23296]

R3 SpyFighter;SpyFighter Guard Device;C:\Program\SPYWAREfighter\spyfighter.sys [2008-02-21 8336]

R3 SPYWAREfighterRP;SPYWAREfighterRP;C:\Program\SPYWAREfighter\spfprc.exe [2008-02-21 406160]

S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-09-07 23296]

S3 DCamUSBET151;USB CIF Camera Capture;C:\WINDOWS\system32\Drivers\et151.sys [ ]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{149c0140-fdd2-11dc-99fc-0012f06abefb}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c993362-7cee-11dd-9a43-000ae4aa6da7}]

\Shell\AutoRun\command - D:\AutoTransfer.exe

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{5BFA207D-A88D-450A-870A-28001752631A} - C:\WINDOWS\system32\iifgHyXQ.dll

HKCU-Run-BlazeServoTool - C:\Program\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe

HKCU-Run-Dentpile - C:\DOCUME~1\REBECK~1.ELO\APPLIC~1\AXISIN~1\obj bait.exe

HKCU-Run-34734397015435545994979202017883 - C:\Program\Antivirus 2009\av2009.exe

HKLM-Run-LogitechSetup - D:\Setup\Setup.exe

HKLM-Run-List active junk film - C:\Documents and Settings\All Users\Application Data\manager exit list active\data ante.exe

HKLM-Run-BM77112c6a - C:\WINDOWS\system32\jvdyhthv.dll

Notify-opnnmMFy - opnnmMFy.dll

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Rebecka.Eloff\Application Data\Mozilla\Firefox\Profiles\f3wwul2d.defaultFF -: plugin - C:\Program\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava11.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava12.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava13.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava14.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava32.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJPI150_02.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPOJI610.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-28 18:52:52

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

C:\WINDOWS\TEMP\eea8290b-e7be-44a0-9141-169bae7e2557.tmp 0 bytes

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

Completion time: 2008-09-28 18:57:17

ComboFix-quarantined-files.txt 2008-09-28 16:57:02

 

Pre-Run: 42,863,554,560 byte ledigt

Post-Run: 44,581,920,768 byte ledigt

 

169 --- E O F --- 2008-09-28 16:22:36

[/log]

 

Link to comment
Share on other sites

Det finns fortfarande skadliga filer i datorn enligt loggen, så Malwarebytes Anti-Malware (MBAM) blir bra och sedan tar du bort den ComboFix du har och laddar ner senaste versionen. Klistra in loggen från MBAM och nya ComboFix.

 

Link to comment
Share on other sites

Här kommer Malwarebytes-loggen:

[log]Malwarebytes' Anti-Malware 1.28

Databasversion: 1220

Windows 5.1.2600 Service Pack 2

 

2008-09-28 19:51:58

mbam-log-2008-09-28 (19-51-58).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 52327

Förfluten tid: 7 minute(s), 23 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 1

Infekterade registernycklar: 10

Infekterade registervärden: 3

Infekterade registerdataposter: 0

Infekterade mappar: 2

Infekterade filer: 10

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

C:\WINDOWS\system32\gbonbt.dll (Trojan.Vundo.H) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{997df3fd-e2e9-498a-a5ce-fea689b5ffe0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{997df3fd-e2e9-498a-a5ce-fea689b5ffe0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\74221ff6 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\WINDOWS\system32\gbonbt.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\uauotwik.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kiwtouau.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bcblgnfw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gvewjhky.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pbunxgan.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\BM77112c6a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM77112c6a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Rebecka.Eloff\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

[/log]

 

Link to comment
Share on other sites

Å här kommer nya Comofixloggen

[log]ComboFix 08-09-27.05 - Rebecka.Eloff 2008-09-28 20:09:01.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.210 [GMT 2:00]

Running from: C:\Documents and Settings\Rebecka.Eloff\Skrivbord\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administratör\Cookies\administratör@ads.stardoll[2].txt

C:\Documents and Settings\Administratör\new.txt

C:\Documents and Settings\Rebecka.Eloff\Lokala inställningar\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\Rebecka.Eloff\new.txt

C:\WINDOWS\system32\ceuaaiae.ini

C:\WINDOWS\system32\clltjxhh.ini

C:\WINDOWS\system32\cuenjqur.ini

C:\WINDOWS\system32\diftjrct.ini

C:\WINDOWS\system32\dwcwrisg.ini

C:\WINDOWS\system32\elosnqli.ini

C:\WINDOWS\system32\ftorbndc.ini

C:\WINDOWS\system32\ggbppanw.ini

C:\WINDOWS\system32\gnpwuptr.ini

C:\WINDOWS\system32\hujqdhcr.ini

C:\WINDOWS\system32\jpanlvop.ini

C:\WINDOWS\system32\jrbdhejp.ini

C:\WINDOWS\system32\ljydmqtc.ini

C:\WINDOWS\system32\lyskiuof.ini

C:\WINDOWS\system32\menrbefn.ini

C:\WINDOWS\system32\nfdqabcx.ini

C:\WINDOWS\system32\nxckafpj.ini

C:\WINDOWS\system32\ojueebia.ini

C:\WINDOWS\system32\pxywfvay.ini

C:\WINDOWS\system32\qqqdqagn.ini

C:\WINDOWS\system32\QXyHgfii.ini

C:\WINDOWS\system32\reqdsptd.ini

C:\WINDOWS\system32\rntsgpwr.ini

C:\WINDOWS\system32\rvcfguvq.ini

C:\WINDOWS\system32\rwrcibpn.ini

C:\WINDOWS\system32\shxlnvaa.ini

C:\WINDOWS\system32\sjjttffa.ini

C:\WINDOWS\system32\ujoonthu.ini

C:\WINDOWS\system32\vcoamvma.ini

C:\WINDOWS\system32\vixqpoyr.ini

C:\WINDOWS\system32\wmtseduv.ini

C:\WINDOWS\system32\vmvmyyxs.ini

C:\WINDOWS\system32\wpbxwfls.ini

C:\WINDOWS\system32\wwambhsn.ini

C:\WINDOWS\system32\xuwgbutb.ini

C:\WINDOWS\system32\ybigclqo.ini

C:\WINDOWS\system32\ylxivjce.ini

C:\WINDOWS\system32\yprqlipo.ini

C:\WINDOWS\system32\yrsmsprk.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))

.

 

2008-09-28 19:39 . 2008-09-28 19:39 <KAT> d-------- C:\Program\Malwarebytes' Anti-Malware

2008-09-28 19:39 . 2008-09-28 19:39 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\Malwarebytes

2008-09-28 19:39 . 2008-09-28 19:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-28 19:39 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-28 19:39 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-28 17:49 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-28 17:49 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-14 23:03 . 2008-09-14 23:03 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\Uniblue

2008-09-14 22:30 . 2008-09-14 22:30 <KAT> d-------- C:\fsaua.data

2008-09-14 15:38 . 2008-09-14 15:38 <KAT> d-------- C:\Program\Delade filer\Application

2008-09-14 15:37 . 2008-09-14 15:40 <KAT> d-------- C:\Program\SPYWAREfighter

2008-09-07 17:11 . 2008-09-28 18:01 <KAT> d--h----- C:\$AVG8.VAULT$

2008-09-07 17:09 . 2008-09-28 17:33 <KAT> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-07 17:09 . 2008-09-07 17:50 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\AVGTOOLBAR

2008-09-07 17:09 . 2008-09-07 17:09 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-07 17:09 . 2008-09-07 17:09 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-07 17:09 . 2008-09-07 17:09 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll

2008-09-07 17:09 . 2008-09-07 17:09 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys

2008-09-07 17:09 . 2008-09-07 17:09 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-09-07 17:09 . 2008-09-07 17:09 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-07 17:08 . 2008-09-07 17:08 <KAT> d-------- C:\Program\AVG

2008-09-07 17:08 . 2008-09-07 17:08 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-09-07 13:22 . 2008-09-07 13:22 89,600 --a------ C:\WINDOWS\system32\ydxvexxb.dll

2008-09-05 22:14 . 2008-09-05 22:14 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2008-09-05 11:01 . 2008-09-07 13:22 233 ---hs---- C:\WINDOWS\system32\mingdbca.ini

2008-09-05 10:59 . 2008-09-05 10:59 0 --a------ C:\WINDOWS\system32\yrsmsprk.tmp

2008-09-02 15:12 . 2008-09-02 15:12 <KAT> d--h----- C:\WINDOWS\PIF

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-28 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\file joy proc deaf

2008-09-14 22:21 --------- d-----w C:\Documents and Settings\Rebecka.Eloff\Application Data\AxisInternet

2008-09-14 15:42 --------- d-----w C:\Program\Delade filer\Teleca Shared

2008-09-14 15:37 --------- d-----w C:\Program\Delade filer\Symantec Shared

2008-09-05 20:15 --------- d-----w C:\Program\Lavasoft

2008-09-05 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-05-15 12:38 14,336 ----a-w C:\Program\Faktura 2007042.xls

2007-05-10 13:47 18,944 ----a-w C:\Program\BosseAbrahamssonFaktura.xls

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-28_18.56.03.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCommunicationsManager"="C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]

"LogitechQuickCamRibbon"="C:\Program\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]

"LVCOMSX"="C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]

"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-09-07 1235736]

"spywarefighterguard"="C:\Program\SPYWAREfighter\spftray.exe" [2008-02-21 115344]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=gbonbt.dll,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program\\AVG\\AVG8\\avgnsx.exe"=

 

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-07 12936]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-07 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\Program\AVG\AVG8\avgemc.exe [2008-09-07 875288]

R2 avg8wd;AVG8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-09-07 231704]

R2 avgfws8;AVG8 Firewall;C:\Program\AVG\AVG8\avgfws8.exe [2008-09-07 1220888]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-07 76040]

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-09-07 23296]

R3 SpyFighter;SpyFighter Guard Device;C:\Program\SPYWAREfighter\spyfighter.sys [2008-02-21 8336]

R3 SPYWAREfighterRP;SPYWAREfighterRP;C:\Program\SPYWAREfighter\spfprc.exe [2008-02-21 406160]

S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-09-07 23296]

S3 DCamUSBET151;USB CIF Camera Capture;C:\WINDOWS\system32\Drivers\et151.sys [ ]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{149c0140-fdd2-11dc-99fc-0012f06abefb}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c993362-7cee-11dd-9a43-000ae4aa6da7}]

\Shell\AutoRun\command - D:\AutoTransfer.exe

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Rebecka.Eloff\Application Data\Mozilla\Firefox\Profiles\f3wwul2d.defaultFF -: plugin - C:\Program\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava11.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava12.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava13.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava14.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava32.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJPI150_02.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPOJI610.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-28 20:16:40

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

C:\WINDOWS\TEMP\a8f5ffbf-d2d5-48e7-9790-ba65da4cf5b1.tmp 0 bytes

C:\WINDOWS\TEMP\b5220b33-bf01-4b7d-93b2-e29e37f450ef.tmp

 

scan completed successfully

hidden files: 2

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\Program\Delade filer\Logitech\LVMVFM\LVPrcSrv.exe

C:\Program\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program\AVG\AVG8\avgam.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\ati2evxx.exe

.

**************************************************************************

.

Completion time: 2008-09-28 20:22:02 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-28 18:21:45

 

Pre-Run: 44,554,428,416 byte ledigt

Post-Run: 44,429,824,000 byte ledigt

 

198 --- E O F --- 2008-09-28 16:22:36

[/log]

 

Link to comment
Share on other sites

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\ydxvexxb.dll

C:\WINDOWS\system32\mingdbca.ini

 

Ta bort mappen

C:\Documents and Settings\All Users\Application Data\file joy proc deaf

och filerna

C:\WINDOWS\TEMP\a8f5ffbf-d2d5-48e7-9790-ba65da4cf5b1.tmp

C:\WINDOWS\TEMP\b5220b33-bf01-4b7d-93b2-e29e37f450ef.tmp

 

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java/J2SE/JRE utom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

 

Link to comment
Share on other sites

Resultaten kommer här:

[log]Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 - - -

AntiVir - - -

Authentium - - -

Avast - - -

AVG - - -

BitDefender - - -

CAT-QuickHeal - - -

ClamAV - - -

DrWeb - - -

eSafe - - Suspicious File

eTrust-Vet - - -

Ewido - - -

F-Prot - - -

F-Secure - - -

Fortinet - - -

GData - - -

Ikarus - - Trojan.Win32.Vundo.C

K7AntiVirus - - -

Kaspersky - - -

McAfee - - -

Microsoft - - Trojan:Win32/Vundo.gen!R

NOD32v2 - - -

Norman - - -

Panda - - -

PCTools - - -

Prevx1 - - Fraudulent Security Program

Rising - - Hack.Win32.Caps.a

Sophos - - -

Sunbelt - - -

Symantec - - -

TheHacker - - -

TrendMicro - - -

VBA32 - - -

ViRobot - - -

VirusBuster - - -

Webwasher-Gateway - - Virus.Win32.FileInfector.gen!86 (suspicious)[/log]

Nästalogg:

[log]Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.10.1.0 2008.09.30 -

AntiVir 7.8.1.34 2008.09.30 -

Authentium 5.1.0.4 2008.09.30 -

Avast 4.8.1195.0 2008.09.30 -

AVG 8.0.0.161 2008.09.30 -

BitDefender 7.2 2008.09.30 -

CAT-QuickHeal 9.50 2008.09.30 -

ClamAV 0.93.1 2008.09.30 -

DrWeb 4.44.0.09170 2008.09.30 -

eSafe 7.0.17.0 2008.09.30 -

eTrust-Vet 31.6.6118 2008.09.30 -

Ewido 4.0 2008.09.30 -

F-Prot 4.4.4.56 2008.09.30 -

F-Secure 8.0.14332.0 2008.09.30 -

Fortinet 3.113.0.0 2008.09.30 -

GData 19 2008.09.30 -

Ikarus T3.1.1.34.0 2008.09.30 -

K7AntiVirus 7.10.478 2008.09.30 -

Kaspersky 7.0.0.125 2008.09.30 -

McAfee 5394 2008.09.30 -

Microsoft 1.4005 2008.09.30 -

NOD32 3483 2008.09.30 -

Norman 5.80.02 2008.09.30 -

Panda 9.0.0.4 2008.09.29 -

PCTools 4.4.2.0 2008.09.30 -

Prevx1 V2 2008.09.30 -

Rising 20.63.62.00 2008.09.28 -

SecureWeb-Gateway 6.7.6 2008.09.30 -

Sophos 4.34.0 2008.09.30 -

Sunbelt 3.1.1675.1 2008.09.27 -

Symantec 10 2008.09.30 -

TheHacker 6.3.0.9.097 2008.09.29 -

TrendMicro 8.700.0.1004 2008.09.30 -

VBA32 3.12.8.6 2008.09.29 -

ViRobot 2008.9.30.1397 2008.09.30 -

VirusBuster 4.5.11.0 2008.09.30 -[/log]

 

Hittade inte de 2 filerna i C;\WINDOWS\temp.

Där finns bara: Perflib_Perfdata_eac (DAT.fil)

WGAErrLog (Textdokument) &

WGANotfy.settings (SETTINGS-fil)

C:\Documents and Settings\All Users\Application Data\file joy proc deaf har jag tagit bort.

 

Installerade nya Java. Det enda som finns kvar nu av det i Lägg till/ta bort program är Java(TM( 6 Update 7

 

[inlägget ändrat 2008-09-30 19:02:39 av Becka89]

Link to comment
Share on other sites

Kopiera alla rader i rutan (använd markera kod)

File::
C:\WINDOWS\system32\ydxvexxb.dll
C:\WINDOWS\system32\mingdbca.ini
C:\WINDOWS\system32\yrsmsprk.tmp
C:\WINDOWS\TEMP\a8f5ffbf-d2d5-48e7-9790-ba65da4cf5b1.tmp
C:\WINDOWS\TEMP\b5220b33-bf01-4b7d-93b2-e29e37f450ef.tmp

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut och en ny HijackThis-logg.

 

Link to comment
Share on other sites

Combofixloggen:

[log]ComboFix 08-09-27.05 - Rebecka.Eloff 2008-09-30 19:19:01.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.206 [GMT 2:00]

Running from: C:\Documents and Settings\Rebecka.Eloff\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Rebecka.Eloff\Skrivbord\CFScript.txt

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\mingdbca.ini

C:\WINDOWS\system32\ydxvexxb.dll

C:\WINDOWS\system32\yrsmsprk.tmp

C:\WINDOWS\TEMP\a8f5ffbf-d2d5-48e7-9790-ba65da4cf5b1.tmp

C:\WINDOWS\TEMP\b5220b33-bf01-4b7d-93b2-e29e37f450ef.tmp

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\mingdbca.ini

C:\WINDOWS\system32\ydxvexxb.dll

C:\WINDOWS\system32\yrsmsprk.tmp

 

.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))

.

 

2008-09-30 18:48 . 2008-09-30 18:48 <KAT> d-------- C:\Program\Sun

2008-09-30 18:47 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-30 18:18 . 2008-09-30 18:43 <KAT> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-09-30 18:12 . 2008-09-30 18:12 <KAT> d-------- C:\WINDOWS\LastGood

2008-09-28 20:22 . 2008-09-28 20:22 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-09-28 20:22 . 2008-09-28 20:22 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Lokala instõllningar

2008-09-28 20:22 . 2008-09-28 20:22 <KAT> d-------- C:\Documents and Settings\pelle\Lokala instõllningar

2008-09-28 20:22 . 2008-09-28 20:22 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-09-28 20:22 . 2008-09-28 20:22 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-09-28 20:22 . 2008-09-28 20:22 <KAT> d-------- C:\Documents and Settings\FSC161220052907.bc\Lokala instõllningar

2008-09-28 20:22 . 2008-09-28 20:22 <KAT> d-------- C:\Documents and Settings\administrator\Lokala instõllningar

2008-09-28 20:22 . 2008-09-28 20:22 <KAT> d-------- C:\Documents and Settings\Administrat÷r

2008-09-28 19:39 . 2008-09-28 19:39 <KAT> d-------- C:\Program\Malwarebytes' Anti-Malware

2008-09-28 19:39 . 2008-09-28 19:39 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\Malwarebytes

2008-09-28 19:39 . 2008-09-28 19:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-28 19:39 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-28 19:39 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-28 17:49 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-28 17:49 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-14 23:03 . 2008-09-14 23:03 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\Uniblue

2008-09-14 22:30 . 2008-09-14 22:30 <KAT> d-------- C:\fsaua.data

2008-09-14 15:38 . 2008-09-14 15:38 <KAT> d-------- C:\Program\Delade filer\Application

2008-09-14 15:37 . 2008-09-14 15:40 <KAT> d-------- C:\Program\SPYWAREfighter

2008-09-07 17:11 . 2008-09-28 18:01 <KAT> d--h----- C:\$AVG8.VAULT$

2008-09-07 17:09 . 2008-09-30 18:16 <KAT> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-07 17:09 . 2008-09-07 17:50 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\AVGTOOLBAR

2008-09-07 17:09 . 2008-09-07 17:09 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-07 17:09 . 2008-09-07 17:09 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-07 17:09 . 2008-09-07 17:09 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll

2008-09-07 17:09 . 2008-09-07 17:09 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys

2008-09-07 17:09 . 2008-09-07 17:09 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-09-07 17:09 . 2008-09-07 17:09 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-07 17:08 . 2008-09-07 17:08 <KAT> d-------- C:\Program\AVG

2008-09-07 17:08 . 2008-09-07 17:08 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-09-05 22:14 . 2008-09-05 22:14 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2008-09-02 15:12 . 2008-09-02 15:12 <KAT> d--h----- C:\WINDOWS\PIF

2008-08-13 18:23 . 2008-08-13 18:23 0 --a------ C:\WINDOWS\nsreg.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-30 16:51 --------- d-----w C:\Program\Java

2008-09-14 22:21 --------- d-----w C:\Documents and Settings\Rebecka.Eloff\Application Data\AxisInternet

2008-09-14 15:42 --------- d-----w C:\Program\Delade filer\Teleca Shared

2008-09-14 15:37 --------- d-----w C:\Program\Delade filer\Symantec Shared

2008-09-14 13:27 --------- d-----w C:\Documents and Settings\Administratör\Application Data\AxisInternet

2008-09-07 15:10 233,585 --sha-w C:\WINDOWS\system32\QXyHgfii.ini2

2008-09-05 20:15 --------- d-----w C:\Program\Lavasoft

2008-09-05 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll

2008-06-24 16:25 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:25 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 08:42 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 09:24 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:24 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2007-05-15 12:38 14,336 ----a-w C:\Program\Faktura 2007042.xls

2007-05-10 13:47 18,944 ----a-w C:\Program\BosseAbrahamssonFaktura.xls

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-28_18.56.03.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2007-07-30 17:19:10 271,224 ----a-w C:\WINDOWS\LastGood\system32\mucltui.dll

+ 2007-07-30 17:19:04 207,736 ----a-w C:\WINDOWS\LastGood\system32\muweb.dll

- 2005-03-04 00:06:58 49,248 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2005-03-04 00:07:06 49,250 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2005-03-04 01:36:48 127,078 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-09-30 16:15:08 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_eac.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCommunicationsManager"="C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]

"LogitechQuickCamRibbon"="C:\Program\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]

"LVCOMSX"="C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]

"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-09-07 1235736]

"spywarefighterguard"="C:\Program\SPYWAREfighter\spftray.exe" [2008-02-21 115344]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=gbonbt.dll,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program\\AVG\\AVG8\\avgnsx.exe"=

 

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-07 12936]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-07 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\Program\AVG\AVG8\avgemc.exe [2008-09-07 875288]

R2 avg8wd;AVG8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-09-07 231704]

R2 avgfws8;AVG8 Firewall;C:\Program\AVG\AVG8\avgfws8.exe [2008-09-07 1220888]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-07 76040]

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-09-07 23296]

R3 SpyFighter;SpyFighter Guard Device;C:\Program\SPYWAREfighter\spyfighter.sys [2008-02-21 8336]

R3 SPYWAREfighterRP;SPYWAREfighterRP;C:\Program\SPYWAREfighter\spfprc.exe [2008-02-21 406160]

S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-09-07 23296]

S3 DCamUSBET151;USB CIF Camera Capture;C:\WINDOWS\system32\Drivers\et151.sys [ ]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{149c0140-fdd2-11dc-99fc-0012f06abefb}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c993362-7cee-11dd-9a43-000ae4aa6da7}]

\Shell\AutoRun\command - D:\AutoTransfer.exe

.

Contents of the 'Scheduled Tasks' folder

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-30 19:21:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-09-30 19:23:33

ComboFix-quarantined-files.txt 2008-09-30 17:23:16

ComboFix2.txt 2008-09-28 18:22:05

 

Pre-Run: 43,790,331,904 byte ledigt

Post-Run: 43,775,160,320 byte ledigt

 

188 --- E O F --- 2008-09-28 16:22:36

[/log]

Hijackthisloggen:

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:24, on 2008-09-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\AVG\AVG8\avgfws8.exe

C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\AVG\AVG8\avgam.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe

C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe

C:\Program\SPYWAREfighter\spftray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\SPYWAREfighter\spfprc.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Rebecka.Eloff\Skrivbord\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.6.0_07\bin\jusched.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?5c538857529e490b83640cd2578ca5b6

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?5c538857529e490b83640cd2578ca5b6

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skolan.local

O17 - HKLM\Software\..\Telephony: DomainName = skolan.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skolan.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skolan.local

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: gbonbt.dll,avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgfws8.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program\SPYWAREfighter\spfprc.exe

 

--

End of file - 7844 bytes

[/log]

 

Link to comment
Share on other sites

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filen:

C:\WINDOWS\system32\QXyHgfii.ini2

 

Är allt bra med datorn nu?

 

Link to comment
Share on other sites

Så där ja. Nu är den också borttagen:)

Ska testa datorn nu så får vi se.

Men jag har märkt att den funkar bättre & bättre vartefter din hjälp:thumbsup:

Tackar ödmjukast & slänger in en massa poäng till dig:)

 

Link to comment
Share on other sites

Det är en ofarlig rest kvar i registret som jag efter lite forskande har hittat hur man kan åtgärda om du vill.

Kopiera alla rader i rutan (använd markera kod)

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen.

Klistra in loggen som kommer ut.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...