Just nu i M3-nätverket
Jump to content

Hjälp! 3 trojaner i min laptop!


apelsinapelsin

Recommended Posts

apelsinapelsin

Hej!

 

Jag scannade min dator med McGaffes VirusScan ON-Demand och det visade sig att jag har tre trojaner på min dator. De är följande:

 

39lpji.com

A0055339.com

ckvo.exe

 

De kundes inte tas bort utan har satts i en mapp i karantän.

 

Jag har kollat runt forumet och förstår att det underlättar om man bifogar en hijackthis-logg så det gör jag efter detta inlägget.

 

Om någon skulle kunna hjälpa mig med detta så hade jag varit ytterst tacksam. Jag är verkligen inget datasnille. Tusen tusen tack på förhand!

 

Bästa hälsningar,

Mims

 

Link to comment
Share on other sites

apelsinapelsin

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:25:23, on 2009-01-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Network Associates\Common Framework\FrameworkService.exe

C:\Program\Network Associates\VirusScan\Mcshield.exe

C:\Program\Network Associates\VirusScan\VsTskMgr.exe

C:\Program\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\WINDOWS\system32\TpScrLk.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program\Network Associates\VirusScan\SHSTAT.EXE

C:\Program\Network Associates\Common Framework\UpdaterUI.exe

C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe

C:\WINDOWS\vVX1000.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Network Associates\VirusScan\mcconsol.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparbankenfinn.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\Program\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program\ThinkPad\Program\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\Program\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\Program\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\Program\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [shStatEXE] "C:\Program\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_2] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmnetmgr.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_3] C:\WINDOWS\system32\regsvr32 /s /u "C:\WINDOWS\system32\wmv8dmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_4] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_5] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmoe2.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_6] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmoe.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_7] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_8] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmoe.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_9] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_10] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe2.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_20] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_21] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mpg4dmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_22] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp43dmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_23] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp4sdmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_24] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_30] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\laprxy.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_31] "C:\WINDOWS\system32\logagent.exe" /RegServer

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_32] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvcore.dll"

O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_1] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmstor.dll"

O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_2] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmclien.dll"

O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_4] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmv2clt.dll"

O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_5] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\blackbox.dll"

O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_6] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\msnetobj.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_0] C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_1] "C:\Program\Windows Media Player\migrate.exe" /s

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_2] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmp.dll

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_8] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpshell.dll

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_9] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpasf.dll

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_10] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpdxm.dll

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_11] C:\WINDOWS\system32\regsvr32 /s "C:\Program\Windows Media Player\mpvis.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMDM_Install_7] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mspmsnsv.dll

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe

O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Uppdatera ThinkPad-program - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program\Lenovo\PkgMgr\PkgMgr.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - E:\Matlab\webserver\bin\win32\matlabserver.exe (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/IBM/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/IBM/LOKALA~1/Temp/msohtml1/01/clip_image002.gif

 

--

End of file - 11518 bytes

[/log]

 

Link to comment
Share on other sites

 

[log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar (kom ihåg LOG-knappen). Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.[/log]

 

Link to comment
Share on other sites

apelsinapelsin

[log]

ComboFix 09-01-20.05 - IBM 2009-01-21 16:17:25.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.511.289 [GMT 1:00]

K÷rs frÕn: c:\documents and settings\IBM\Skrivbord\ComboFix.exe

* Skapade en ny Õterstõllningspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\2u.com

C:\3rl3lqbq.bat

C:\Autorun.inf

C:\e.cmd

C:\h3.bat

C:\rcukd.cmd

c:\windows\system32\ckvo0.dll

c:\windows\system32\ckvo1.dll

c:\windows\system32\gasretyw0.dll

c:\windows\system32\gasretyw1.dll

c:\windows\system32\kamsoft.exe

c:\windows\system32\vamsoft.exe

 

.

(((((((((((((((((((((((( Filer Skapade från 2008-12-21 till 2009-01-21 ))))))))))))))))))))))))))))))

.

 

2009-01-21 16:22 . 2009-01-21 16:22 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll

2009-01-21 15:53 . 2009-01-21 15:39 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-01-21 15:48 . 2009-01-21 15:48 <KAT> d-------- c:\documents and settings\LocalService\Skrivbord

2009-01-21 15:39 . 2009-01-21 15:39 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-01-21 15:38 . 2009-01-21 15:38 <KAT> d-------- c:\program\Lavasoft

2009-01-21 15:38 . 2009-01-21 15:38 <KAT> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-01-21 15:29 . 2009-01-21 15:29 <KAT> d--h----- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-01-21 14:51 . 2009-01-21 14:51 <KAT> d-------- c:\windows\system32\sv-se

2009-01-21 14:51 . 2009-01-21 14:51 <KAT> d-------- c:\windows\system32\sv

2009-01-21 14:51 . 2009-01-21 14:51 <KAT> d-------- c:\windows\system32\bits

2009-01-21 14:51 . 2009-01-21 14:51 <KAT> d-------- c:\windows\l2schemas

2009-01-21 14:43 . 2009-01-21 14:43 <KAT> d-------- c:\program\Trend Micro

2009-01-21 14:41 . 2009-01-21 14:41 <KAT> d-------- c:\windows\ServicePackFiles

2009-01-21 14:08 . 2009-01-21 14:08 <KAT> d-------- C:\QUARANTINE

2009-01-21 12:09 . 2009-01-21 12:09 <KAT> d-------- c:\documents and settings\All Users\Application Data\TEMP

2009-01-21 12:07 . 2009-01-21 12:07 <KAT> d-------- c:\program\PC Tools AntiVirus

2009-01-21 12:07 . 2009-01-21 12:07 <KAT> d-------- c:\program\Delade filer\PC Tools

2009-01-20 10:35 . 2009-01-21 09:42 108,869 -r-hs---- c:\windows\system32\olhrwef.exe

2009-01-20 10:35 . 2009-01-21 09:42 108,869 -r-hs---- C:\gy.exe

2009-01-08 21:41 . 2009-01-08 21:41 <KAT> d-------- c:\program\Delade filer\Adobe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-21 14:35 85,504 --sh--r c:\windows\system32\vbsdfe0.dll

2008-12-14 19:44 --------- d-----w c:\program\WinRAR.v3.40.Incl.DosRAR.Corporate.Edition.Retail.WinALL-F4CG

2008-12-14 19:22 85,504 --sh--r c:\windows\system32\vbsdfe1.dll

2008-12-12 17:03 3,088,896 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2008-12-08 21:53 107,045 --sh--r C:\m9ma.exe

2008-12-08 21:53 107,045 --sh--r C:\6fnlpetp.exe

2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 12:43 286,720 ------w c:\windows\system32\dllcache\gdi32.dll

2008-06-16 15:56 8 ----a-w c:\documents and settings\IBM\Application Data\usb.dat.bin

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-21 108869]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PRONoMgrWired"="c:\program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]

"SoundMAXPnP"="c:\program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"ATIPTA"="c:\program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-25 344064]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 110592]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 512000]

"EZEJMNAP"="c:\program\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]

"TPHOTKEY"="c:\program\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-12-15 94208]

"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-08 40960]

"TPKMAPHELPER"="c:\program\ThinkPad\Program\TpKmapAp.exe" [2005-10-28 864256]

"BMMGAG"="c:\program\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]

"BMMLREF"="c:\program\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]

"BMMMONWND"="c:\program\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]

"BLOG"="c:\program\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]

"MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2006-08-09 282624]

"ShStatEXE"="c:\program\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]

"McAfeeUpdaterUI"="c:\program\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"Network Associates Error Reporting Service"="c:\program\Delade filer\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]

"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

"Ad-Watch"="c:\program\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-21 507224]

"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 c:\windows\AGRSMMSG.exe]

"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"configmsi"="rmdir" [X]

"supportdir"="rmdir" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2005-07-05 23:45 28672 c:\windows\system32\notifyf2.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2006-02-01 15:09 24576 c:\windows\system32\tphklock.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

--a------ 2004-08-22 17:05 81920 c:\program\D-Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 17:05 1695232 c:\program\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-08-09 18:08 282624 c:\program\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-11-10 13:03 36975 c:\program\Java\jre1.5.0_06\bin\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Messenger\\MSMSGS.EXE"=

"c:\\Program\\Mozilla Firefox\\firefox.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-10-17 58048]

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2006-03-28 16384]

R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]

S3 z3f2bus;Sony Ericsson driver (WDM);c:\windows\system32\drivers\z3f2bus.sys [2006-08-09 44752]

S3 z3f2mdfl;Sony Ericsson USB WMC Modem Filter;c:\windows\system32\drivers\z3f2mdfl.sys [2006-08-09 6032]

S3 z3f2mdm;Sony Ericsson USB WMC Modem Driver;c:\windows\system32\drivers\z3f2mdm.sys [2006-08-09 80832]

S3 z3f2mgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z3f2mgmt.sys [2006-08-09 74016]

S3 z3f2obex;Sony Ericsson USB WMC OBEX Interface;c:\windows\system32\drivers\z3f2obex.sys [2006-08-09 71808]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*NewlyCreated* - ENTDRV51

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4796d470-5e1c-11db-8342-000d60af7959}]

\Shell\AutoRun\command - E:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80e05f20-addc-11da-81ec-94c0c6167207}]

\Shell\AutoRun\command - E:\m9ma.exe

\Shell\explore\Command - E:\m9ma.exe

\Shell\open\Command - E:\m9ma.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ee3eeb0-3bb3-11dd-848a-000d60af7959}]

\Shell\AutoRun\command - G:\39lpji.com

\Shell\explore\Command - G:\39lpji.com

\Shell\open\Command - G:\39lpji.com

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2006-08-23 c:\windows\Tasks\BMMTask.job

- c:\program\ThinkPad\UTILIT~1\BMMTASK.EXE [2005-04-20 01:38]

 

2008-07-10 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job

- D:\setup.exe []

 

2008-07-10 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job

- c:\windows\vVX1000.exe [2007-04-10 23:46]

 

2009-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-21 15:39]

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKCU-Run-vamsoft - c:\windows\system32\vamsoft.exe

HKLM-Run-PinnacleDriverCheck - c:\windows\system32\PSDrvCheck.exe

MSConfigStartUp-Acrobat Assistant 7 - c:\program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

MSConfigStartUp-iTunesHelper - c:\program\iTunes\iTunesHelper.exe

MSConfigStartUp-MsnMsgr - c:\program\MSN Messenger\MsnMsgr.Exe

 

 

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.sparbankenfinn.se/

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\3gjfvck0.defaultFF - component: c:\program\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program\Java\jre1.5.0_06\bin\NPJava11.dll

FF - plugin: c:\program\Java\jre1.5.0_06\bin\NPJava12.dll

FF - plugin: c:\program\Java\jre1.5.0_06\bin\NPJava13.dll

FF - plugin: c:\program\Java\jre1.5.0_06\bin\NPJava14.dll

FF - plugin: c:\program\Java\jre1.5.0_06\bin\NPJava32.dll

FF - plugin: c:\program\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program\Java\jre1.5.0_06\bin\NPOJI610.dll

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-21 16:22:04

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,ce,4a,80,41,70,

91,6c,0c,2e,e8,e1,00,eb,16,2b,de,b4,5d,d3,7e,35,30,ee,95,e2,63,26,f1,3f,c8,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,27,61,96,ef,c8,

17,4b,a4,46,47,15,b0,92,4b,c7,ef,f6,6b,20,f4,6b,ae,0f,81,6a,9c,d6,61,af,45,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,fc,03,cb,55,9d,

d4,ec,dd,7a,45,05,fd,91,e8,6f,31,77,92,99,6f,c8,c0,d7,df,ff,7c,85,e0,43,d4,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,4a,37,d1,55,1c,

9f,9e,2f,6b,65,49,6a,7e,99,74,f7,4f,eb,ba,72,93,62,f5,57,86,8c,21,01,be,91,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,75,43,e6,08,55,

28,08,2c,e9,02,6c,fa,fb,1d,47,57,cb,1e,ad,eb,9b,97,54,36,f5,1d,4d,73,a8,13,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,92,47,b8,cf,cc,

6d,7c,8e,50,93,e5,ab,ec,6a,4e,ab,5e,c8,42,b8,49,bf,31,30,df,20,58,62,78,6b,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,90,da,da,fa,f1,

fc,cb,52,97,20,4e,9a,c7,f1,35,ee,3b,ba,80,02,24,0c,35,ef,fb,a7,78,e6,12,2f,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,a2,8e,e6,2f,33,

bb,ec,26,aa,52,c6,00,84,3c,26,64,f4,a2,68,dd,41,c1,c8,aa,01,3a,48,fc,e8,04,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,e8,43,be,b3,b6,

15,a4,c5,b2,46,9a,e2,1b,fe,1b,94,07,60,3a,e1,5b,b3,c1,87,f6,0f,4e,58,98,5b,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,b9,3f,e6,6e,e8,

c9,81,a5,37,a4,aa,c3,a6,15,56,0a,b7,9b,17,7a,90,ac,7b,1a,3d,ce,ea,26,2d,45,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,66,04,3b,8b,12,

dd,b3,42,f8,31,0f,a9,5f,a0,ec,fb,a4,61,3f,51,70,23,1a,79,2a,b7,cc,b5,b9,7f,

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,52,5a,f3,2d,23,

88,88,9a,05,73,21,dd,54,d8,4a,c5,81,10,16,4f,32,5c,1c,bf,6c,43,2d,1e,aa,22,.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(884)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\tphklock.dll

 

- - - - - - - > 'lsass.exe'(940)

c:\windows\system32\EntApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\SYSTEM32\IBMPMSVC.EXE

c:\windows\SYSTEM32\ATI2EVXX.EXE

c:\program\NETWORK ASSOCIATES\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE

c:\program\NETWORK ASSOCIATES\VIRUSSCAN\MCSHIELD.EXE

c:\program\NETWORK ASSOCIATES\VIRUSSCAN\VSTSKMGR.EXE

c:\program\NETWORK ASSOCIATES\COMMON FRAMEWORK\NAPRDMGR.EXE

c:\program\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE

c:\windows\SYSTEM32\TPKMPSVC.EXE

c:\windows\SYSTEM32\ATI2EVXX.EXE

c:\windows\SYSTEM32\WGATRAY.EXE

c:\windows\SYSTEM32\WSCNTFY.EXE

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\rundll32.exe

c:\program\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

c:\program\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

.

**************************************************************************

.

Sluttid: 2009-01-21 16:25:20 - datorn startades om.

ComboFix-quarantined-files.txt 2009-01-21 15:25:16

 

F÷re genoms÷kningen: 1 066 655 744 byte ledigt

Efter genomsökningen: 1,425,522,688 byte ledigt

 

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

280 --- E O F --- 2009-01-21 14:16:15

[/log]

 

Link to comment
Share on other sites

Jag ser i Hijack-loggen att du har en mycket gammal java-version med

många säkerhetshål i din dator.Jag rekommenderar att du laddar hem

och installerar ny http://www.java.com/sv/ Avinstallera sedan den

gamla i Kontrollpanelen Lägg till /ta bort program (inga webläsare igång)

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...