Just nu i M3-nätverket
Jump to content

Hjälp min dator startar om efter nått virus


Fermia

Recommended Posts

hej jag installerade ett spel som innehöll ett virus mitt antivirus program kickade in och hindrade det från skicka epost och allt vad det gjorde. men nu har min dator börjat starta om sig, särskilt när jag ansluter till internet! jag har kollat med alla möjliga program! men inget funkar den bara dör och startar om! hjälp vad ska jag göra! snälla ge mig tips. jag får ett felmedelande nu om att service.exe inte kan hittas och datorn kommer startas om.

 

[inlägget ändrat 2009-02-04 22:15:41 av Fermia]

Link to comment
Share on other sites

Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:40:42, on 2090-01-01

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\reader_s.exe

C:\Program\Spyware Doctor\pctsTray.exe

C:\Documents and Settings\Administratör\reader_s.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Spyware Doctor\pctsAuxs.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\TEMP\368282774exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\TEMP\1576571515exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program\Spyware Doctor\pctsSvc.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll (file missing)

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iSTray] "C:\Program\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\xxx9410.exe

O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Administratör\reader_s.exe

O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program\Applications\wcs.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program\Applications\iebtm.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [rvhctiub.exe] C:\WINDOWS\rvhctiub.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [lfszzhes.exe] C:\WINDOWS\lfszzhes.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [dbxuemno.exe] C:\WINDOWS\dbxuemno.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Administratör\reader_s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [xlpqdkej.exe] C:\WINDOWS\xlpqdkej.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [fpkamaoa.exe] C:\WINDOWS\fpkamaoa.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [dbxfxrqy.exe] C:\WINDOWS\dbxfxrqy.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [zzjxolah.exe] C:\WINDOWS\zzjxolah.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [zzlerazx.exe] C:\WINDOWS\zzlerazx.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')

O4 - Global Startup: Ny(tt) Wordpad-dokument.doc

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll C:\Program\Google\GO333C~1\GOEC62~1.DLL

O20 - Winlogon Notify: jietqcc - C:\WINDOWS\SYSTEM32\jietqcc32.dll

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\WINDOWS\System32\appdrvrem01.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Installer restarter (FSIHS) - F-Secure Corp. - C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\Installer\00000003\bootstrap\fsihs.exe

O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9860a39c23596) (gupdate1c9860a39c23596) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

 

--

End of file - 7313 bytes

[/log]

[inlägget ändrat 2009-02-04 23:26:41 av Fermia]

Link to comment
Share on other sites

ursäkta dubbelposten men hittar mera fel. nu startar den inte om kört spy doktor och hittade lite bajs. men verkar inte som jag kan aktiver windows brandväggen eller instalera någon antivirus program det bara står att det inte går installera typ. spy doktor hittade dock en trojan innan det inte gick att starta det:( kommer bara upp uppdateringar sedan inget mera

 

 

Link to comment
Share on other sites

Hej! vi kör på med Malwarebytes men när du tagit hem den så döp om installationsfilen och sen även programmet innan du gör en snabb scan

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.

 

Mvh Laston

 

[log][/log]

 

Link to comment
Share on other sites

jupps försöker lyckas ta bort några i taget innan den fryser men kör så öångt det går nu innan jag avbryter

det går inte slut föra sökningen det bara fryser efter ca 2- 3 minuter:(

[inlägget ändrat 2009-02-05 00:11:59 av Fermia]

 

 

[log]Malwarebytes' Anti-Malware 1.33

Databasversion: 1728

Windows 5.1.2600 Service Pack 3

 

2090-01-01 05:33:16

mbam-log-2090-01-01 (05-33-16).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 19484

Förfluten tid: 2 minute(s), 52 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 5

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati5puxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati5puxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati5puxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati5puxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati5puxx (Rootkit.Agent) -> Delete on reboot.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\system32\drivers\ati5puxx.sys (Rootkit.Agent) -> Delete on reboot.

[/log]

 

 

 

är vad jag lyckas hitta innan det fryser

[inlägget ändrat 2009-02-05 00:16:35 av Fermia]

Link to comment
Share on other sites

verkar som en del av trojanerna e borta men verkar som dom skakat runt en del kan typ inte gå in på partioner utan att utforska dom eller starta msn verkar inte funka alls. gissar lite att windows tagit stryk. omstarterna verkar doch försvunnit. kollade om hårdisken var skadat men den verkar vara hel inga trasiga kluster. hur såg loggarna ut annars e det allvarliga virus?

 

Link to comment
Share on other sites

Hej! Dessa rootkits som du drabbats av ställer till en hel del oreda i maskinen,skulle vilja se en ny sökning med Malwarebytes och sen 2 nya loggar så jag får se vad som är kvar o inte! Alltså loggar från HJT och Malwarebytes

 

Link to comment
Share on other sites

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 05:55:19, on 2090-01-01

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\TEMP\atl11.tmp

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\SYSTEM32\NOTEPAD.EXE

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\SYSTEM32\NOTEPAD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll (file missing)

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program\ant bajs\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\xxx9410.exe

O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program\Applications\wcs.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program\Applications\iebtm.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Administratör\reader_s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')

O4 - Global Startup: Ny(tt) Wordpad-dokument.doc

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll C:\Program\Google\GO333C~1\GOEC62~1.DLL

O20 - Winlogon Notify: jietqcc - C:\WINDOWS\SYSTEM32\jietqcc32.dll

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\WINDOWS\System32\appdrvrem01.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9860a39c23596) (gupdate1c9860a39c23596) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe[/log]

 

Link to comment
Share on other sites

Hej! Fanns en del otrevligheter kvar ser jag så vi får ta till ett skarpare verktyg![log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Lycka till Mvh Laston[/log]

 

Link to comment
Share on other sites

nhu sket jag nästan på mig var inte beredd på det skulle pipa och leva röveren

 

humm min dator hadde ingen äterställnings grejs det hadde viruset pajat det lagas nu(tror det gjorde det). så är det nått jag måste veta om programet?

 

 

Link to comment
Share on other sites

Innan du kör Combo så starta om datorn felsäkert läge och kör en scan med Malwarebytes först,lite ändring jag vet men det underlättar för fortsättningen

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

Vill se den loggan sen med!!

 

[inlägget ändrat 2009-02-05 01:07:07 av Laston]

Link to comment
Share on other sites

blev lite bäklänges nu men här kommer combo loggen det verkar ha gjort susen!

 

 

[log]ComboFix 09-02-04.01 - Administratör 2090-01-01 6:18:14.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1535.991 [GMT 1:00]

Körs från: c:\documents and settings\Administratör\Skrivbord\fittan.exe

AV: AVG *On-access scanning disabled* (Outdated)

.

- REDUCERAD FUNKTIONALITETSMOD -

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program\Mozilla Firefox\components\iamfamous.dll

c:\windows\IE4 Error Log.txt

c:\windows\system32\reader_s.exe

D:\Autorun.inf

E:\Autorun.inf

c:\windows\system32\drivers\str.sys . . . . misslyckades radera

 

.

(((((((((((((((((((((((( Filer Skapade från 2089-12-01 till 2090-01-01 ))))))))))))))))))))))))))))))

.

 

2090-01-01 06:21 . 2090-01-01 06:21 33,920 --a------ c:\windows\system32\drivers\svynsgby.sys

2090-01-01 06:20 . 2090-01-01 06:21 33,351 --------- c:\windows\system32\drivers\str.sys

2090-01-01 06:11 . 2090-01-01 06:13 <KAT> d-------- C:\ComboFix

2090-01-01 06:11 . 2090-01-01 06:12 64 --a------ C:\ComboFix.txt.bat

2090-01-01 05:41 . 2090-01-01 05:41 44 --a------ c:\windows\system32\B0.tmp

2090-01-01 05:20 . 2090-01-01 05:20 44 --a------ c:\windows\system32\2B6.tmp

2090-01-01 05:05 . 2090-01-01 05:05 <KAT> d-------- c:\program\ant bajs

2090-01-01 05:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2090-01-01 05:05 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2090-01-01 04:32 . 2090-01-01 04:32 164,100 --a------ c:\windows\system32\BA.tmp

2090-01-01 04:32 . 2090-01-01 04:32 88 --a------ c:\windows\system32\A7.tmp

2090-01-01 04:21 . 2090-01-01 04:21 164,100 --a------ c:\windows\system32\25E.tmp

2090-01-01 04:21 . 2090-01-01 04:21 88 --a------ c:\windows\system32\257.tmp

2090-01-01 04:11 . 2090-01-01 04:11 164,100 --a------ c:\windows\system32\1F2.tmp

2090-01-01 04:11 . 2090-01-01 04:11 88 --a------ c:\windows\system32\1D9.tmp

2090-01-01 04:06 . 2090-01-01 05:24 <KAT> d-------- c:\program\Spyware Doctor

2090-01-01 04:06 . 2090-01-01 04:06 <KAT> d-------- c:\documents and settings\Administratör\Application Data\PC Tools

2090-01-01 04:06 . 2090-01-01 04:11 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys

2090-01-01 04:06 . 2090-01-01 04:11 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys

2090-01-01 04:06 . 2090-01-01 04:11 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys

2090-01-01 04:06 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys

2090-01-01 04:05 . 2090-01-01 04:05 <KAT> d-------- c:\windows\system32\runtime

2090-01-01 04:05 . 2090-01-01 04:36 <KAT> d-------- c:\program\Norton Security Scan

2090-01-01 04:05 . 2090-01-01 04:36 <KAT> d-------- c:\program\Delade filer\Symantec Shared

2090-01-01 04:03 . 2090-01-01 04:03 164,100 --a------ c:\windows\system32\13.tmp

2090-01-01 04:03 . 2090-01-01 04:03 88 --a------ c:\windows\system32\12.tmp

2090-01-01 04:02 . 2090-01-01 05:41 16,896 --a------ c:\windows\system32\jietqcc32.dll

2090-01-01 03:50 . 2090-01-01 03:50 164,100 --a------ c:\windows\system32\25.tmp

2090-01-01 03:50 . 2090-01-01 03:50 88 --a------ c:\windows\system32\24.tmp

2090-01-01 03:26 . 2090-01-01 05:24 <KAT> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2090-01-01 03:08 . 2090-01-01 03:08 616 --a------ c:\windows\system32\1C.tmp

2090-01-01 03:07 . 2090-01-01 03:07 164,100 --a------ c:\windows\system32\1A.tmp

2090-01-01 03:07 . 2090-01-01 03:07 128 --a------ c:\windows\system32\17.tmp

2090-01-01 02:01 . 2090-01-01 02:01 0 --a------ c:\windows\system32\11.tmp

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2090-01-01 05:20 31,744 ----a-w c:\windows\system32\svchost.exe

2090-01-01 05:20 16,896 ----a-w c:\windows\system32\jietqcc.dll

2009-02-03 14:05 32,768 ---ha-w c:\documents and settings\Administratör\tkwdw.exe

2009-02-03 14:05 32,768 ---ha-w c:\documents and settings\Administratör\tkwdw.exe

2008-10-04 07:40 32 ----a-r c:\documents and settings\All Users\hash.dat

2008-09-30 12:32 692,554,778 ----a-w c:\documents and settings\Administratör\MTGOIII.exe

2008-09-30 12:32 692,554,778 ----a-w c:\documents and settings\Administratör\MTGOIII.exe

2002-01-01 14:49 46,592 ----a-w c:\windows\system32\config\systemprofile\reader_s.exe

2090-01-01 03:04 122,880 ----a-w c:\program\mozilla firefox\components\GoogleDesktopMozilla.dll

.

c:\windows\system32\user32.dll ... är infekterad !!

577,024 2005-03-02 18:21:09 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

578,048 2007-03-08 15:51:48 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

577,536 2007-03-08 15:39:13 c:\windows\$NtServicePackUninstall$\user32.dll

577,024 2004-08-03 23:34:02 c:\windows\$NtUninstallKB890859$\user32.dll

577,024 2005-03-02 18:19:17 c:\windows\$NtUninstallKB925902$\user32.dll

578,560 2008-04-14 20:34:54 c:\windows\ServicePackFiles\i386\user32.dll

578,560 2008-04-14 16:04:53 c:\windows\SoftwareDistribution\Download\602f759e47356a387e3fe197762b452c\user32.dll

578,560 2009-02-02 12:11:42 c:\windows\system32\user32.DLL

578,560 2009-02-02 12:11:42 c:\windows\system32\dllcache\user32.dll

 

 

------- Sigcheck -------

 

2004-08-04 00:34 31744 4bc5fc5445b65285424704204f60816d c:\windows\$NtServicePackUninstall$\svchost.exe

2008-04-14 21:35 31744 6806d81e7ff7240455719883c63950d8 c:\windows\ServicePackFiles\i386\svchost.exe

2008-04-14 17:05 31744 9cc9dbdfb0608b1ba4bd921d5b852499 c:\windows\SoftwareDistribution\Download\602f759e47356a387e3fe197762b452c\svchost.exe

2090-01-01 06:20 31744 174c30d729e7efb3d2f3b40f4097c032 c:\windows\system32\svchost.exe

 

2005-03-02 19:21 577024 9e1d00980a3049018ca4f88a393039df c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

2007-03-08 16:51 578048 3e8b53e05155bcd52ca2d38d1f222dc0 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

2007-03-08 16:39 577536 5f35963477143b0aa1527af61b8bab09 c:\windows\$NtServicePackUninstall$\user32.dll

2004-08-04 00:34 577024 3e9523a6915656f639a49ebf8453ca00 c:\windows\$NtUninstallKB890859$\user32.dll

2005-03-02 19:19 577024 90e96b3930709ed71ffed80fe122dd39 c:\windows\$NtUninstallKB925902$\user32.dll

2008-04-14 21:34 578560 e3cf0ec59316ea8e856db1e1f442cd57 c:\windows\ServicePackFiles\i386\user32.dll

2008-04-14 17:04 578560 e3cf0ec59316ea8e856db1e1f442cd57 c:\windows\SoftwareDistribution\Download\602f759e47356a387e3fe197762b452c\user32.dll

2009-02-02 13:11 578560 0c10c959257d87847b540d6a71912086 c:\windows\system32\user32.DLL

2009-02-02 13:11 578560 e3cf0ec59316ea8e856db1e1f442cd57 c:\windows\system32\dllcache\user32.dll

 

2004-08-03 22:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys

2008-04-14 00:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys

2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\602f759e47356a387e3fe197762b452c\ndis.sys

2009-02-04 10:41 213632 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys

2009-02-04 10:41 213632 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

 

2008-04-14 21:35 1051648 cf49c9b7af8432f53e59e31a05a7d776 c:\windows\explorer.exe

2007-06-13 14:12 1051136 956201dcaaf647f7ec4c321d4dfc6345 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 14:23 1051136 8d4819de71384561dc7ddd81b237c707 c:\windows\$NtServicePackUninstall$\explorer.exe

2004-08-04 00:34 1050112 8c1adba029d47f9103a3478e63df4b7f c:\windows\$NtUninstallKB938828$\explorer.exe

2008-04-14 21:35 1051648 5a9644e604c9c9cc1bb2c63c7f7512bf c:\windows\ServicePackFiles\i386\explorer.exe

2008-04-14 17:05 1051648 6867146c81ee3646f44a22584babfe28 c:\windows\SoftwareDistribution\Download\602f759e47356a387e3fe197762b452c\explorer.exe

 

2004-08-04 00:34 32768 8452b58895455d1f355a5b07e4c259c0 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-14 21:35 32768 7707c1011213074a9f0b0dca0a2853cb c:\windows\ServicePackFiles\i386\ctfmon.exe

2008-04-14 17:05 32768 56dc1754be6bac1a4217dba1b24dbd2d c:\windows\SoftwareDistribution\Download\602f759e47356a387e3fe197762b452c\ctfmon.exe

2008-04-14 21:35 32768 caecd484ba7372086f13c8d1718caeeb c:\windows\system32\ctfmon.exe

 

2005-06-11 01:17 75264 59726dc2319d7557beb91811d400af2c c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2005-06-11 00:53 75264 f030cf56c3c9cc0f6e56fe0346b8a44d c:\windows\$NtServicePackUninstall$\spoolsv.exe

2004-08-04 00:34 75264 a7740133d3aebd5884b9801675d64784 c:\windows\$NtUninstallKB896423$\spoolsv.exe

2008-04-14 21:35 75264 4cfaed82607496a905863c289ec074f9 c:\windows\ServicePackFiles\i386\spoolsv.exe

2008-04-14 17:05 75264 54e0d183785935554e988e129dd4abd2 c:\windows\SoftwareDistribution\Download\602f759e47356a387e3fe197762b452c\spoolsv.exe

2008-04-14 21:35 75264 871570a1d0fb9e0eb26d97ccd964c4bb c:\windows\system32\spoolsv.exe

 

2004-08-04 00:34 41984 896d7d171183a08115b0300ee4491fc0 c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-14 21:35 43520 82462148e52988f453628f4fe1598b00 c:\windows\ServicePackFiles\i386\userinit.exe

2008-04-14 17:05 43520 11be49e6648f6afd3c18d737020042bb c:\windows\SoftwareDistribution\Download\602f759e47356a387e3fe197762b452c\userinit.exe

2008-04-14 21:35 43520 ac37cee6c9d1c373c797d3aed5db7510 c:\windows\system32\userinit.exe

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="c:\program\Google\Google Desktop Search\GoogleDesktop.exe" [2090-01-01 30192]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 32768]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartNy(tt) Wordpad-dokument.doc [2008-12-27 191]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\logonui_black.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jietqcc]

2090-01-01 06:20 16896 c:\windows\system32\jietqcc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\program\Google\GO333C~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

"VIDC.ZMBV"= zmbv.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau c:\windows\system32\cbXNgETj

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5puxx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svynsgby.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^WiziWYG XP Startup.lnk]

backup=c:\windows\pss\WiziWYG XP Startup.lnkCommon Startup

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\WiziWYG XP Startup.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctdvddet]

--a------ 2003-06-18 01:00 65536 c:\program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 21:35 32768 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctsysvol]

--a------ 2003-09-17 10:43 77824 c:\program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon]

--a------ 2008-07-24 16:02 511432 c:\program\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 16:02 511432 c:\program\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2008-12-02 22:41 3882312 c:\program\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2008-07-07 08:34 188416 c:\program\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 15:09 434176 c:\program\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]

--a------ 2008-12-14 10:24 306088 c:\program\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtss]

--a------ 2008-12-29 09:30 184320 c:\program\RivaTuner v2.22\Tools\RTSS\RTSS.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sbdrvdet]

--a------ 2002-12-03 18:06 65536 c:\program\Creative\SB Drive Det\SBDrvDet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-09-29 16:57 21755688 c:\program\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startccc]

--a------ 2008-08-01 15:23 81920 c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]

--a------ 2008-02-22 04:25 144784 c:\program\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cthelper]

--a------ 2008-06-27 17:24 36864 c:\windows\system32\CtHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

 

R0 ati5puxx;ati5puxx;c:\windows\system32\drivers\ati5puxx.sys [2002-01-01 32768]

R0 svynsgby;svynsgby;c:\windows\system32\drivers\svynsgby.sys [2090-01-01 33920]

R1 synsend;synsend;\??\c:\windows\system32\drivers\synsenddrv.sys --> c:\windows\system32\drivers\synsenddrv.sys [?]

R2 avg8wd;AVG8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2009-02-02 296216]

R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-02 75272]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-10-11 56344]

R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2008-07-07 15896]

R2 SeaPort;SeaPort;c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]

R3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2008-10-28 9216]

S0 boeycweh;boeycweh;c:\windows\system32\drivers\plqr.sys --> c:\windows\system32\drivers\plqr.sys [?]

S0 ezvi;ezvi;c:\windows\system32\drivers\rwhvc.sys --> c:\windows\system32\drivers\rwhvc.sys [?]

S1 143b3b5;143b3b5;c:\windows\system32\drivers\143b3b5.sys [2002-01-01 0]

S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys --> c:\windows\system32\Drivers\appdrv01.sys [?]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-02 96520]

S1 c787e33d;c787e33d;c:\windows\system32\drivers\c787e33d.sys [2009-02-02 0]

S1 ethzjonf;ethzjonf;c:\windows\system32\drivers\ethzjonf.sys [2009-02-02 138240]

S2 appdrvrem01;Application Driver Auto Removal Service (01);%SystemRoot%\System32\appdrvrem01.exe svc --> %SystemRoot%\System32\appdrvrem01.exe svc [?]

S2 FCI;FCI;c:\windows\system32\svchost.exe:ext.exe []

S2 gupdate1c9860a39c23596;Google Update Service (gupdate1c9860a39c23596);c:\program\Google\Update\GoogleUpdate.exe [2009-02-03 133104]

S2 icf;ICF;c:\windows\system32\svchost.exe:ext.exe []

S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2008-04-09 347648]

S3 bfastfao;bfastfao;\??\c:\docume~1\ADMINI~1\LOKALA~1\Temp\bfastfao.sys --> c:\docume~1\ADMINI~1\LOKALA~1\Temp\bfastfao.sys [?]

S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-09-25 20608]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]

S3 fsssvc;Windows Live Family Safety;c:\program\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]

S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program\Google\Google Desktop Search\GoogleDesktop.exe [2090-01-01 30192]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program\Spyware Doctor\pctsAuxs.exe [2090-01-01 356920]

S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDCndis5.sys [2008-09-25 19072]

S3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;c:\windows\system32\drivers\WlanUZXP.SYS [2008-09-25 437760]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*NewlyCreated* - SVYNSGBY

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-2-31-100022465-100009015-100032158-1375.com c:\Shell\Open\command - RECYCLER\S-0-2-31-100022465-100009015-100032158-1375.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-2-31-100022465-100009015-100032158-1375.com d:\Shell\Open\command - RECYCLER\S-0-2-31-100022465-100009015-100032158-1375.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-2-31-100022465-100009015-100032158-1375.com e:\Shell\Open\command - RECYCLER\S-0-2-31-100022465-100009015-100032158-1375.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\shell\autorun\command - H:\autorun.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-02-01 c:\windows\Tasks\At1.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At10.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At11.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At12.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At13.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At14.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At14.job

- X:\ []

 

2009-02-02 c:\windows\Tasks\At15.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-04 c:\windows\Tasks\At16.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-04 c:\windows\Tasks\At17.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-04 c:\windows\Tasks\At18.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-03 c:\windows\Tasks\At19.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At2.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At20.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At21.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At22.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-01 c:\windows\Tasks\At23.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-01 c:\windows\Tasks\At24.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At3.job

- c:\windows\system32\i8QWT5b1.exe []

 

2090-01-01 c:\windows\Tasks\At4.job

- c:\windows\system32\i8QWT5b1.exe []

 

2090-01-01 c:\windows\Tasks\At5.job

- c:\windows\system32\i8QWT5b1.exe []

 

2090-01-01 c:\windows\Tasks\At6.job

- c:\windows\system32\i8QWT5b1.exe []

 

2090-01-01 c:\windows\Tasks\At7.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At8.job

- c:\windows\system32\i8QWT5b1.exe []

 

2009-02-02 c:\windows\Tasks\At9.job

- c:\windows\system32\i8QWT5b1.exe []

 

2090-01-01 c:\windows\Tasks\gdxmswcb.job

- c:\windows\system32\vtUlKCvv.dll []

 

2090-01-01 c:\windows\Tasks\Google Software Updater.job

- c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 15:16]

 

2090-01-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program\Google\Update\GoogleUpdate.exe [2009-02-03 15:18]

 

2090-01-01 c:\windows\Tasks\Norton Security Scan for Administratör.job

- c:\program\Norton Security Scan\Nss.exe [2008-12-11 17:49]

 

2090-01-01 c:\windows\Tasks\RegCure Program Check.job

- c:\program\RegCure\RegCure.exe [2007-08-02 09:20]

 

2009-01-29 c:\windows\Tasks\RegCure.job

- c:\program\RegCure\RegCure.exe [2007-08-02 09:20]

 

2090-01-01 c:\windows\Tasks\wmplayer.job

- c:\program\Windows Media Player\wmplayer.exe [2005-01-28 12:44]

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKCU-Run-MtdAcqu - c:\program\Creative\MediaSource5\MtdAcqu.exe

HKCU-Run-MSFox - c:\docume~1\ADMINI~1\LOKALA~1\Temp\xxx9410.exe

HKLM-Run-UpdReg - c:\windows\UpdReg.EXE

HKLM-Run-SweetIM - c:\program\SweetIM\Messenger\SweetIM.exe

HKLM-Run-CTXFIREG - CTxfiReg.exe

HKU-Default-Run-reader_s - c:\documents and settings\Administratör\reader_s.exe

HKLM-Explorer_Run-smile - c:\program\Applications\wcs.exe

SafeBoot-ljpvcapu.sys

SafeBoot-smclwtlh.sys

MSConfigStartUp-avg8_tray - c:\program\AVG\AVG8\avgtray.exe

MSConfigStartUp-BitComet - c:\program\BitComet\BitComet.exe

MSConfigStartUp-nvsvc - c:\windows\system32\nvsvc32.exe

MSConfigStartUp-reader_s - c:\windows\System32\reader_s.exe

MSConfigStartUp-rs32net - c:\windows\System32\rs32net.exe

MSConfigStartUp-services - c:\windows\services.exe

MSConfigStartUp-Steam - c:\program\Steam\Steam.exe

 

 

.

------- Extra genomsökning -------

.

mStart Page = about:blank

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

FF - ProfilePath - c:\documents and settings\Administratör\Application Data\Mozilla\Firefox\Profiles\14r3qs9a.defaultFF - prefs.js: browser.startup.homepage - hxxp://sv-SE.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sv-SE:official

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - component: c:\program\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FF - component: c:\program\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll

FF - plugin: c:\program\Google\Update\1.2.133.37\npGoogleOneClick7.dll

FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICY ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12);user_pref(general.useragent.extra.zencast, c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2090-01-01 06:21:38

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FCI]

"ImagePath"="c:\windows\system32\svchost.exe:ext.exe"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\icf]

"ImagePath"="c:\windows\system32\svchost.exe:ext.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mcmideezapqqt]

"ImagePath"="\??\c:\windows\system32\drivers\ndkwfbnct.sys"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\Administrator\Software\SecuROM\License information*]

"datasecu"=hex:8b,48,33,ef,26,2c,63,dc,78,c9,6d,1f,88,a6,69,ca,e4,fa,26,c4,38,

02,ec,74,61,ef,b9,76,cd,31,f4,c6,d1,e3,97,69,5a,85,fe,f6,8c,53,7f,33,0c,c1,"rkeysecu"=hex:e3,95,2a,1b,2d,7a,7b,6e,a4,00,5f,9b,cf,ac,1d,5f

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(1328)

c:\program\Bonjour\mdnsNSP.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\jietqcc32.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\WgaTray.exe

c:\program\Bonjour\mDNSResponder.exe

c:\windows\Temp\gkv6.tmp

c:\windows\system32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Sluttid: 2090-01-01 6:23:53 - datorn startades om. [Administratör]

ComboFix-quarantined-files.txt 2090-01-01 05:23:49

 

Före genomsökningen: 2,899,460,096 byte ledigt

Efter genomsökningen: 3,147,038,720 byte ledigt

 

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

390 --- E O F --- 2009-01-15 11:10:47

[/log]

 

Link to comment
Share on other sites

Vad beror detta på??Administratör 2090-01-01 6:18:14.1 -

Filer Skapade från 2089-12-01 till 2090-01-01

 

Denna dator är så full i skräp att jag behöver en god natts sömn för att gå igenom din logga så jag återkommer im

 

God natt/ Mvh Laston

 

Link to comment
Share on other sites

verkar som den senaste rensningen med combo och mal renasade ordentligt! så rent att mina drivrutiner till nätverks kortet försvan så skriover frånj polarens dator. ha ha illa och har ingen cd läsare med dom återkommer när jag löst det

 

Link to comment
Share on other sites

Nja det verkar som att det har installerats infekterade drivrutiner efter det att du har installerat ComboFix,har du externa enheter kopplade till datorn?Hur avinstallerade du Norton? Detta RegCure skall avinstalleras!!

Detta vittnar om problem

c:\windows\system32\user32.dll ... är infekterad !!

Återkom när du kan/ Mvh Laston

 

 

 

Link to comment
Share on other sites

verkar som ju mera jag fixar med det ju mera fukar det:P överväger formatara c verkligen tror du inte det vore smidigare^^

 

Link to comment
Share on other sites

Prova att göra en systemåterstållning till tidpunkt innan Combo körning först,annars är jag benägen att hålla med dig om det kan vara lika bra med tanke på hur det ser ut! Mvh Laston

 

Link to comment
Share on other sites

Ok! 17st svchost.exe vittnar om att nåt är riktigt galet i din dator så det är bättre att starta om och tänka på vad du installerar och laddar hem!!Trist att jag inte kunde hjälpa mer,lycka till/ Mvh Laston

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...