Just nu i M3-nätverket
Gå till innehåll

Tuffaste Virus/Spyware jag någonsin stött på!!


Victor Eklund

Rekommendera Poster

  • Svars 103
  • Skapad
  • Senaste svar
Victor Eklund

Hittar ingen sådan fil i system32. Jag har visning av dolda filer aktiverad. Sökte igenom hela system32 plus undermappar efter denna fil men hittade inget.

 

Länk till kommentar
Dela på andra webbplatser

Victor Eklund

Om jag gör det får jag bluescreen.

 

Har inte testat blacklight, eftersom länken inte fungerar för mig.

 

Länk till kommentar
Dela på andra webbplatser

Victor Eklund

Jo då den fungerar, en omstart efter blåskärmen är allt lugnt igen. Blacklight verkar inte fungera i safemode så jag testar i normal...

 

Länk till kommentar
Dela på andra webbplatser

Victor Eklund

[log]DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Ekan@VICTOR, 02-14-2009

c:\windows\system32\autoexec.nt

C:\WINDOWS\system32\mscdexnt.exe

C:\WINDOWS\system32\redir.exe

C:\WINDOWS\system32\dosx.exe

c:\windows\system32\config.nt

C:\WINDOWS\system32\himem.sys

c:\windows\system.ini [drivers]

timer=timer.drv

c:\windows\system.ini [boot]\shell

C:\WINDOWS\Explorer.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

C:\WINDOWS\Explorer.exe

HKCR\vbsfile\shell\open\command C:\WINDOWS\System32\WScript.exe "%1" %*

HKCR\vbefile\shell\open\command C:\WINDOWS\System32\WScript.exe "%1" %*

HKCR\jsfile\shell\open\command C:\WINDOWS\System32\WScript.exe "%1" %*

HKCR\jsefile\shell\open\command C:\WINDOWS\System32\WScript.exe "%1" %*

HKCR\wshfile\shell\open\command C:\WINDOWS\System32\WScript.exe "%1" %*

HKCR\wsffile\shell\open\command C:\WINDOWS\System32\WScript.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LClock

C:\Program Files\LClock\LClock.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PowerTweak Menu

C:\WINDOWS\system32\mmm.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UnlockerAssistant

C:\Program Files\Unlocker\UnlockerAssistant.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VisualTooltip

C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched

C:\Program Files\Java\jre6\bin\jusched.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RTHDCPL

C:\WINDOWS\RTHDCPL.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Alcmtr

C:\WINDOWS\ALCMTR.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\JMB36X IDE Setup

C:\WINDOWS\RaidTool\xInsIDE.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\36X Raid Configurer

C:\WINDOWS\system32\xRaidSetup.exe boot

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\avgnt

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\zBrowser Launcher

C:\Program Files\Logitech\iTouch\iTouch.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\JulaPan

C:\WINDOWS\system32\JulaPan.Exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RemoteControl8

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PDVD8LanguageShortcut

C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BDRegion

C:\Program Files\Cyberlink\Shared Files\brs.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\winupdate

C:\WINDOWS\system32\uninstall.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\services

C:\WINDOWS\services.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SpywareCease.exe

C:\Program Files\Spyware Cease\SpywareCease.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\TaskSwitchXP

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Sidebar

C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SpybotSD TeaTimer

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\PeerGuardian

C:\Program Files\PeerGuardian2\pg2.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe

C:\WINDOWS\system32\ctfmon.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Skype

C:\Program Files\Skype\Phone\Skype.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\winupdate

C:\WINDOWS\system32\uninstall.exe

HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE

C:\WINDOWS\system32\CTFMON.EXE

HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\TaskSwitchXP

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

HKU\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\nltide_3

rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

HKU\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\ShowDeskFix

regsvr32 /s /n /i:u shell32

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad C:\WINDOWS\system32\webcheck.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\stobject.dll

C:\WINDOWS\system32\WPDShServiceObj.dll

C:\Documents and Settings\Ekan\Start Menu\Programs\Startup\Styler.lnk

C:\Documents and Settings\Ekan\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal.lnk

C:\Program Files\Personal\bin\Personal.exe

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

autocheck autochk *

lsdelete

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

C:\WINDOWS\system32\userinit.exe

HKLM\System\CurrentControlSet\Control\WOW\cmdline

C:\WINDOWS\system32\ntvdm.exe

HKLM\System\CurrentControlSet\Control\WOW\wowcmdline

C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries C:\WINDOWS\system32\mswsock.dll

C:\WINDOWS\system32\rsvpsp.dll

[/log]

 

 

 

Jag använder mig av en USB sticka mellan laptoppen jag surfar på och min stationära som är infekterad. Har upptäckt att varje gång jag trycker in min USB sticka i den stationära så läggs det till en fil i den som heter m.exe, mitt virusprogram i laptoppen tycker det är en skum fil. Tänkte bara dela med mig av mina iaktagelser här :)

 

Länk till kommentar
Dela på andra webbplatser

 

Kör programmet igen och klicka på

 

C:\WINDOWS\services.exe

 

sen delete file om funkar

Kommer du inte ut på nätet med den infekterad dator.

Om så kör med den

 

Länk till kommentar
Dela på andra webbplatser

Victor Eklund

Har mycket svårt att surfa med den infekterade datorn. Den bara står och tuggar när man försöker ladda en sida.

 

Filen gick inte att ta bort. Får upp ett meddelande som säger;

 

Delete Failed:

File still exists.

 

Länk till kommentar
Dela på andra webbplatser

Victor Eklund

Nu jävlar händer det grejjer! :D Fick combofix att fungera i normalt läge däremot så startade combofix om en gång och då blev de felsäkert läge pga inställningen i msconfig. Jag hoppas inte detta påverkade resultaten, den tog iaf bort en massa filer och nu verka datorn må mycket bättre.

 

 

 

[log]ComboFix 09-02-12.03 - Ekan 2009-02-14 16:26:11.1 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1768 [GMT 1:00]

Körs från: c:\documents and settings\Ekan\Desktop\rensning.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

 

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease

c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk

c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk

c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk

c:\documents and settings\Ekan\Favorites\Search Online.url

c:\documents and settings\Ekan\Favorites\SMS TRAP.url

c:\program files\Spyware Cease

c:\program files\Spyware Cease\AutoUpdate.exe

c:\program files\Spyware Cease\DefendLog.txt

c:\program files\Spyware Cease\LSR.lsr

c:\program files\Spyware Cease\md5.dll

c:\program files\Spyware Cease\networkdll.dll

c:\program files\Spyware Cease\opfile.dll

c:\program files\Spyware Cease\RegDefend.ini

c:\program files\Spyware Cease\RepairBackup\del.txt

c:\program files\Spyware Cease\RepairBackup\removestartup.dat

c:\program files\Spyware Cease\RepairBackup\startup.dat

c:\program files\Spyware Cease\RKHit.sys

c:\program files\Spyware Cease\RkHitApi.dll

c:\program files\Spyware Cease\spkdll.dll

c:\program files\Spyware Cease\SpywareCease.chm

c:\program files\Spyware Cease\SpywareCease.exe

c:\program files\Spyware Cease\SpywareCease.url

c:\program files\Spyware Cease\swdb.ssk

c:\program files\Spyware Cease\unins000.dat

c:\program files\Spyware Cease\unins000.exe

c:\program files\Spyware Cease\update\opfile.dll

c:\program files\Spyware Cease\update\swdb.ssk

c:\program files\Spyware Cease\update\Update.ini

c:\program files\Spyware Cease\zlib1.dll

c:\windows\ios.dat

c:\windows\services.exe

c:\windows\system32\bdaefdaadf.dll

c:\windows\system32\c.ico

c:\windows\system32\crypts.dll

c:\windows\system32\drivers\RKHit.sys

c:\windows\system32\drivers\UACqllxfuml.sys

c:\windows\system32\m.ico

c:\windows\system32\p.ico

c:\windows\system32\s.ico

c:\windows\system32\UACevvcdveb.log

c:\windows\system32\UACgmpxaqpp.log

c:\windows\system32\UACkyprrvsf.dll

c:\windows\system32\UACpmbrrsul.dll

c:\windows\system32\UACtcinykmr.log

c:\windows\system32\UACtqfqxdpx.dll

c:\windows\system32\UACwkkltwqu.dat

c:\windows\system32\UACwvnstjet.dll

F:\autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_UACd.sys

-------\Legacy_rkhit

-------\Service_rkhit

 

 

(((((((((((((((((((((((( Filer Skapade från 2009-01-14 till 2009-02-14 ))))))))))))))))))))))))))))))

.

 

2009-02-13 19:03 . 2009-02-13 19:03 <DIR> d-------- c:\documents and settings\Ekan\Application Data\True Sword

2009-02-13 18:19 . 2009-02-13 18:19 <DIR> d-------- c:\program files\Panda Software

2009-02-13 18:19 . 2002-08-12 09:46 85,456 --a------ c:\windows\system32\drivers\Teefer.sys

2009-02-13 18:19 . 2002-08-12 09:46 15,360 --a------ c:\windows\system32\drivers\wpsdrvnt.sys

2009-02-13 18:17 . 2009-02-13 18:17 <DIR> d-------- c:\program files\iolo

2009-02-13 18:17 . 2009-02-13 18:17 <DIR> d-------- c:\documents and settings\Ekan\Application Data\iolo

2009-02-13 18:17 . 2009-02-13 18:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo

2009-02-13 18:17 . 2004-02-17 12:09 472,064 --a------ c:\windows\system32\Incinerator.dll

2009-02-13 18:17 . 2003-08-05 17:48 14,848 --a------ c:\windows\system32\smrgdf.exe

2009-02-13 18:17 . 2003-06-11 11:55 8,064 --a------ c:\windows\system32\drivers\filedisk.sys

2009-02-13 17:50 . 2009-02-13 19:03 <DIR> d-------- c:\program files\True Sword 5

2009-02-13 17:50 . 2005-10-11 14:40 356,352 --a------ c:\windows\eSellerateEngine.dll

2009-02-13 17:50 . 2003-06-06 11:21 81,920 --a------ c:\windows\eSellerateControl350.dll

2009-02-13 00:16 . 2009-02-13 00:16 <DIR> d--h----- c:\windows\PIF

2009-02-12 23:07 . 2009-02-12 23:07 <DIR> d-------- c:\program files\Lavasoft

2009-02-12 23:07 . 2009-02-12 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-12 15:56 . 2009-02-12 15:56 19,214 --a------ c:\windows\system32\sf.ico

2009-02-12 15:56 . 2009-02-12 15:56 13,942 --a------ c:\windows\system32\m3.ico

2009-02-12 15:56 . 2009-02-13 17:51 5,189 --a------ c:\windows\system32\uacinit.dll

2009-02-12 15:56 . 2009-02-12 22:59 2 --a------ C:\1545417160

2009-02-11 14:07 . 2005-05-09 20:08 33,792 --a------ c:\windows\system32\drivers\cledx.sys

2009-02-11 12:46 . 2009-02-11 12:46 5 --a------ c:\windows\system32\chkit

2009-02-11 12:27 . 2009-02-11 12:27 <DIR> d-------- c:\program files\Best Service

2009-02-04 17:13 . 2009-02-04 17:13 <DIR> d-------- c:\program files\QT Lite

2009-02-04 17:13 . 2009-02-04 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

2009-02-04 17:13 . 2009-01-05 16:18 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx

2009-02-04 17:13 . 2009-01-05 16:18 57,344 --a------ c:\windows\system32\QuickTime.qts

2009-01-31 13:20 . 2009-01-31 13:20 <DIR> d-------- c:\program files\WWAYM

2009-01-31 13:17 . 2009-01-31 13:18 <DIR> d-------- c:\program files\u-he

2009-01-31 13:13 . 2006-09-14 01:21 2,240 --a------ c:\windows\LENDIG.sys

2009-01-31 13:10 . 2009-01-31 13:10 <DIR> d-------- c:\program files\Cakewalk

2009-01-31 13:07 . 2009-01-31 13:07 <DIR> d-------- c:\program files\PoiZone

2009-01-31 13:00 . 2009-01-31 13:22 <DIR> d-------- c:\program files\LUXONIX

2009-01-31 13:00 . 2009-01-31 13:00 <DIR> d-------- c:\program files\AAS

2009-01-31 13:00 . 2009-01-31 13:00 <DIR> d-------- c:\documents and settings\Ekan\Application Data\Applied Acoustics Systems

2009-01-30 18:08 . 2009-01-30 18:08 <DIR> d-------- c:\program files\MSXML 4.0

2009-01-30 17:45 . 2009-01-30 17:45 <DIR> d-------- c:\documents and settings\Ekan\Application Data\DAEMON Tools Pro

2009-01-30 17:45 . 2009-01-30 17:45 <DIR> d-------- c:\documents and settings\Ekan\Application Data\DAEMON Tools

2009-01-30 17:44 . 2009-01-30 17:45 <DIR> d-------- c:\documents and settings\Ekan\Application Data\DAEMON Tools Lite

2009-01-30 17:44 . 2009-01-30 17:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2009-01-29 21:12 . 2009-02-10 01:17 49 --a------ c:\windows\NeroDigital.ini

2009-01-29 19:54 . 2009-01-29 19:56 <DIR> d-------- c:\documents and settings\Ekan\Application Data\Ahead

2009-01-29 19:53 . 2009-01-29 19:53 <DIR> d-------- c:\program files\Nero

2009-01-29 19:53 . 2009-01-29 19:53 <DIR> d-------- c:\program files\Common Files\Ahead

2009-01-29 19:53 . 2009-01-29 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero

2009-01-29 19:53 . 2009-01-29 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead

2009-01-29 17:43 . 2009-01-29 17:43 <DIR> d-------- c:\program files\Sony

2009-01-29 17:41 . 2009-01-29 17:41 <DIR> d-------- c:\documents and settings\Ekan\Application Data\Publish Providers

2009-01-29 17:38 . 2009-01-29 17:38 <DIR> d-------- c:\documents and settings\Ekan\Application Data\Sony

2009-01-29 17:37 . 2009-01-29 17:37 <DIR> d-------- c:\program files\Sony Setup

2009-01-29 17:16 . 2009-01-29 17:16 <DIR> d-------- c:\program files\VOB

2009-01-29 17:16 . 2002-08-28 11:09 611,840 --a------ c:\windows\system32\vobhw.dll

2009-01-29 17:16 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2009-01-29 17:16 . 2002-09-26 17:34 153,088 --a------ c:\windows\system32\IWUninstall.exe

2009-01-29 17:16 . 2000-04-27 12:31 19,456 --a------ c:\windows\system32\asapi.dll

2009-01-29 17:16 . 2002-04-17 20:27 11,264 --a------ c:\windows\system32\drivers\asapi.sys

2009-01-29 17:15 . 2009-01-29 17:15 <DIR> d-------- c:\documents and settings\Ekan\WINDOWS

2009-01-19 17:10 . 2009-01-19 17:19 <DIR> d-------- c:\windows\system32\Adobe

2009-01-14 00:11 . 2009-01-14 00:11 <DIR> d-------- c:\windows\Sun

2009-01-14 00:11 . 2009-01-20 11:16 <DIR> d-------- c:\documents and settings\Ekan\cbt

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-14 14:50 --------- d-----w c:\program files\PeerGuardian2

2009-02-14 14:30 --------- d-----w c:\documents and settings\Ekan\Application Data\Skype

2009-02-14 13:56 --------- d-----w c:\documents and settings\Ekan\Application Data\skypePM

2009-02-13 17:19 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-12 22:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-02-12 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-12 15:46 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-02-12 15:08 --------- d-----w c:\program files\CCleaner

2009-02-11 22:47 --------- d-----w c:\program files\Steinberg

2009-02-11 13:09 --------- d-----w c:\documents and settings\Ekan\Application Data\Steinberg

2009-02-11 12:58 --------- d-----w c:\documents and settings\Ekan\Application Data\Azureus

2009-02-11 11:27 --------- d-----w c:\program files\Native Instruments

2009-02-10 19:11 --------- d-----w c:\program files\DC++

2009-01-31 12:02 --------- d-----w c:\program files\Image-Line

2009-01-31 11:58 --------- d-----w c:\program files\Common Files\Native Instruments

2009-01-30 21:57 --------- d-----w c:\program files\Spectrasonics

2009-01-27 11:08 --------- d-----w c:\program files\Vuze

2009-01-22 00:04 --------- d-----w c:\documents and settings\Ekan\Application Data\dvdcss

2009-01-12 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia

2009-01-11 23:59 --------- d-----w c:\program files\Replay AV 8

2009-01-11 16:17 --------- d-----w c:\program files\WinPcap

2009-01-11 16:16 737,280 ----a-w c:\windows\iun6002.exe

2009-01-11 16:16 --------- d-----w c:\program files\Replay Converter

2009-01-11 16:04 --------- d-----w c:\documents and settings\Ekan\Application Data\Audacity

2009-01-10 22:49 --------- d-----w c:\documents and settings\Ekan\Application Data\CyberLink

2009-01-10 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink

2009-01-10 22:48 --------- d-----w c:\program files\CyberLink

2009-01-10 22:48 --------- d-----w c:\program files\Common Files\CyberLink

2009-01-10 22:48 --------- d-----w c:\documents and settings\All Users\Application Data\Temp

2009-01-10 22:43 --------- d-----w c:\documents and settings\Ekan\Application Data\ImgBurn

2009-01-10 22:42 --------- d-----w c:\program files\ImgBurn

2009-01-09 14:13 --------- d-----w c:\program files\WorldOfGoo

2009-01-09 11:56 --------- d-----w c:\documents and settings\Ekan\Application Data\Winamp

2009-01-08 14:30 --------- d-----w c:\documents and settings\All Users\Application Data\2DBoy

2009-01-08 13:41 --------- d-----w c:\program files\Skype

2009-01-08 13:41 --------- d-----w c:\program files\Common Files\Skype

2009-01-08 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-01-07 14:41 --------- d-----w c:\program files\Icecast2 Win32

2009-01-07 13:48 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-01-07 11:02 --------- d-----w c:\documents and settings\Ekan\Application Data\Ventrilo

2009-01-07 10:53 --------- d-----w c:\program files\Ventrilo

2009-01-06 23:29 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-06 21:02 --------- d-----w c:\program files\Combined Community Codec Pack

2009-01-06 20:53 --------- d-----w c:\program files\Haali

2009-01-06 20:53 --------- d-----w c:\program files\CoreCodec

2009-01-06 20:51 --------- d-----w c:\documents and settings\Ekan\Application Data\Media Player Classic

2009-01-06 16:50 --------- d-----w c:\program files\ASIO4ALL v2

2009-01-06 16:49 --------- d-----w c:\program files\Outsim

2009-01-06 16:47 --------- d-----w c:\program files\MagicISO

2009-01-06 16:21 --------- d-----w c:\program files\Alcohol Soft

2009-01-06 11:25 --------- d-----w c:\program files\Common Files\Adobe

2009-01-06 11:25 --------- d-----w c:\program files\Bonjour

2009-01-06 11:21 --------- d-----w c:\program files\Common Files\Macrovision Shared

2009-01-05 23:42 --------- d-----w c:\program files\Common Files\Digidesign

2009-01-05 23:30 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-01-05 23:27 --------- d-----w c:\program files\Unlocker

2009-01-05 22:48 --------- d-----w c:\program files\Microsoft Visual Studio 8

2009-01-05 22:29 --------- d-----w c:\program files\Microsoft.NET

2009-01-05 22:29 --------- d-----w c:\program files\Microsoft Works

2008-12-17 12:20 --------- d-----w c:\program files\Winamp

2008-12-17 12:01 --------- d-----w c:\program files\Windows Live SkyDrive

2008-12-17 12:01 --------- d-----w c:\program files\Windows Live

2008-12-17 12:01 --------- d-----w c:\program files\Microsoft

2008-12-17 11:58 --------- d-----w c:\program files\Common Files\Windows Live

2008-12-17 11:26 --------- d-----w c:\program files\Personal

2008-12-17 11:26 --------- d-----w c:\documents and settings\Ekan\Application Data\Personal

2008-12-17 01:40 --------- d-----w c:\documents and settings\Ekan\Application Data\vlc

2008-12-17 01:27 --------- d-----w c:\program files\Logitech

2008-12-17 01:27 --------- d-----w c:\program files\Common Files\Logitech

2008-12-17 01:05 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus

2008-12-17 00:45 --------- d-----w c:\program files\Java

2008-12-16 19:40 --------- d-----w c:\program files\VideoLAN

2008-12-16 10:28 --------- d-----w c:\program files\Avira

2008-12-16 10:28 --------- d-----w c:\documents and settings\All Users\Application Data\Avira

2008-12-16 10:16 --------- d-----w c:\program files\Common Files\InstallShield

2008-12-16 10:16 --------- d-----w c:\program files\ASUS

2008-12-16 10:06 --------- d-----w c:\program files\Intel

2008-12-16 10:03 --------- d-----w c:\program files\Attansic

2008-12-16 09:58 315,392 ----a-w c:\windows\HideWin.exe

2008-12-16 09:58 --------- d-----w c:\program files\Realtek

2008-12-16 09:52 --------- d-----w c:\program files\Styler

2008-12-16 09:52 --------- d-----w c:\documents and settings\Ekan\Application Data\Styler

2008-12-16 09:45 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-16 09:44 --------- d-----w c:\program files\Kristanix

2008-12-16 09:44 --------- d-----w c:\program files\Common Files\Stardock

2008-12-16 09:44 --------- d-----w c:\program files\Alky for Applications

2008-12-16 09:43 --------- d-----w c:\program files\Sysinternals

2008-12-16 09:43 --------- d-----w c:\program files\Stardock

2008-12-16 09:43 --------- d-----w c:\program files\Common Files\Java

2008-12-16 09:42 89 ----a-w c:\windows\system32\config\systemprofile\Del2180.bat

2008-12-16 09:42 89 ----a-w c:\documents and settings\Ekan\Del2180.bat

2008-12-16 09:42 89 ----a-w c:\documents and settings\Default User\Del2180.bat

2008-12-16 09:41 --------- d-----w c:\program files\Reference Assemblies

2008-12-16 09:41 --------- d-----w c:\program files\MSBuild

2008-12-16 09:36 --------- d-----w c:\program files\VistaExperience.org

2008-12-16 09:36 --------- d-----w c:\program files\Windows Sidebar

2008-12-16 09:34 --------- d-----w c:\program files\Utilities

2008-12-16 09:34 --------- d-----w c:\program files\TaskSwitchXP

2008-12-16 09:34 --------- d-----w c:\program files\LClock

2008-12-16 09:34 --------- d-----w c:\program files\Desktop

2007-03-09 08:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-12-02 1230848]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-03-07 15360]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]

"PowerTweak Menu"="c:\windows\system32\mmm.exe" [2005-07-05 828416]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872]

"VisualTooltip"="c:\program files\Utilities\VisualTooltip\VisualToolTip.exe" [2007-04-25 956928]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-08-08 91432]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-03-07 169984]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

"JulaPan"="JulaPan.Exe" [2008-06-24 c:\windows\system32\JulaPan.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-03-07 15360]

"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll]

 

c:\documents and settings\Ekan\Start Menu\Programs\StartupStyler.lnk - c:\documents and settings\Ekan\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-12-16 15086]

 

c:\documents and settings\All Users\Start Menu\Programs\StartupPersonal.lnk - c:\program files\Personal\bin\Personal.exe [2008-12-17 910864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-05-16 09:27 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-11-07 00:00 1626112 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Native Instruments\\Traktor DJ Studio 3\\TraktorDJStudio3.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Icecast2 Win32\\Icecast2win.exe"=

"c:\\Program Files\\DC++\\DCPlusPlus.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2009-01-29 11264]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-12-16 38656]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-02-11 33792]

R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-12-17 14095]

S1 2391f3b6;2391f3b6;c:\windows\system32\drivers\2391f3b6.sys --> c:\windows\system32\drivers\2391f3b6.sys [?]

S1 65128575;65128575;c:\windows\system32\drivers\65128575.sys --> c:\windows\system32\drivers\65128575.sys [?]

S1 811b6551;811b6551;c:\windows\system32\drivers\811b6551.sys --> c:\windows\system32\drivers\811b6551.sys [?]

S1 cb691625;cb691625;c:\windows\system32\drivers\cb691625.sys --> c:\windows\system32\drivers\cb691625.sys [?]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-08-08 10:15:56 41456]

S2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [2009-01-07 417792]

S3 JULA_01;Service for Juli@ 1;c:\windows\system32\drivers\JulaWdm.sys [2008-12-17 22912]

S3 JULA_AA;Service for Juli@ Audio Driver (EWDM);c:\windows\system32\drivers\Jula.sys [2008-12-17 29600]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4868a86-dbe3-11dd-aee8-001e8c6327fe}]

\Shell\AutoRun\command - F:\Autorun.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

BHO-{2D0733B6-0BAC-47C1-909A-D9DB0533FFAF} - c:\windows\system32\fejokt.dll

BHO-{ada8c222-95d2-47b5-950b-aebc0a508839} - c:\windows\system32\spria.dll

HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe

MSConfigStartUp-H2O - c:\program files\SyncroSoft\Pos\H2O\cledx.exe

MSConfigStartUp-winupdate - c:\windows\system32\uninstall.exe

 

 

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Ekan\Application Data\Mozilla\Firefox\Profiles\fsro5f0u.defaultFF - component: c:\documents and settings\Ekan\Application Data\Mozilla\Firefox\Profiles\fsro5f0u.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Personal\bin\np_prsnl.dll

 

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

.

------- Filassociationer -------

.

inffile=c:\windows\system32\Notepad2.exe %1

inifile=c:\windows\system32\Notepad2.exe %1

txtfile=c:\windows\system32\Notepad2.exe %1

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-14 16:31:12

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\windows\system32\6074fe4bff90e3309b915e68525bbf22.sys 39936 bytes executable

c:\windows\system32\_6074fe4bff90e3309b915e68525bbf22.sys_.vir 39936 bytes executable

 

scan completed successfully

hidden files: 2

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6074fe4bff90e3309b915e68525bbf22]

"ImagePath"="system32\6074fe4bff90e3309b915e68525bbf22.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

------------------------ Andra processer som körs ------------------------

.

c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe

.

**************************************************************************

.

Sluttid: 2009-02-14 16:34:26 - datorn startades om.

ComboFix-quarantined-files.txt 2009-02-14 15:34:24

 

Före genomsökningen: 65,487,761,408 bytes free

Efter genomsökningen: 65,587,331,072 bytes free

 

364 --- E O F --- 2009-02-12 01:05:24

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Victor Eklund

Jag börjar se ljuset :)

 

[log]Malwarebytes' Anti-Malware 1.34

Database version: 1761

Windows 5.1.2600 Service Pack 3

 

2009-02-14 17:06:06

mbam-log-2009-02-14 (17-06-06).txt

 

Scan type: Quick Scan

Objects scanned: 60999

Time elapsed: 2 minute(s), 22 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2644a8e6-6ad2-4068-b902-5abc07441eed} (Rogue.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a0960dbb-d8c8-4771-ad4a-f0493ccb1582} (Rogue.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\system32\6074fe4bff90e3309b915e68525bbf22.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_6074fe4bff90e3309b915e68525bbf22.sys_.vir (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ekan\Favorites\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sf.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ekan\Favorites\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\m3.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[/log]

 

Länk till kommentar
Dela på andra webbplatser

 

[log]Kopiera rader nedan en i taget i Kör fältet och klicka Ok efter varje rad

 

sc delete 6074fe4bff90e3309b915e68525bbf22

sc stop 2391f3b6

sc delete 2391f3b6

sc stop 65128575

sc delete 65128575

sc stop 811b6551

sc delete 811b6551

sc stop cb691625

sc delete cb691625

 

Ladda ner Flash Disinfector by sUBs till Skrivbordet:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

 

Scanna och skicka en Hijack log efter det[/log]

 

Länk till kommentar
Dela på andra webbplatser

Victor Eklund

förstod mig inte riktigt på det där programmet, om jag klickar på länken står det page not found. Jag högerklickade och valde spara som men filen blev till en htm fil. Jag suddade ut htm och gjorde de till en .exe fil men det finns inga anvisningar vid start av programmet, det är bara en dos ruta som öppnas och stängs.

 

Länk till kommentar
Dela på andra webbplatser

Victor Eklund

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:30:27, on 2009-02-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\LClock\LClock.exe

C:\WINDOWS\system32\mmm.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\xRaidSetup.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\system32\JulaPan.Exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Styler\Styler.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Icecast2 Win32\icecastService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [PowerTweak Menu] C:\WINDOWS\system32\mmm.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [JulaPan] JulaPan.Exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Styler.lnk = ?

O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWSO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS

--

End of file - 8560 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Victor Eklund

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:38:38, on 2009-02-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\mmm.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\xRaidSetup.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\system32\JulaPan.Exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Styler\Styler.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Icecast2 Win32\icecastService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\LClock\lclock.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [PowerTweak Menu] C:\WINDOWS\system32\mmm.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [JulaPan] JulaPan.Exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Styler.lnk = ?

O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWSO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS

--

End of file - 8547 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...