problem med datorn

[smackeer]

Jag har haft problem med datorn troligtvs hade jag viruset blaster har installerat om windows xp har kört igenom olika virus program och tagit bort det som kommit upp i virus programn, jag bifogar denna hijackthis log filen så ni kan se om det är något som fortfarande är fel

 

[log]ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:01:12, on 2008-10-25

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Spyware Doctor\pctsAuxs.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program\Spyware Doctor\pctsSvc.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Spyware Doctor\pctsTray.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\totalcmd\TOTALCMD.EXE

D:\ner laddat\program\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qotsa.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program\AskBarDis\bar\bin\askBar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [iSTray] "C:\Program\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: unhmcp.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 6134 bytes[/log]

 

[Cecilia]

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program\AskBarDis\bar\bin\askBar1.dll

Det där är något som ska avinstalleras och mappen tas bort.

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Den raden kan du läsa om på

http://www.bleepingcomputer.com/startups/alcmtr-240.html

 

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\WINDOWS\unhmcp.dll

C:\WINDOWS\System32\unhmcp.dll

 

Men om du formaterar om och installerar Windows så finns det ju inga skadliga filer kvar från innan formateringen så det som finns i datorn måste du ha fått in efter formateringen.

 

[smackeer]

Medans jag väntade på svar så körde jag igenom datorn med MBAM

Så här får ni en ny logfil

Jag installerade bara om windows jag formaterade aldrig om den

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:56:29, on 2008-10-25

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\Program\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Spyware Doctor\pctsAuxs.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program\Spyware Doctor\pctsSvc.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Internet Explorer\iexplore.exe

C:\totalcmd\TOTALCMD.EXE

D:\ner laddat\program\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qotsa.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {224933BF-1890-44F7-96FA-0A41B1F55F76} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {95FBE1B4-4A80-4CBF-842B-86C68F70360E} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program\AskBarDis\bar\bin\askBar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [iSTray] "C:\Program\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: unhmcp.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 6410 bytes

[/log]

 

[Cecilia]

En reparationsinstallation alltså, nä sånt är det ju ingen nytta med för att få bort skadliga filer. Blaster kan väl varenda antivirusprogram ta bort.

 

Ask Toolbar, alcmtr.exe och unhmcp.dll finns fortfarande i loggen så var snäll och gör det jag skrev.

 

[smackeer]

Jag har kört de två filerna i virustotal men får detta meddelande

0 bytes size received / Se ha recibido un archivo vacio

 

 

[Cecilia]

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

[smackeer]

jag har kört igenom combofix här är log filen

 

[log]ComboFix 08-10-24.02 - Lisa 2008-10-25 15:53:30.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.603 [GMT 2:00]

Running from: D:\ner laddat\program\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Possible infected sites -----

 

hxxp://sync.support.telia.se

.

((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))

.

 

2008-10-25 13:24 . 2008-10-25 13:24 <KAT> d-------- C:\Documents and Settings\Lisa\Application Data\Malwarebytes

2008-10-25 13:24 . 2008-10-25 13:24 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-10-25 13:24 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-25 13:24 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-25 13:23 . 2008-10-25 13:24 <KAT> d-------- C:\Program\Malwarebytes' Anti-Malware

2008-10-24 17:22 . 2008-10-24 17:22 <KAT> d-------- C:\Documents and Settings\Lisa\Application Data\PC Tools

2008-10-24 17:22 . 2008-10-25 14:13 <KAT> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2008-10-24 17:22 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-10-24 17:22 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-10-24 17:22 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-10-24 17:22 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-10-24 17:15 . 2008-10-24 17:15 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus

2008-10-24 17:14 . 2008-10-25 15:51 <KAT> d-------- C:\Documents and Settings\Lisa\Application Data\Azureus

2008-10-24 17:11 . 2008-10-25 15:32 <KAT> d-------- C:\Program\Vuze

2008-10-24 17:06 . 2008-10-24 17:06 <KAT> d-------- C:\totalcmd

2008-10-24 17:06 . 2008-10-25 15:52 2,147 --a------ C:\WINDOWS\wincmd.ini

2008-10-24 17:06 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\UC.PIF

2008-10-24 17:06 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\RAR.PIF

2008-10-24 17:06 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-10-24 17:06 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-10-24 17:06 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-10-24 17:06 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\LHA.PIF

2008-10-24 17:06 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\ARJ.PIF

2008-10-24 06:29 . 2008-10-25 15:40 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-10-23 20:21 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-10-23 19:56 . 2008-10-03 19:26 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-10-23 19:56 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-10-23 19:56 . 2007-03-08 07:12 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-10-23 19:56 . 2008-08-26 10:26 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-10-23 19:56 . 2008-08-26 10:26 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-10-23 19:56 . 2008-08-26 10:26 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-10-23 19:56 . 2008-08-26 10:26 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-10-23 19:56 . 2008-08-26 10:26 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-10-23 19:56 . 2008-08-25 10:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-10-23 19:40 . 2008-10-15 18:38 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-23 19:35 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-23 19:35 . 2008-06-14 19:36 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-10-23 19:34 . 2008-08-14 15:27 2,189,952 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-23 19:34 . 2008-08-14 15:27 2,146,304 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-23 19:34 . 2008-08-14 15:27 2,066,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-23 19:34 . 2008-08-14 15:27 2,024,960 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-23 19:34 . 2008-09-15 17:27 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-23 19:34 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-10-23 19:34 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-10-23 19:34 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-10-23 18:54 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys

2008-10-23 18:51 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-10-23 18:49 . 2008-04-14 17:37 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-10-23 18:49 . 2001-08-17 23:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2008-10-23 18:48 . 2008-04-14 18:04 75,264 --a------ C:\WINDOWS\system32\usbui.dll

2008-10-23 18:43 . 2008-10-23 18:43 <KAT> dr------- C:\Documents and Settings\Default User.WINDOWS\Start-meny

2008-10-23 18:43 . 2008-10-23 18:43 <KAT> d-------- C:\Documents and Settings\Default User.WINDOWS\Skrivbord

2008-10-23 18:43 . 2008-10-23 18:43 <KAT> d--h----- C:\Documents and Settings\Default User.WINDOWS\Skrivare

2008-10-23 18:43 . 2008-10-23 18:43 <KAT> d--h----- C:\Documents and Settings\Default User.WINDOWS\Nätverket

2008-10-23 18:43 . 2008-10-23 18:43 <KAT> d-------- C:\Documents and Settings\Default User.WINDOWS\Mina dokument

2008-10-23 18:43 . 2008-10-23 17:20 <KAT> d--h----- C:\Documents and Settings\Default User.WINDOWS\Mallar

2008-10-23 18:43 . 2008-10-25 15:56 <KAT> dr-h----- C:\Documents and Settings\Default User.WINDOWS\Lokala inställningar

2008-10-23 18:43 . 2008-10-23 18:43 <KAT> d-------- C:\Documents and Settings\Default User.WINDOWS\Favoriter

2008-10-23 18:43 . 2008-10-23 19:23 <KAT> dr------- C:\Documents and Settings\All Users.WINDOWS\Start-meny

2008-10-23 18:43 . 2008-10-25 13:24 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Skrivbord

2008-10-23 18:43 . 2008-10-23 18:43 <KAT> d--h----- C:\Documents and Settings\All Users.WINDOWS\Mallar

2008-10-23 18:43 . 2008-10-23 18:43 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Favoriter

2008-10-23 18:43 . 2008-10-23 17:21 <KAT> dr------- C:\Documents and Settings\All Users.WINDOWS\Dokument

2008-10-23 18:42 . 2004-08-04 14:00 1,086,058 -ra------ C:\WINDOWS\SET4.tmp

2008-10-23 18:42 . 2004-08-04 14:00 1,013,559 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT

2008-10-23 18:42 . 2004-08-04 14:00 1,013,559 -ra------ C:\WINDOWS\SET3.tmp

2008-10-23 18:42 . 2004-08-04 14:00 808,234 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT

2008-10-23 18:42 . 2004-08-04 14:00 399,670 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT

2008-10-23 18:42 . 2004-08-04 14:00 37,509 --a--c--- C:\WINDOWS\system32\dllcache\MW770.CAT

2008-10-23 18:42 . 2004-08-04 14:00 14,043 -ra------ C:\WINDOWS\SET8.tmp

2008-10-23 18:42 . 2004-08-04 14:00 13,497 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT

2008-10-23 18:42 . 2004-08-04 14:00 8,599 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT

2008-10-23 18:42 . 2004-08-04 14:00 7,407 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT

2008-10-23 18:42 . 2004-08-04 14:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat

2008-10-23 18:41 . 2008-10-23 19:33 <KAT> d--h----- C:\Documents and Settings\Default User.WINDOWS

2008-10-23 18:41 . 2008-10-23 17:24 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS

2008-10-23 18:40 . 2008-10-23 17:29 261 --a------ C:\WINDOWS\system32\$winnt$.inf

2008-10-23 18:32 . 2008-10-23 18:32 <KAT> d--hs---- C:\Documents and Settings\Lisa\UserData

2008-10-23 18:28 . 2008-10-25 13:00 <KAT> d-------- C:\Documents and Settings\Lisa\Application Data\F-Secure

2008-10-23 18:28 . 2008-10-23 18:28 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SupportSoft

2008-10-23 18:27 . 2008-10-23 18:27 13,646 --a------ C:\WINDOWS\system32\wpa.bak

2008-10-23 18:20 . 2007-04-26 19:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys

2008-10-23 18:20 . 2007-04-26 19:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys

2008-10-23 18:19 . 2008-10-23 18:19 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure

2008-10-23 18:18 . 2008-10-23 20:04 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg

2008-10-23 18:08 . 2008-10-23 18:08 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-10-23 18:08 . 2008-10-23 18:08 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-10-23 18:08 . 2005-04-05 08:23 139,264 -ra------ C:\WINDOWS\system32\igfxres.dll

2008-10-23 18:06 . 2008-10-23 18:06 <KAT> d-------- C:\Program\GIGABYTE

2008-10-23 18:06 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe

2008-10-23 18:06 . 2008-04-13 21:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-10-23 18:06 . 2008-04-13 20:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys

2008-10-23 18:06 . 2008-04-13 20:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-10-23 18:04 . 2005-04-16 16:20 487,424 --------- C:\WINDOWS\RtlExUpd.dll

2008-10-23 18:04 . 2007-08-10 20:54 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-10-23 17:31 . 2008-10-23 18:43 <KAT> dr------- C:\Documents and Settings\Lisa\Start-meny

2008-10-23 17:31 . 2008-10-25 15:39 <KAT> d-------- C:\Documents and Settings\Lisa\Skrivbord

2008-10-23 17:31 . 2008-10-23 18:43 <KAT> d--h----- C:\Documents and Settings\Lisa\Skrivare

2008-10-23 17:31 . 2008-10-23 18:43 <KAT> d--h----- C:\Documents and Settings\Lisa\Nätverket

2008-10-23 17:31 . 2008-10-24 17:19 <KAT> dr------- C:\Documents and Settings\Lisa\Mina dokument

2008-10-23 17:31 . 2008-10-23 17:20 <KAT> d--h----- C:\Documents and Settings\Lisa\Mallar

2008-10-23 17:31 . 2008-10-25 15:56 <KAT> d--h----- C:\Documents and Settings\Lisa\Lokala inställningar

2008-10-23 17:31 . 2008-10-25 15:21 <KAT> dr------- C:\Documents and Settings\Lisa\Favoriter

2008-10-23 17:31 . 2008-10-23 20:01 <KAT> d-------- C:\Documents and Settings\Lisa

2008-10-23 17:30 . 2008-10-25 15:56 <KAT> d--h----- C:\Documents and Settings\NetworkService.NT INSTANS\Lokala inställningar

2008-10-23 17:30 . 2008-10-23 17:30 <KAT> d--hs---- C:\Documents and Settings\NetworkService.NT INSTANS

2008-10-23 17:30 . 2008-10-25 15:56 <KAT> d--h----- C:\Documents and Settings\LocalService.NT INSTANS\Lokala inställningar

2008-10-23 17:30 . 2008-10-23 17:30 <KAT> d--hs---- C:\Documents and Settings\LocalService.NT INSTANS

2008-10-23 17:30 . 2008-10-23 17:30 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

2008-10-23 17:29 . 2004-08-04 14:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls

2008-10-23 17:27 . 2008-04-14 18:03 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-10-23 17:26 . 2004-08-04 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll

2008-10-23 17:25 . 2008-10-23 19:33 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-10-23 17:25 . 2008-10-23 17:25 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-10-23 17:25 . 2008-10-23 17:25 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-10-23 17:25 . 2008-10-23 17:25 2,578 --a------ C:\WINDOWS\system32\CONFIG.NT

2008-10-23 17:25 . 2008-10-23 17:25 0 --a------ C:\WINDOWS\control.ini

2008-10-23 17:24 . 2008-10-23 17:25 <KAT> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM

2008-10-23 17:24 . 2008-10-23 17:24 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest

2008-10-23 17:24 . 2008-10-23 17:24 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-10-23 17:23 . 2004-08-04 14:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex

2008-10-23 17:23 . 2008-10-23 17:23 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-10-23 17:23 . 2008-10-23 17:23 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-10-23 17:23 . 2008-10-23 17:23 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-10-23 17:23 . 2008-10-23 17:23 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-25 13:40 --------- d-----w C:\Program\Spybot - Search & Destroy

2008-10-25 13:32 --------- d-----w C:\Program\Vuze

2008-10-25 10:16 --------- d-----w C:\Program\Spyware Doctor

2008-10-23 18:21 --------- d-----w C:\Program\Panda Security

2008-10-23 16:26 --------- d-----w C:\Program\Telia

2008-10-21 14:25 --------- d-----w C:\Documents and Settings\Bettan\Application Data\Azureus

2008-10-19 14:34 --------- d--h--w C:\Program\InstallShield Installation Information

2008-10-16 15:42 --------- d-----w C:\Program\Azureus

2008-09-30 20:40 --------- d-----w C:\Program\GetRight

2008-09-27 13:11 --------- d-----w C:\Documents and Settings\Bettan\Application Data\SPORE

2008-09-25 17:36 --------- d-----w C:\Program\Delade filer\Adobe

2008-09-15 15:27 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-13 22:59 --------- d-----w C:\Program\Electronic Arts

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 13:27 2,189,952 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:27 2,066,816 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 94208]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 77824]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 114688]

"Telia"="C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" [2008-10-16 201976]

"F-Secure Manager"="C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" [2007-04-26 183208]

"F-Secure TNB"="C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" [2007-04-26 740208]

"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 C:\WINDOWS\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=unhmcp.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 12:43 69632 C:\WINDOWS\ALCMTR.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 58128]

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]

R2 sprtsvc_telia;SupportSoft Sprocket Service (telia);C:\Program\Telia\Supportassistent\bin\sprtsvc.exe [2008-10-16 202016]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys [2008-02-13 63912]

S4 F-Secure Filter;F-Secure File System Filter;C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 41640]

S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSrec.sys [2008-02-13 27048]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-25 C:\WINDOWS\Tasks\Scheduled scanning task.job

- C:\Program\Telia\TELIAS~1\ANTI-V~1\fsav.exe [2008-02-13 12:38]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{224933BF-1890-44F7-96FA-0A41B1F55F76} - (no file)

BHO-{95FBE1B4-4A80-4CBF-842B-86C68F70360E} - (no file)

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.qotsa.com/

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-25 15:59:22

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-10-25 16:00:55

ComboFix-quarantined-files.txt 2008-10-25 14:00:44

 

Pre-Run: 41 213 890 560 byte ledigt

Post-Run: 41,882,537,984 byte ledigt

 

226 --- E O F --- 2008-10-25 13:02:54

[/log]

 

[Cecilia]

Har du haft Panda installerad?

 

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {224933BF-1890-44F7-96FA-0A41B1F55F76} - (no file)

O2 - BHO: (no name) - {95FBE1B4-4A80-4CBF-842B-86C68F70360E} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program\AskBarDis\bar\bin\askBar1.dll

O20 - AppInit_DLLs: unhmcp.dll

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home

 

[smackeer]

Nu är de borta tack så mycket för hjälpen