Kaos i min laptop

September 7, 2008

Hej! Jag är ny här och behöver vägledning om hur jag ska få bort alla virus, trojaner, spyware m.m...m.m. ar provat med mitt virusprogram & AD-AWARE, men det räckte förstås inte. datorn strular massor

Tack på förhand, Becka89

September 7, 2008

[log]Ladda ner HijackThis.exe och scanna datorn med det.

Skicka hit loggen sen så tar vi en titt hur den ser ut.

http://download.bleepingcomputer.com/hijackthis/HiJackThis.exe

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen[/log]

September 7, 2008

Här kommer loggen[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:28:14, on 2008-09-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\AVG\AVG8\avgfws8.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\AVG\AVG8\avgam.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Logitech\QuickCam10\COCIManager.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Rebecka.Eloff\Skrivbord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5BFA207D-A88D-450A-870A-28001752631A} - C:\WINDOWS\system32\iifgHyXQ.dll (file missing)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: {0eff5b98-6aef-ec5a-a894-9e2edf3fd799} - {997df3fd-e2e9-498a-a5ce-fea689b5ffe0} - C:\WINDOWS\system32\gbonbt.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O2 - BHO: (no name) - {A39F3CC6-5D6E-4A86-9295-6BD60D5C3471} - C:\WINDOWS\system32\opnnmMFy.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [LogitechSetup] D:\Setup\Setup.exe /restart /l:sve

O4 - HKLM\..\Run:

C:\Documents and Settings\All Users\Application Data\manager exit list active\data ante.exe

O4 - HKLM\..\Run: [74221ff6] rundll32.exe "C:\WINDOWS\system32\uauotwik.dll",b

O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Poke Loud.exe

O4 - HKLM\..\Run: [bM77112c6a] Rundll32.exe "C:\WINDOWS\system32\jvdyhthv.dll",s

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [blazeServoTool] "C:\Program\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Dentpile] C:\DOCUME~1\REBECK~1.ELO\APPLIC~1\AXISIN~1\obj bait.exe

O4 - HKCU\..\Run: [34734397015435545994979202017883] C:\Program\Antivirus 2009\av2009.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?5c538857529e490b83640cd2578ca5b6

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?5c538857529e490b83640cd2578ca5b6

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skolan.local

O17 - HKLM\Software\..\Telephony: DomainName = skolan.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skolan.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skolan.local

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: gbonbt.dll,avgrsstx.dll

O20 - Winlogon Notify: opnnmMFy - opnnmMFy.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgfws8.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe

--

End of file - 10232 bytes

[/log]

September 7, 2008

[log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, bifoga den till ditt svar.

Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.[/log]

September 14, 2008

Detta funkar inte, tyvärr. Min dator är helt "keff". Combofix kör bara till "steg 8" i fönstret sen hänger det sig. får starta om datorn eftersom alla ikoner försvinner på skrivbordet, om jag ens lyckas stänga Combofix.

Har försökt flera gånger med samma resultat att prorammet hänger sig. Har fått "tvångsstänga" datorn genom att hålla nere av/på-knappen tills den slocknar och sedan starta om den. Hittade efter en stunds letande min recoverskiva. Tänkte köra den, men det visade sig att det verkar som om spelaren har packat ihop. Den finns ej med i mappen:Den här daorn ens. Testade att köra olika skivor, men inget hände

Det här suger verkligen...

[inlägget ändrat 2008-09-14 22:20:19 av Becka89]

September 28, 2008

Synd att jag ej fått någon mer hjälp. Hade verkligen behövt fler tips, om det är möjligt? :thumbsdown:

September 28, 2008

Ladda ner Malwarebytes Anti-Malware från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup.exe för att installera programmet.

[log]Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

September 28, 2008

Äntligen! :thumbsup: Dels för ditt svar & så lyckades Combofix ordna loggen,. Ska ändå köra det du rekommenderar:) Här kommer loggen

[log]ComboFix 08-09-05.03 - Rebecka.Eloff 2008-09-28 18:48:13.4 - NTFSx86

Running from: C:\Documents and Settings\Rebecka.Eloff\Skrivbord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\mcrh.tmp

.

---- Previous Run -------

.

C:\Program\Antivirus 2009\av2009.exe

C:\WINDOWS\cookies.ini

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\photos.zip

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\mcrh.tmp

.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))

.

2008-09-28 17:49 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-28 17:49 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-14 23:03 . 2008-09-14 23:03 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\Uniblue

2008-09-14 23:02 . 2008-09-14 23:02 <KAT> d-------- C:\Program\Uniblue

2008-09-14 23:00 . 2008-09-14 23:02 <KAT> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}

2008-09-14 22:30 . 2008-09-14 22:30 <KAT> d-------- C:\fsaua.data

2008-09-14 15:38 . 2008-09-14 15:38 <KAT> d-------- C:\Program\Delade filer\Application

2008-09-14 15:37 . 2008-09-14 15:40 <KAT> d-------- C:\Program\SPYWAREfighter

2008-09-07 17:11 . 2008-09-28 18:01 <KAT> d--h----- C:\$AVG8.VAULT$

2008-09-07 17:09 . 2008-09-28 17:33 <KAT> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-07 17:09 . 2008-09-07 17:50 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\AVGTOOLBAR

2008-09-07 17:09 . 2008-09-07 17:09 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-07 17:09 . 2008-09-07 17:09 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-07 17:09 . 2008-09-07 17:09 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll

2008-09-07 17:09 . 2008-09-07 17:09 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys

2008-09-07 17:09 . 2008-09-07 17:09 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-09-07 17:09 . 2008-09-07 17:09 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-07 17:08 . 2008-09-07 17:08 <KAT> d-------- C:\Program\AVG

2008-09-07 17:08 . 2008-09-07 17:08 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-09-07 13:28 . 2008-09-07 13:28 119,808 --a------ C:\WINDOWS\system32\pbunxgan.dll

2008-09-07 13:28 . 2008-09-07 13:28 119,808 --a------ C:\WINDOWS\system32\gbonbt.dll

2008-09-07 13:27 . 2008-09-07 13:27 119,808 --a------ C:\WINDOWS\system32\gvewjhky.dll

2008-09-07 13:24 . 2008-09-07 13:24 82,944 --a------ C:\WINDOWS\system32\uauotwik.dll

2008-09-07 13:24 . 2008-09-28 18:41 1,437 ---hs---- C:\WINDOWS\system32\kiwtouau.ini

2008-09-07 13:22 . 2008-09-07 13:22 89,600 --a------ C:\WINDOWS\system32\ydxvexxb.dll

2008-09-05 22:14 . 2008-09-05 22:14 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2008-09-05 11:01 . 2008-09-07 13:22 233 ---hs---- C:\WINDOWS\system32\mingdbca.ini

2008-09-05 10:59 . 2008-09-05 10:59 0 --a------ C:\WINDOWS\system32\yrsmsprk.tmp

2008-09-03 20:47 . 2008-09-05 10:59 2,876,935 ---hs---- C:\WINDOWS\system32\yrsmsprk.ini

2008-09-02 15:12 . 2008-09-02 15:12 <KAT> d--h----- C:\WINDOWS\PIF

2008-09-02 12:25 . 2008-09-03 20:46 2,984,531 ---hs---- C:\WINDOWS\system32\jpanlvop.ini

2008-08-30 20:46 . 2008-09-02 12:23 3,080,922 ---hs---- C:\WINDOWS\system32\ceuaaiae.ini

2008-08-29 20:42 . 2008-08-30 20:43 3,265,994 ---hs---- C:\WINDOWS\system32\vcoamvma.ini

2008-08-28 13:07 . 2008-08-29 20:40 2,578,321 ---hs---- C:\WINDOWS\system32\qqqdqagn.ini

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-28 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\file joy proc deaf

2008-09-14 22:21 --------- d-----w C:\Documents and Settings\Rebecka.Eloff\Application Data\AxisInternet

2008-09-14 15:42 --------- d-----w C:\Program\Delade filer\Teleca Shared

2008-09-14 15:37 --------- d-----w C:\Program\Delade filer\Symantec Shared

2008-09-14 13:27 --------- d-----w C:\Documents and Settings\Administratör\Application Data\AxisInternet

2008-09-05 20:15 --------- d-----w C:\Program\Lavasoft

2008-09-05 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-05-15 12:38 14,336 ----a-w C:\Program\Faktura 2007042.xls

2007-05-10 13:47 18,944 ----a-w C:\Program\BosseAbrahamssonFaktura.xls

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{997df3fd-e2e9-498a-a5ce-fea689b5ffe0}]

2008-09-07 13:28 119808 --a------ C:\WINDOWS\system32\gbonbt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCommunicationsManager"="C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]

"LogitechQuickCamRibbon"="C:\Program\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]

"LVCOMSX"="C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]

"74221ff6"="C:\WINDOWS\system32\uauotwik.dll" [2008-09-07 82944]

"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-09-07 1235736]

"spywarefighterguard"="C:\Program\SPYWAREfighter\spftray.exe" [2008-02-21 115344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=gbonbt.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iifgHyXQ

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-07 12936]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-07 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\Program\AVG\AVG8\avgemc.exe [2008-09-07 875288]

R2 avg8wd;AVG8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-09-07 231704]

R2 avgfws8;AVG8 Firewall;C:\Program\AVG\AVG8\avgfws8.exe [2008-09-07 1220888]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-07 76040]

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-09-07 23296]

R3 SpyFighter;SpyFighter Guard Device;C:\Program\SPYWAREfighter\spyfighter.sys [2008-02-21 8336]

R3 SPYWAREfighterRP;SPYWAREfighterRP;C:\Program\SPYWAREfighter\spfprc.exe [2008-02-21 406160]

S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-09-07 23296]

S3 DCamUSBET151;USB CIF Camera Capture;C:\WINDOWS\system32\Drivers\et151.sys [ ]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{149c0140-fdd2-11dc-99fc-0012f06abefb}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c993362-7cee-11dd-9a43-000ae4aa6da7}]

\Shell\AutoRun\command - D:\AutoTransfer.exe

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

BHO-{5BFA207D-A88D-450A-870A-28001752631A} - C:\WINDOWS\system32\iifgHyXQ.dll

HKCU-Run-BlazeServoTool - C:\Program\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe

HKCU-Run-Dentpile - C:\DOCUME~1\REBECK~1.ELO\APPLIC~1\AXISIN~1\obj bait.exe

HKCU-Run-34734397015435545994979202017883 - C:\Program\Antivirus 2009\av2009.exe

HKLM-Run-LogitechSetup - D:\Setup\Setup.exe

HKLM-Run-List active junk film - C:\Documents and Settings\All Users\Application Data\manager exit list active\data ante.exe

HKLM-Run-BM77112c6a - C:\WINDOWS\system32\jvdyhthv.dll

Notify-opnnmMFy - opnnmMFy.dll

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Rebecka.Eloff\Application Data\Mozilla\Firefox\Profiles\f3wwul2d.defaultFF -: plugin - C:\Program\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava11.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava12.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava13.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava14.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJava32.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPJPI150_02.dll

FF -: plugin - C:\Program\Java\jre1.5.0_02\bin\NPOJI610.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-28 18:52:52

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\TEMP\eea8290b-e7be-44a0-9141-169bae7e2557.tmp 0 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

Completion time: 2008-09-28 18:57:17

ComboFix-quarantined-files.txt 2008-09-28 16:57:02

Pre-Run: 42,863,554,560 byte ledigt

Post-Run: 44,581,920,768 byte ledigt

169 --- E O F --- 2008-09-28 16:22:36

[/log]

September 28, 2008

Det finns fortfarande skadliga filer i datorn enligt loggen, så Malwarebytes Anti-Malware (MBAM) blir bra och sedan tar du bort den ComboFix du har och laddar ner senaste versionen. Klistra in loggen från MBAM och nya ComboFix.

September 28, 2008

Här kommer Malwarebytes-loggen:

[log]Malwarebytes' Anti-Malware 1.28

Databasversion: 1220

Windows 5.1.2600 Service Pack 2

2008-09-28 19:51:58

mbam-log-2008-09-28 (19-51-58).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 52327

Förfluten tid: 7 minute(s), 23 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 1

Infekterade registernycklar: 10

Infekterade registervärden: 3

Infekterade registerdataposter: 0

Infekterade mappar: 2

Infekterade filer: 10

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

C:\WINDOWS\system32\gbonbt.dll (Trojan.Vundo.H) -> Delete on reboot.

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{997df3fd-e2e9-498a-a5ce-fea689b5ffe0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{997df3fd-e2e9-498a-a5ce-fea689b5ffe0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\74221ff6 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

Infekterade filer:

C:\WINDOWS\system32\gbonbt.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\uauotwik.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kiwtouau.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bcblgnfw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gvewjhky.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pbunxgan.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\BM77112c6a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM77112c6a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Rebecka.Eloff\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

[/log]

September 28, 2008

Å här kommer nya Comofixloggen

[log]ComboFix 08-09-27.05 - Rebecka.Eloff 2008-09-28 20:09:01.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.210 [GMT 2:00]

Running from: C:\Documents and Settings\Rebecka.Eloff\Skrivbord\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Administratör\Cookies\administratör@ads.stardoll[2].txt

C:\Documents and Settings\Administratör\new.txt

C:\Documents and Settings\Rebecka.Eloff\Lokala inställningar\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\Rebecka.Eloff\new.txt

C:\WINDOWS\system32\ceuaaiae.ini

C:\WINDOWS\system32\clltjxhh.ini

C:\WINDOWS\system32\cuenjqur.ini

C:\WINDOWS\system32\diftjrct.ini

C:\WINDOWS\system32\dwcwrisg.ini

C:\WINDOWS\system32\elosnqli.ini

C:\WINDOWS\system32\ftorbndc.ini

C:\WINDOWS\system32\ggbppanw.ini

C:\WINDOWS\system32\gnpwuptr.ini

C:\WINDOWS\system32\hujqdhcr.ini

C:\WINDOWS\system32\jpanlvop.ini

C:\WINDOWS\system32\jrbdhejp.ini

C:\WINDOWS\system32\ljydmqtc.ini

C:\WINDOWS\system32\lyskiuof.ini

C:\WINDOWS\system32\menrbefn.ini

C:\WINDOWS\system32\nfdqabcx.ini

C:\WINDOWS\system32\nxckafpj.ini

C:\WINDOWS\system32\ojueebia.ini

C:\WINDOWS\system32\pxywfvay.ini

C:\WINDOWS\system32\qqqdqagn.ini

C:\WINDOWS\system32\QXyHgfii.ini

C:\WINDOWS\system32\reqdsptd.ini

C:\WINDOWS\system32\rntsgpwr.ini

C:\WINDOWS\system32\rvcfguvq.ini

C:\WINDOWS\system32\rwrcibpn.ini

C:\WINDOWS\system32\shxlnvaa.ini

C:\WINDOWS\system32\sjjttffa.ini

C:\WINDOWS\system32\ujoonthu.ini

C:\WINDOWS\system32\vcoamvma.ini

C:\WINDOWS\system32\vixqpoyr.ini

C:\WINDOWS\system32\wmtseduv.ini

C:\WINDOWS\system32\vmvmyyxs.ini

C:\WINDOWS\system32\wpbxwfls.ini

C:\WINDOWS\system32\wwambhsn.ini

C:\WINDOWS\system32\xuwgbutb.ini

C:\WINDOWS\system32\ybigclqo.ini

C:\WINDOWS\system32\ylxivjce.ini

C:\WINDOWS\system32\yprqlipo.ini

C:\WINDOWS\system32\yrsmsprk.ini

.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))

.

2008-09-28 19:39 . 2008-09-28 19:39 <KAT> d-------- C:\Program\Malwarebytes' Anti-Malware

2008-09-28 19:39 . 2008-09-28 19:39 <KAT> d-------- C:\Documents and Settings\Rebecka.Eloff\Application Data\Malwarebytes

2008-09-28 19:39 . 2008-09-28 19:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-28 19:39 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-28 19:39 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys