Virus, igen

25 november, 2008

När ska detta sluta?

Jag mistänker nu att jag har, ännu en gång fått virus på något mystiskt sätt.

Jag bifogar HiJackThis logg.

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:20:11, on 2008-11-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

c:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Stardock\TrayServer.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Eset\nod32kui.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Alarm Me\AlarmMe.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Messenger\msmsgs.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\Electronic Arts\EADM\Core.exe

C:\Program\TGTSoft\StyleXP\StyleXP.exe

C:\program\valve\steam\steam.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\Program\Xfire\Xfire.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program\uTorrent\uTorrent.exe

C:\Program\Mozilla Firefox\firefox.exe

E:\Mattias\Program\HiJackThis (stäng av virusskydd)\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program\Delade filer\Stardock\TrayServer.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AlarmMe] "C:\Program\Alarm Me\AlarmMe.exe" "-h"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [EA Core] C:\Program\Electronic Arts\EADM\Core.exe -silent

O4 - HKCU\..\Run: [sTYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [steam] "c:\program\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-21-2025429265-790525478-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Therese')

O4 - HKUS\S-1-5-21-2025429265-790525478-839522115-1004\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot (User 'Therese')

O4 - HKUS\S-1-5-21-2025429265-790525478-839522115-1004\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" (User 'Therese')

O4 - HKUS\S-1-5-21-2025429265-790525478-839522115-1004\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background (User 'Therese')

O4 - HKUS\S-1-5-21-2025429265-790525478-839522115-1004\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background (User 'Therese')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Logitech-produktregistrering.lnk = C:\Program\Delade filer\Logishrd\eReg\SetPoint\eReg.exe

O4 - Startup: Xfire.lnk = C:\Program\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program\Delade filer\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program\TGTSoft\StyleXP\StyleXPService.exe

--

End of file - 9955 bytes[/log]

Tack på förhand

25 november, 2008

O4 - HKLM\..\Run: [AlarmMe] "C:\Program\Alarm Me\AlarmMe.exe" "-h"

Är det något nytt program eller har du haft det en tid så att det inte har något samband?

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

25 november, 2008

Alarm Men är ett program som nyss installerats, dock så är det så att jag haft det installerat flera gånger tidigare utan problem.

Loggar:

Malaware:

[log]Malwarebytes' Anti-Malware 1.30

Databasversion: 1423

Windows 5.1.2600 Service Pack 2

2008-11-25 20:13:58

mbam-log-2008-11-25 (20-13-58).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 59943

Förfluten tid: 3 minute(s), 7 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 2

Infekterade minnesprocesser: