Datorn startar inte

[940Turbo]

Jag körde MBAM i felsäkert, inga fel.

Startade om datorn normalt, den startar upp det mesta men blir fortfarande blåskärm.

Då körde jag MBAM i felsäkert igen, inga fel den gången heller.

 

Skickar en HiJack-log imorrn, ska gå upp om 4 timmar

Tack för all hjälp så länge !!!!!!!!!!

 

[940Turbo]

Här är HiJack loggen:

Återkommer i eftermiddag efter jobbet.

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:48:41, on 2009-02-18

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WgaTray.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spela.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Gainward] C:\Program\XpertVision\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [gwutm] C:\WINDOWS\system32\asycfilt.dll

O4 - HKCU\..\Run: [FUIClearHis] C:\Program\FreshDevices\FreshUI\freshui.exe 0 1 2 3 4 5 8 9 10 11 12 13 14

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [vkiyygyp.exe] C:\WINDOWS\vkiyygyp.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\cc\reader_s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program\OpenOffice\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203535795140

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203535781031

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 8032 bytes

[/log]

 

[Cecilia]

Här finns i alla fall kvar sådant som MBAM höll på och ta bort förut, t ex:

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

så det ser inte alls bra ut.

 

[940Turbo]

Kan combofix lösa det tror du ??

 

[Cecilia]

Kanske inte direkt men med loggen därifrån så går det att se nytillkomna filer i datorn så man kan troligen se om det är någon ny fil som MBAM missar.

 

[940Turbo]

Så nu har jag kört ComboFix oxo.

Nu verkar det inte bli blåskärm längre.

 

[log]ComboFix 09-02-15.01 - cc 2009-02-18 15:16:46.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.0.1252.1.1053.18.2046.1771 [GMT 1:00]

Körs från: c:\documents and settings\cc\Skrivbord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

 

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\cc\reader_s.exe

c:\windows\system32\tmp.reg

c:\windows\xccwinsys.ini

 

----- BITS: Troligen infekterade webbplatser -----

 

hxxp://sync.support.telia.se

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Passthru

-------\Service_seneka

-------\Service_UACd.sys

 

 

(((((((((((((((((((((((( Filer Skapade från 2009-01-18 till 2009-02-18 ))))))))))))))))))))))))))))))

.

 

2009-02-18 01:30 . 2001-09-28 13:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll

2009-02-18 01:27 . 2009-02-18 01:27 749 -rah----- c:\windows\WindowsShell.Manifest

2009-02-18 01:27 . 2009-02-18 01:27 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest

2009-02-18 01:27 . 2009-02-18 01:27 749 -rah----- c:\windows\system32\sapi.cpl.manifest

2009-02-18 01:27 . 2009-02-18 01:27 749 -rah----- c:\windows\system32\nwc.cpl.manifest

2009-02-18 01:27 . 2009-02-18 01:27 749 -rah----- c:\windows\system32\ncpa.cpl.manifest

2009-02-18 01:27 . 2009-02-18 01:27 488 -rah----- c:\windows\system32\logonui.exe.manifest

2009-02-18 01:25 . 2001-09-28 13:00 525,312 --a--c--- c:\windows\system32\dllcache\dialer.exe

2009-02-18 01:15 . 2009-02-18 01:33 <KAT> d-------- c:\windows\NV1316664.TMP

2009-02-18 01:14 . 2006-07-11 14:36 201,728 -ra------ c:\windows\system32\fdco1ins.dll

2009-02-18 01:14 . 2006-07-11 14:38 57,856 -ra------ c:\windows\system32\drivers\NVENETFD.sys

2009-02-18 00:29 . 2009-02-18 00:29 40,093 --a------ c:\windows\system32\19.tmp

2009-02-18 00:07 . 2009-02-18 00:07 31,744 --ah----- c:\documents and settings\cc\jrw.exe

2009-02-18 00:01 . 2009-02-18 00:01 31,744 --ah----- c:\documents and settings\cc\titjb.exe

2009-02-18 00:01 . 2009-02-18 00:01 128 --a------ c:\windows\adobe.bat

2009-02-18 00:01 . 2009-02-18 00:01 0 --a------ c:\windows\_id.dat

2009-02-17 23:53 . 2009-02-17 23:53 163,748 --a------ c:\windows\system32\15.tmp

2009-02-17 23:53 . 2009-02-17 23:53 31,744 --ah----- c:\documents and settings\cc\woes.exe

2009-02-17 23:53 . 2009-02-17 23:53 25,601 --a------ c:\windows\system32\16.tmp

2009-02-17 23:53 . 2009-02-17 23:53 172 --a------ c:\windows\system32\10.tmp

2009-02-17 23:46 . 2009-02-17 23:46 163,748 --a------ c:\windows\system32\17.tmp

2009-02-17 23:46 . 2009-02-17 23:46 25,601 --a------ c:\windows\system32\18.tmp

2009-02-17 23:32 . 2009-02-17 23:32 163,748 --a------ c:\windows\system32\11.tmp

2009-02-17 23:32 . 2009-02-17 23:32 25,601 --a------ c:\windows\system32\12.tmp

2009-02-17 23:24 . 2009-02-17 23:24 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-02-17 23:24 . 2009-02-17 23:24 <KAT> d-------- c:\documents and settings\cc\Application Data\Malwarebytes

2009-02-17 23:24 . 2009-02-17 23:24 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-17 23:24 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-17 23:24 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-17 20:03 . 2009-02-17 23:34 262,144 --a------ c:\documents and settings\test2

2009-02-17 20:00 . 2009-02-17 20:00 137,888 --a------ c:\windows\system32\drivers\ethtmtdx.sys

2009-02-17 05:49 . 2009-02-17 05:49 664 --a------ c:\windows\system32\d3d9caps.dat

2009-02-17 00:29 . 2009-02-17 00:29 33,920 --a------ c:\windows\system32\drivers\udrlkkwt.sys

2009-02-17 00:28 . 2009-02-18 05:52 2,145,386,496 --a------ c:\windows\MEMORY.DMP

2009-02-17 00:26 . 2009-02-17 00:26 31,744 --ah----- c:\documents and settings\cc\xjpbk.exe

2009-02-17 00:18 . 2009-02-17 00:18 48,733 --a------ c:\windows\system32\A3.tmp

2009-02-17 00:18 . 2009-02-17 00:18 31,744 --ah----- c:\documents and settings\cc\feqwfxn.exe

2009-02-17 00:18 . 2009-02-17 00:18 172 --a------ c:\windows\system32\A0.tmp

2009-02-17 00:17 . 2009-02-18 00:07 67,072 ---h----- c:\windows\system32\secupdat.dat

2009-02-17 00:17 . 2009-02-18 00:22 53,248 --a------ c:\windows\system32\drivers\ndisio.sys

2009-02-17 00:17 . 2009-02-17 00:17 31,744 --ah----- c:\documents and settings\cc\gsyfh.exe

2009-02-17 00:17 . 2009-02-17 00:17 11,293 --a------ c:\windows\system32\9A.tmp

2009-02-17 00:17 . 2009-02-17 00:17 172 --a------ c:\windows\system32\97.tmp

2009-02-17 00:17 . 2009-02-17 00:17 0 --a------ c:\windows\system32\9D.tmp

2009-02-17 00:01 . 2009-02-17 00:03 <KAT> d-------- C:\346f30ff3e8ac45f9f76316221

2009-02-16 23:45 . 2001-09-28 13:00 1,139,200 --a--c--- c:\windows\system32\dllcache\comsvcs.dll

2009-02-16 23:44 . 2001-09-28 13:00 1,266,688 --a--c--- c:\windows\system32\dllcache\cimwin32.dll

2009-02-16 23:42 . 2001-09-06 20:10 56,448 --a------ c:\windows\system32\drivers\redbook.sys

2009-02-16 23:42 . 2001-08-17 21:59 50,048 --a------ c:\windows\system32\drivers\DMusic.sys

2009-02-16 23:42 . 2001-08-17 22:00 5,632 --a------ c:\windows\system32\drivers\splitter.sys

2009-02-16 23:41 . 2009-02-16 23:53 <KAT> d-------- c:\windows\NV8401320.TMP

2009-02-16 23:39 . 2001-09-06 20:33 117,248 --a------ c:\windows\system32\ksproxy.ax

2009-02-16 23:39 . 2001-09-06 20:30 4,096 --a------ c:\windows\system32\ksuser.dll

2009-02-16 23:37 . 2001-08-18 06:38 37,896 --a------ c:\windows\system32\drivers\termdd.sys

2009-02-16 23:36 . 2001-08-17 21:50 181,632 --a------ c:\windows\system32\drivers\rdpdr.sys

2009-02-15 21:19 . 2009-02-15 21:19 616 --a------ c:\windows\system32\36F.tmp

2009-02-15 21:17 . 2009-02-17 23:28 <KAT> d-------- c:\windows\system32\inf

2009-02-15 21:17 . 2009-02-15 21:17 132 --a------ c:\windows\system32\36B.tmp

2009-02-15 21:16 . 2009-02-15 21:16 147,456 --a------ C:\mqohndim.exe

2009-02-15 21:16 . 2009-02-15 21:16 2 --a------ C:\1680739497

2009-02-09 15:06 . 2009-02-09 15:06 744,960 --a------ c:\windows\system32\IR41_32.DLL

2009-02-09 15:06 . 2001-09-28 13:00 199,168 --a------ c:\windows\system32\ir32_32.sav

2009-02-09 15:06 . 2008-08-29 21:27 227 --a------ c:\windows\system.sav

2009-02-07 09:26 . 2009-02-07 09:30 <KAT> d-------- c:\documents and settings\cc\Application Data\Desktop Sidebar

2009-02-07 01:50 . 2009-02-07 01:50 <KAT> d-------- c:\documents and settings\cc\Application Data\OpenOffice.org

2009-02-07 01:49 . 2009-02-07 01:49 <KAT> d-------- c:\program\OpenOffice

2009-02-07 01:20 . 2009-02-07 01:20 <KAT> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-02-07 01:13 . 2009-02-07 01:19 <KAT> d-------- c:\windows\SxsCaPendDel

2009-02-07 01:13 . 2009-02-07 01:14 <KAT> d-------- C:\957ec62e679cb726f477dc98fc1f

2009-02-05 23:52 . 2009-02-17 00:15 <KAT> d-------- c:\program\Unlocker

2009-02-02 20:28 . 2009-02-02 20:30 <KAT> d-------- c:\program\Driver Checker

2009-02-01 15:02 . 2009-02-01 15:02 <KAT> d-------- c:\documents and settings\cc\Application Data\Leadertech

2009-02-01 13:58 . 2009-02-01 13:59 <KAT> d-------- c:\program\QuickTime

2009-02-01 13:58 . 2009-02-01 13:58 <KAT> d-------- c:\program\Apple Software Update

2009-02-01 13:58 . 2009-02-01 13:58 <KAT> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

2009-02-01 13:58 . 2009-02-01 13:58 <KAT> d-------- c:\documents and settings\All Users\Application Data\Apple

2009-02-01 13:54 . 2009-02-01 13:54 <KAT> d-------- c:\documents and settings\cc\Application Data\Sony

2009-02-01 13:54 . 2009-02-01 13:54 <KAT> d-------- c:\documents and settings\All Users\Application Data\Sony

2009-02-01 13:52 . 2009-02-01 13:52 <KAT> d-------- c:\program\Sony

2009-02-01 13:52 . 2009-02-01 13:52 <KAT> d-------- c:\program\Delade filer\Sony Shared

2009-02-01 13:51 . 2009-02-01 13:51 <KAT> d-------- c:\program\Sony Setup

2009-01-29 06:11 . 2009-01-29 06:16 <KAT> d-------- c:\documents and settings\cc\Application Data\FreshDiagnose

2009-01-27 08:24 . 2009-01-27 08:24 <KAT> d-------- c:\windows\system32\AGEIA

2009-01-27 08:24 . 2009-01-27 08:24 <KAT> d-------- c:\program\Delade filer\Wise Installation Wizard

2009-01-27 08:24 . 2009-01-27 08:24 <KAT> d-------- c:\program\AGEIA Technologies

2009-01-27 08:23 . 2009-01-27 08:25 <KAT> d-------- c:\windows\NV38481856.TMP

2009-01-25 08:09 . 2009-01-25 08:09 <KAT> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!

2009-01-24 18:27 . 2009-02-07 19:51 <KAT> d-------- c:\program\Messenger Plus! Live

2009-01-18 23:11 . 2009-01-18 23:11 <KAT> d-------- c:\program\ConvertHelper

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-18 14:22 --------- d-----w c:\program\Steam

2009-02-17 22:33 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-16 23:19 --------- d-----w c:\program\Spybot - Search & Destroy

2009-02-15 20:23 --------- d-----w c:\documents and settings\cc\Application Data\uTorrent

2009-02-15 20:12 --------- d-----w c:\program\Windows Live Safety Center

2009-02-15 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania

2009-02-09 04:21 --------- d-----w c:\program\Windows Desktop Search

2009-02-07 13:23 --------- d-----w c:\program\Mozilla Thunderbird

2009-02-07 00:36 --------- d-----w c:\program\Microsoft

2009-02-06 23:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-02-06 23:42 --------- d-----w c:\program\SpywareBlaster

2009-02-02 08:40 --------- d-----w c:\documents and settings\cc\Application Data\Windows Live Writer

2009-02-01 15:56 --------- d-----w c:\program\Delade filer\ACD Systems

2009-02-01 15:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems

2009-02-01 12:52 --------- d-----w c:\program\Sony Ericsson

2009-02-01 07:30 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-01 07:30 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-01-31 10:16 --------- d-----w c:\program\Avanquest update

2009-01-30 05:01 --------- d-----w c:\program\ACD Systems

2009-01-29 05:11 --------- d-----w c:\program\FreshDevices

2009-01-15 07:19 6,301,248 ----a-w c:\windows\system32\drivers\nv4_mini.sys

2009-01-10 14:28 --------- d--h--w c:\program\InstallShield Installation Information

2009-01-10 13:51 --------- d-----w c:\program\Windows Live

2009-01-10 13:51 --------- d-----w c:\program\Microsoft SQL Server Compact Edition

2009-01-10 13:49 --------- d-----w c:\program\Windows Live SkyDrive

2009-01-10 11:56 --------- d-----w c:\program\Delade filer\Windows Live

2009-01-09 14:05 39,688 ----a-w c:\documents and settings\cc\Application Data\GDIPFONTCACHEV1.DAT

2008-12-27 12:00 --------- d-----w c:\program\PowerISO

2008-12-27 06:53 --------- d-----w c:\documents and settings\cc\Application Data\FinalBurner .ISO

2008-12-25 21:04 --------- d-----w c:\documents and settings\cc\Application Data\U3

2008-12-22 10:18 --------- d-----w c:\program\Microsoft Windows Vista Upgrade Advisor

2008-12-22 10:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation

2008-12-21 16:18 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-12-04 22:04 308,072 ----a-w c:\windows\WLXPGSS.SCR

2008-07-29 12:21 22,328 ----a-w c:\documents and settings\cc\Application Data\PnkBstrK.sys

.

 

------- Sigcheck -------

 

2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

 

2001-09-28 13:00 1018880 3cb59859d11e2ec76838d7768d9396e7 c:\windows\explorer.exe

2007-06-13 14:12 1050624 92b8b54e4b00d6f075428ed18aaac8e9 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 01:34 1049600 14ce9dacc45208336d3586945020677d c:\windows\$NtUninstallKB938828$\explorer.exe

2001-09-28 13:00 1018368 406ea46e5115018f36e6a50c5f23373b c:\windows\system32\dllcache\explorer.exe

 

2001-09-28 13:00 30720 01c79d412dab8a8191a42db6f5cb4033 c:\windows\system32\ctfmon.exe

2001-09-28 13:00 30720 edebb053f1efb47ab70c8c7ab8054669 c:\windows\system32\dllcache\ctfmon.exe

 

2005-06-11 01:17 74752 410f0a183c0ad97f14b8f979ac02787b c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2004-08-04 01:34 74752 8391c3ce4dbf4cb1b40fe6a1c06602f4 c:\windows\$NtUninstallKB896423$\spoolsv.exe

2001-09-28 13:00 68608 0018c00e284fed3eb11badc88602b131 c:\windows\system32\spoolsv.exe

2001-09-28 13:00 68096 d9721688d0edde23d5fdfdbc14df280e c:\windows\system32\dllcache\spoolsv.exe

 

2001-09-28 13:00 129536 dca1f8ba6c6aa612a175cfa9432c6da8 c:\windows\system32\wuauclt.exe

2001-09-28 13:00 129536 93ae94f1991396e3470bcc48e7bfaec3 c:\windows\system32\dllcache\wuauclt.exe

 

2001-09-28 13:00 38400 5a565157036969fe81251a4a8e1d3b46 c:\windows\system32\userinit.exe

2001-09-28 13:00 38400 b5f1914bbfa26b7eca9c6533d0c0b151 c:\windows\system32\dllcache\userinit.exe

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program\Windows Live\Messenger\MsnMsgr.Exe" [2009-01-10 3882312]

"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2001-09-28 30720]

"Steam"="c:\program\steam\steam.exe" [2008-10-08 1410296]

"TomTomHOME.exe"="c:\program\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

"Sony Ericsson PC Suite"="c:\program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 413696]

"SpybotSD TeaTimer"="c:\program\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1712640]

"gwutm"="c:\windows\system32\asycfilt.dll" [2001-09-28 77824]

"FUIClearHis"="c:\program\FreshDevices\FreshUI\freshui.exe" [2009-01-23 2199552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gainward"="c:\program\XpertVision\TBPanel.exe" [2007-11-27 2169352]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]

"ISUSPM Startup"="c:\program\DELADE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 241664]

"ISUSScheduler"="c:\program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-08-09 102400]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2008-12-08 136600]

"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 69632]

"Telia"="c:\program\Telia\Supportassistent\bin\sprtcmd.exe" [2008-10-16 201976]

"AVG8_TRAY"="c:\program\AVG\AVG8\avgtray.exe" [2009-02-01 1601304]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2009-01-05 434176]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]

"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.EXE]

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SOUNDMAN.EXE]

"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\ALCWZRD.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-09-28 30720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2001-09-28 57344]

 

c:\documents and settings\cc\Start-meny\Program\AutostartOpenOffice.org 3.0.lnk - c:\program\OpenOffice\OpenOffice.org 3\program\quickstart.exe [2008-09-12 400896]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartHP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-01 08:30 10520 c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= ir41_32.dll

"VIDC.ACDV"= ACDV.dll

"MSACM.msrt24"= msrt24.acm

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\udrlkkwt.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program\\Steam\\steamapps\\notch64\\counter-strike\\hl.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=

"c:\\Program\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Steam\\steamapps\\notch64\\the ship\\ship.exe"=

"c:\\Program\\Messenger\\msmsgs.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Program\\Mozilla Firefox\\firefox.exe"=

"c:\\Program\\Steam\\steamapps\\common\\trackmania united\\TmForever.exe"=

"c:\\Program\\Steam\\steamapps\\common\\trackmania united\\TmForeverLauncher.exe"=

 

R0 udrlkkwt;udrlkkwt;c:\windows\system32\drivers\udrlkkwt.sys [2009-02-17 33920]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-03 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-03 107272]

R2 avg8wd;AVG8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2008-07-03 298264]

R2 sprtsvc_telia;SupportSoft Sprocket Service (telia);c:\program\Telia\Supportassistent\bin\sprtsvc.exe [2008-10-20 202016]

S1 ethtmtdx;ethtmtdx;c:\windows\system32\drivers\ethtmtdx.sys [2009-02-17 137888]

S2 avg8emc;AVG8 E-mail Scanner;c:\program\AVG\AVG8\avgemc.exe [2008-07-03 903960]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-06-03 10976]

S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [2008-06-03 90408]

S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [2008-06-03 15016]

S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [2008-06-03 122024]

S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [2008-06-03 115368]

S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [2008-06-03 25768]

S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [2008-06-03 111784]

S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [2008-06-03 117544]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-06-03 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-06-03 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-06-03 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-06-03 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-06-03 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-06-03 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-06-03 97704]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31891607-8fe0-11dd-8d00-003018ae85dd}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55f06cdc-93bc-11dd-8d08-003018ae85dd}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7afb4a1a-d273-11dd-8dce-003018ae85dd}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa60350b-e1e2-11dc-9219-003018ae85dd}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-02-12 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

 

2009-02-18 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKCU-Run-LightScribe Control Panel - c:\program\Delade filer\LightScribe\LightScribeControlPanel.exe

HKLM-Run-UnlockerAssistant - c:\program\Unlocker\UnlockerAssistant.exe

HKLM-Run-reader_s - c:\windows\System32\reader_s.exe

HKU-Default-Run-vkiyygyp.exe - c:\windows\vkiyygyp.exe

HKU-Default-Run-reader_s - c:\documents and settings\cc\reader_s.exe

 

 

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.spela.se/

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

FF - ProfilePath - c:\documents and settings\cc\Application Data\Mozilla\Firefox\Profiles\buvwd4dk.defaultFF - prefs.js: browser.search.selectedEngine - Wikipedia (sv)

FF - component: c:\program\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\npWebLaunch.dll

FF - plugin: c:\program\OpenOffice\OpenOffice.org 3\program\npsoplugin.dll

FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-18 15:25:22

Windows 5.1.2600 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(684)

c:\windows\system32\ODBC32.dll

c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

- - - - - - - > 'lsass.exe'(740)

c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\System32\dssenh.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\system32\WgaTray.exe

c:\program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\program\AVG\AVG8\avgrsx.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

c:\program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\windows\system32\nvsvc32.exe

c:\program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

c:\windows\system32\rundll32.exe

c:\program\OpenOffice\OpenOffice.org 3\program\soffice.exe

c:\program\OpenOffice\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\msiexec.exe

c:\program\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Sluttid: 2009-02-18 15:28:52 - datorn startades om. [cc]

ComboFix-quarantined-files.txt 2009-02-18 14:28:49

 

Före genomsökningen: 113 069 887 488 byte ledigt

Efter genomsökningen: 110,879,645,696 byte ledigt

 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

350 --- E O F --- 2009-02-11 11:17:47

[/log]

 

[Cecilia]

Så bra!

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

c:\windows\system32\drivers\ip6fw.sys

c:\windows\explorer.exe

c:\windows\system32\dllcache\hwxjpn.dll

c:\windows\system32\dllcache\dialer.exe

c:\documents and settings\cc\jrw.exe

c:\documents and settings\cc\titjb.exe

c:\windows\system32\15.tmp

c:\windows\system32\secupdat.dat

c:\windows\system32\drivers\ndisio.sys

c:\documents and settings\cc\gsyfh.exe

C:\mqohndim.exe

c:\windows\system32\drivers\udrlkkwt.sys

 

[940Turbo]

Blev förbannad på alltihop så jag formaterade C: (inte snabb) och installerade om windows, hade nätverket urkopplat tills jag installerat AVG igen, det enda jag hade sparat installationsfilen till.

Nu är hela maskinen nerlusad igen med samma saker som förut.

Verkar som hela C:/windows/system32 mappen är helt och hållet infekterad.

 

Ska köra mbam och hijack efter maten.

 

 

[Cecilia]

Det går runt ett virus som infekterar varenda programfil och några andra filtyper och om det är något sådant du har fått in så kan man inte ha kvar en enda körbar fil från den infekterade datorn för så fort man kör den filen så kommer den att smitta ned resten av datorn. Så försök med ett nytt försök men installera inte AVG utan se till att brandväggen i XP SP2 är aktiverad innan du ansluter datorn till internet och sedan besöker du Windows Update samt laddar ner ett antivirusprogram.

 

[940Turbo]

Så det enda är alltså att ta bort allt som gäller.

Vad för virusprogram rekommenderar du om inte AVG är tillräckligt bra.

Gärna gratis.

 

Här är min senaste loggar från körning i felsäkert läge.

 

MBAM

[log]Malwarebytes' Anti-Malware 1.34

Databasversion: 1778

Windows 5.1.2600 Service Pack 3

 

2009-02-19 19:01:17

mbam-log-2009-02-19 (19-01-17).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 158618

Förfluten tid: 20 minute(s), 26 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

HiJackThis

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:01:51, on 2009-02-19

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program\Delade filer\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program\Delade filer\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\program\nvidia\winxp\182.06\english\PhysX_9.09.0203_SystemSoftware.exe"

O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\WCSMON.EXE

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235019229593

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4634 bytes

[/log]

 

AVG

[log]AVG 8.0 Anti-Virus command line scanner

Copyright © 1992 - 2008 AVG Technologies

Program version 8.0.228, engine 8.0.237

Virus Database: Version 270.11.1/1960 2009-02-19

 

 

------------------------------------------------------------

Objects scanned : 77451

Found infections : 0

Found PUPs : 0

Healed infections : 0

Healed PUPs : 0

Warnings : 0

------------------------------------------------------------

[/log]

 

ComboFix

[log]ComboFix 09-02-18.01 - Jonas 2009-02-19 19:15:24.1 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.2046.1811 [GMT 1:00]

Körs från: c:\documents and settings\Jonas\Skrivbord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

 

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Jonas\reader_s.exe

c:\windows\system32\4.tmp

c:\windows\system32\6.tmp

c:\windows\system32\d3d8caps.dat

c:\windows\system32\reader_s.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_CCEVTSVC

 

 

(((((((((((((((((((((((( Filer Skapade från 2009-01-19 till 2009-02-19 ))))))))))))))))))))))))))))))

.

 

2009-02-19 19:12 . 2009-02-19 19:12 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys

2009-02-19 19:12 . 2009-02-19 19:12 168 --a------ c:\windows\system32\3.tmp

2009-02-19 19:12 . 2009-02-19 19:12 0 --a------ c:\windows\system32\7.tmp

2009-02-19 19:01 . 2009-02-19 19:01 <KAT> d-------- c:\program\Trend Micro

2009-02-19 18:18 . 2009-02-19 18:18 <KAT> d--h----- C:\$AVG8.VAULT$

2009-02-19 18:12 . 2009-02-19 18:12 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-02-19 18:12 . 2009-02-19 18:12 <KAT> d-------- c:\documents and settings\Jonas\Application Data\Malwarebytes

2009-02-19 18:12 . 2009-02-19 18:12 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-19 18:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-19 18:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-19 18:03 . 2009-02-19 18:03 616 --a------ c:\windows\system32\19.tmp

2009-02-19 18:00 . 2009-02-19 18:03 163,748 --a------ c:\windows\system32\17.tmp

2009-02-19 18:00 . 2009-02-19 18:00 88,065 --a------ c:\windows\system32\13.tmp

2009-02-19 18:00 . 2009-02-19 18:00 81,920 --a------ c:\windows\WCSMON.EXE

2009-02-19 18:00 . 2009-02-19 18:00 9,216 --a------ c:\windows\system32\16.tmp

2009-02-19 17:59 . 2009-02-19 18:00 61,440 --a------ c:\windows\system32\10.tmp

2009-02-19 17:58 . 2009-02-19 17:58 <KAT> d-------- c:\program\Winamp

2009-02-19 17:58 . 2009-02-19 17:58 <KAT> d-------- c:\documents and settings\Jonas\Application Data\Winamp

2009-02-19 17:44 . 2009-02-19 17:44 <KAT> d-------- c:\windows\system32\LogFiles

2009-02-19 17:44 . 2009-02-19 17:44 <KAT> d-------- c:\windows\system32\drivers\UMDF

2009-02-19 17:44 . 2009-02-19 17:44 <KAT> d-------- c:\program\Windows Media Connect 2

2009-02-19 17:44 . 2009-02-19 17:44 <KAT> d-------- C:\830d821b2e30d489a028b8d9

2009-02-19 17:44 . 2009-02-19 17:44 <KAT> d-------- C:\708e15a70ad105a83e

2009-02-19 06:12 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2009-02-19 06:09 . 2009-02-19 06:09 <KAT> d-------- c:\windows\system32\XPSViewer

2009-02-19 06:09 . 2009-02-19 06:09 <KAT> d-------- c:\program\Reference Assemblies

2009-02-19 06:09 . 2009-02-19 06:09 <KAT> d-------- c:\program\MSBuild

2009-02-19 06:09 . 2009-02-19 06:09 <KAT> d-------- C:\6b815e9ade477e590b9ca7db

2009-02-19 06:09 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll

2009-02-19 06:09 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll

2009-02-19 06:09 . 2008-07-06 11:50 614,912 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-02-19 06:09 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll

2009-02-19 06:09 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll

2009-02-19 06:09 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll

2009-02-19 06:09 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-02-19 05:55 . 2008-06-14 18:36 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-02-19 05:54 . 2008-08-14 14:27 2,189,952 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-19 05:54 . 2008-08-14 14:27 2,146,304 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-19 05:54 . 2008-08-14 14:27 2,066,816 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-19 05:54 . 2008-08-14 14:27 2,024,960 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-19 05:54 . 2008-09-15 16:27 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-02-19 05:54 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-02-19 05:54 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-02-19 05:54 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-02-19 05:54 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2009-02-19 05:54 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-02-19 05:53 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2009-02-19 05:53 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-02-19 05:48 . 2009-02-19 06:12 <KAT> d-------- c:\windows\system32\sv-se

2009-02-19 05:48 . 2009-02-19 05:48 <KAT> d-------- c:\windows\system32\sv

2009-02-19 05:48 . 2009-02-19 05:48 <KAT> d-------- c:\windows\system32\bits

2009-02-19 05:48 . 2009-02-19 05:48 <KAT> d-------- c:\windows\l2schemas

2009-02-19 05:39 . 2006-10-18 21:47 991,744 -----c--- c:\windows\system32\dllcache\drmv2clt.dll

2009-02-19 05:33 . 2009-02-19 17:45 <KAT> d--h----- c:\windows\$hf_mig$

2009-02-18 22:22 . 2009-02-18 22:22 <KAT> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!

2009-02-18 22:17 . 2009-02-18 22:17 <KAT> d--hs---- c:\documents and settings\Jonas\UserData

2009-02-18 22:15 . 2009-02-18 22:15 <KAT> d-------- c:\program\Messenger Plus! Live

2009-02-18 22:14 . 2009-02-18 22:14 0 --a------ c:\windows\nsreg.dat

2009-02-18 22:04 . 2009-02-19 17:56 <KAT> d-------- c:\documents and settings\Jonas\Tracing

2009-02-18 22:02 . 2009-02-18 22:02 <KAT> d-------- c:\program\Windows Live SkyDrive

2009-02-18 22:02 . 2009-02-18 22:02 <KAT> d-------- c:\program\Microsoft

2009-02-18 22:01 . 2009-02-18 22:04 <KAT> d-------- c:\program\Windows Live

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-19 18:12 182,656 ----a-w c:\windows\system32\drivers\ndis.sys

2009-02-18 20:55 --------- d-----w c:\program\Delade filer\Windows Live

2009-02-18 20:49 --------- d-----w c:\program\Delade filer\Wise Installation Wizard

2009-02-18 20:48 --------- d-----w c:\program\NVIDIA

2009-02-18 20:46 --------- d-----w c:\program\SystemRequirementsLab

2009-02-18 20:43 --------- d--h--w c:\program\InstallShield Installation Information

2009-02-18 20:43 --------- d-----w c:\program\MyGuard

2009-02-18 20:43 --------- d-----w c:\program\Delade filer\InstallShield

2009-02-18 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield

2009-02-18 20:40 335,872 ----a-w c:\windows\HideWin.exe

2009-02-18 20:40 --------- d-----w c:\program\Realtek

2009-02-18 20:38 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-18 20:38 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-02-18 20:37 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-18 20:31 --------- d-----w c:\program\AVG

2009-02-18 20:10 --------- d-----w c:\program\microsoft frontpage

2009-02-18 20:07 --------- d-----w c:\program\Onlinetjänster

2009-02-09 12:18 6,307,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys

.

 

------- Sigcheck -------

 

2004-08-03 23:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys

2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys

2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\fb7d8e0c7e2893e6f2c9a23f42b3ccd0\ndis.sys

2009-02-19 19:12 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys

2009-02-19 19:12 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

 

2008-04-14 17:05 1051136 c48d8780a8356164ed1a1ee3dadc0589 c:\windows\explorer.exe

2004-08-04 01:34 1049600 66cbea24c5dec9846076473bbbfa069e c:\windows\$NtServicePackUninstall$\explorer.exe

2008-04-14 17:05 1051136 4a64f14688042907b5ba6c8f9ac4c1c1 c:\windows\ServicePackFiles\i386\explorer.exe

2008-04-14 17:05 1051136 6cbe4b1ff6a2ef46d263995eddb59d15 c:\windows\SoftwareDistribution\Download\fb7d8e0c7e2893e6f2c9a23f42b3ccd0\explorer.exe

 

2004-08-04 01:34 32768 944c6e664ed8e111fc2f49f11b1a6c0e c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-14 17:05 32768 41e1cdaf2daf114bf94d5ba768f593ae c:\windows\ServicePackFiles\i386\ctfmon.exe

2008-04-14 17:05 32256 d7d94bf38b739f09a913a3cac3fd1842 c:\windows\SoftwareDistribution\Download\fb7d8e0c7e2893e6f2c9a23f42b3ccd0\ctfmon.exe

2008-04-14 17:05 32256 bfcb0af6924f13a6be12f13078910085 c:\windows\system32\ctfmon.exe

 

2004-08-04 01:34 75264 8e0f1cbc9caef044fd6af4410c4adf91 c:\windows\$NtServicePackUninstall$\spoolsv.exe

2008-04-14 17:05 75264 899ff31c84930b2cdcf2120204639245 c:\windows\ServicePackFiles\i386\spoolsv.exe

2008-04-14 17:05 74752 761e5c162c1650c696bb3a19e885e435 c:\windows\SoftwareDistribution\Download\fb7d8e0c7e2893e6f2c9a23f42b3ccd0\spoolsv.exe

2008-04-14 17:05 75264 72269b037cc39d2d1d701a4f7609c141 c:\windows\system32\spoolsv.exe

 

2004-08-04 01:34 41984 d831f995e16fff69a5d110ef58661a9b c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-14 17:05 43008 059bb496a528697b578caa4033c75158 c:\windows\ServicePackFiles\i386\userinit.exe

2008-04-14 17:05 43008 3d2757da38146064590081e932c624ee c:\windows\SoftwareDistribution\Download\fb7d8e0c7e2893e6f2c9a23f42b3ccd0\userinit.exe

2008-04-14 17:05 43520 72d6dfb4ba66a411977c5e43bfd46924 c:\windows\system32\userinit.exe

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-02-18 3885408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 32256]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WiseStubReboot"="MSIEXEC" [X]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"AVG8_TRAY"="c:\program\AVG\AVG8\avgtray.exe" [2009-02-18 1601304]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]

"WinampAgent"="c:\program\Winamp\winampa.exe" [2008-07-09 53248]

"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 32256]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-18 21:38 10520 c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

 

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-18 325128]

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-18 107272]

S2 avg8emc;AVG8 E-mail Scanner;c:\program\AVG\AVG8\avgemc.exe [2009-02-18 903960]

S2 avg8wd;AVG8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2009-02-18 298264]

S3 MyGuardLpc;MyGuardLpc;c:\program\MyGuard\MyGuard\MyGuardLpc.sys [2009-02-18 3968]

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKLM-Run-reader_s - c:\windows\System32\reader_s.exe

HKU-Default-Run-reader_s - c:\documents and settings\Jonas\reader_s.exe

 

 

.

------- Extra genomsökning -------

.

FF - ProfilePath - c:\documents and settings\Jonas\Application Data\Mozilla\Firefox\Profiles\cxxl3t81.default

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-19 19:17:33

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Sluttid: 2009-02-19 19:18:53 - datorn startades om.

ComboFix-quarantined-files.txt 2009-02-19 18:18:50

 

Före genomsökningen: 127 003 324 416 byte ledigt

Efter genomsökningen: 127,109,775,360 byte ledigt

 

188 --- E O F --- 2009-02-19 16:26:40

[/log]

 

[Cecilia]

Det är ingen större skillnad mellan de tre vanliga gratis antivirusprogrammen, AVG, Avast och Antivir. Vilken som är bäst beror på vad man råkar ut för.

 

Den här ComboFix-loggen ser i alla fall inte lika hemsk ut som den förra.

 

2009-02-18 22:15 . 2009-02-18 22:15 <KAT> d-------- c:\program\Messenger Plus! Live

Det är väl bäst att vänta med att installera sådana program tills Windows är uppdaterat mm. Speciellt program som kommer från webbplatser som verkar vara mindre bra:

http://www.mywot.com/sv/scorecard/msgplus.net

 

S3 MyGuardLpc;MyGuardLpc;c:\program\MyGuard\MyGuard\MyGuardLpc.sys [2009-02-18 3968]

Vad är det för program?

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

c:\windows\system32\10.tmp

c:\windows\system32\drivers\ndis.sys

c:\windows\explorer.exe

 

[940Turbo]

Myguard är nvidias moderkortsövervakningsprogram, temperatur, fläkthastighet och sånt.

 

c:\windows\system32\10.tmp

[log]Antivirus Version Senaste Uppdatering Resultat

a-squared 4.0.0.93 2009.02.19 -

AhnLab-V3 2009.2.19.0 2009.02.19 -

AntiVir 7.9.0.83 2009.02.19 HEUR/Malware

Authentium 5.1.0.4 2009.02.19 -

Avast 4.8.1335.0 2009.02.18 -

AVG 8.0.0.237 2009.02.19 -

BitDefender 7.2 2009.02.19 BehavesLike:Win32.ExplorerHijack

CAT-QuickHeal 10.00 2009.02.19 -

ClamAV 0.94.1 2009.02.19 -

Comodo 983 2009.02.19 -

DrWeb 4.44.0.09170 2009.02.19 -

eSafe 7.0.17.0 2009.02.19 Suspicious File

eTrust-Vet 31.6.6365 2009.02.19 -

F-Prot 4.4.4.56 2009.02.19 -

Fortinet 3.117.0.0 2009.02.19 -

GData 19 2009.02.19 BehavesLike:Win32.ExplorerHijack

Ikarus T3.1.1.45.0 2009.02.19 -

K7AntiVirus 7.10.637 2009.02.19 -

Kaspersky 7.0.0.125 2009.02.19 Heur.Trojan.Generic

McAfee 5529 2009.02.17 -

McAfee+Artemis 5529 2009.02.17 -

Microsoft 1.4306 2009.02.19 -

NOD32 3867 2009.02.19 -

nProtect 2009.1.8.0 2009.02.19 BehavesLike:Win32.ExplorerHijack

Panda 10.0.0.10 2009.02.19 -

PCTools 4.4.2.0 2009.02.19 -

Prevx1 V2 2009.02.19 Medium Risk Malware

Rising 21.17.32.00 2009.02.19 -

SecureWeb-Gateway 6.7.6 2009.02.19 Heuristic.Malware

Sophos 4.38.0 2009.02.19 -

Sunbelt 3.2.1855.2 2009.02.17 -

Symantec 10 2009.02.19 -

TheHacker 6.3.2.2.259 2009.02.18 -

TrendMicro 8.700.0.1004 2009.02.19 PAK_Generic.001

VBA32 3.12.10.0 2009.02.18 -

ViRobot 2009.2.19.1615 2009.02.19 -

VirusBuster 4.5.11.0 2009.02.19 -

[/log]

 

c:\windows\system32\drivers\ndis.sys

Denna gick inte att skicka, stannar på 61% när den laddas upp.

 

c:\windows\explorer.exe

[log]Antivirus Version Senaste Uppdatering Resultat

a-squared 4.0.0.93 2009.02.19 -

AhnLab-V3 2009.2.19.0 2009.02.19 -

AntiVir 7.9.0.83 2009.02.19 HEUR/Malware

Authentium 5.1.0.4 2009.02.19 W32/Virut.AI!Generic

Avast 4.8.1335.0 2009.02.18 -

AVG 8.0.0.237 2009.02.19 -

BitDefender 7.2 2009.02.19 -

CAT-QuickHeal 10.00 2009.02.19 -

ClamAV 0.94.1 2009.02.19 -

Comodo 983 2009.02.19 -

DrWeb 4.44.0.09170 2009.02.19 Win32.Virut.56

eSafe 7.0.17.0 2009.02.19 -

eTrust-Vet 31.6.6365 2009.02.19 Win32/Virut.17408

F-Prot 4.4.4.56 2009.02.19 W32/Patched.E.gen!Eldorado

F-Secure 8.0.14470.0 2009.02.19 Virus.Win32.Virut.ce

Fortinet 3.117.0.0 2009.02.19 -

GData 19 2009.02.19 -

Ikarus T3.1.1.45.0 2009.02.19 -

K7AntiVirus 7.10.637 2009.02.19 -

Kaspersky 7.0.0.125 2009.02.19 Virus.Win32.Virut.ce

McAfee 5529 2009.02.17 W32/Virut.n.gen

McAfee+Artemis 5530 2009.02.19 W32/Virut.n.gen

Microsoft 1.4306 2009.02.19 Virus:Win32/Virut.BM

NOD32 3867 2009.02.19 Win32/Virut.NBK

Norman 6.00.06 2009.02.19 -

nProtect 2009.1.8.0 2009.02.19 -

Panda 10.0.0.10 2009.02.19 Suspicious file

PCTools 4.4.2.0 2009.02.19 -

Prevx1 V2 2009.02.19 -

Rising 21.17.32.00 2009.02.19 -

SecureWeb-Gateway 6.7.6 2009.02.19 Heuristic.Malware

Sophos 4.38.0 2009.02.19 W32/Scribble-A

Sunbelt 3.2.1855.2 2009.02.17 Win32.Virut.cf (v)

Symantec 10 2009.02.19 W32.Virut.CF

TheHacker 6.3.2.2.259 2009.02.18 -

TrendMicro 8.700.0.1004 2009.02.19 PE_VIRUX.D

VBA32 3.12.10.0 2009.02.18 Virus.Win32.Virut.X5

ViRobot 2009.2.19.1615 2009.02.19 -

VirusBuster 4.5.11.0 2009.02.19 -[/log]

 

 

[940Turbo]

Hur pass bra är Spybot och spywareblaster??

Har ju båda installerade. Eller är de meningslösa??

 

Hur pass bra funkar Telias "säker surf" ??

 

[940Turbo]

http://www.msgplus.net/

som jag hämtade programmet ifrån verkar lite mer seriöst än http://www.mywot.com/sv/scorecard/msgplus.net

 

Kunde inte hitta nån som helst koppling till det lite halvsuspekta "mywot".

 

[Cecilia]

DrWeb 4.44.0.09170 2009.02.19 Win32.Virut.56

Det här är just den typ av infektion som jag skrev om förut som smittar ner alla exe-filer i datorn. Du kan alltså inte spara undan installationsfilen till AVG, eller till något annat program, för med stor sannolikhet så är den också nedsmittad.

 

Spybot S&D och SpywareBlaster är bra på sina saker men de kan inte göra något åt att du kör en nedsmittad exe-fil som smittar ned alla andra exe-filer i datorn.

 

Telias Säker Surf, dvs F-secure, är ett bra antivirusprogram, troligen något bättre än gratisversionen av AVG.

 

mywot.com är en mycket bra webbplats som samlar information om andra webbplatser. http://www.mywot.com/sv/scorecard/msgplus.net är då informationen om webbplatsen msgplus.net. Så om något är halvsuspekt så är det msgplus.net.

 

[940Turbo]

aha missuppfattade den sidan. sorry

 

OKi då är det bara att rensa D:\ på alla körbara grejer, bilder o musik borde gå att spara va?

Sen formatera C:\ igen.

 

Tusen tack för allt hjälp !!!!!!!!!!!!

Hur orkar du ??

 

// Jonas

 

[Cecilia]

Bilder och musik ska gå bra, men inte program, dvs .exe och .scr, och inte .htm, .html, .php och .asp.

 

Jag blir glad när jag lyckas hjälpa andra så att de blir nöjda

Tack för poäng!

 

[940Turbo]

Du är värd alla poäng som finns

 

Nu har jag formaterat C: och rensat D: från alla ovan nämnda filtyper.

Har även installerat AntiVir som verkade hitta mer grejer än AVG.

Känner mig redo att fortsätta installera, men undrar om jag vågar besöka D: igen, för musik o bilder?

 

Ser ut så här nu:

 

MBAM

[log]Malwarebytes' Anti-Malware 1.34

Databasversion: 1782

Windows 5.1.2600 Service Pack 2

 

2009-02-20 22:02:22

mbam-log-2009-02-20 (22-02-22).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 130607

Förfluten tid: 22 minute(s), 47 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

HiJackThis

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:06:45, on 2009-02-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Messenger\msmsgs.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [avgnt] "C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program\Avira\AntiVir PersonalEdition Classic\avguard.exe

 

--

End of file - 2182 bytes

[/log]

 

Antivir

[log]

 

Avira AntiVir Personal

Report file date: den 20 februari 2009 20:52

 

Scanning for 1258325 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: JONAS-BHW374K2J

 

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 08:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 07:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 11:30:36

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2009-02-11 19:51:30

ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 2009-02-20 19:51:31

ANTIVIR3.VDF : 7.1.2.56 2048 Bytes 2009-02-20 19:51:31

Engineversion : 8.2.0.87

AEVDF.DLL : 8.1.1.0 106868 Bytes 2009-02-20 19:51:39

AESCRIPT.DLL : 8.1.1.47 348539 Bytes 2009-02-20 19:51:38

AESCN.DLL : 8.1.1.7 127347 Bytes 2009-02-20 19:51:37

AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 13:58:38

AEPACK.DLL : 8.1.3.8 397684 Bytes 2009-02-20 19:51:36

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2009-02-20 19:51:35

AEHEUR.DLL : 8.1.0.97 1610103 Bytes 2009-02-20 19:51:34

AEHELP.DLL : 8.1.2.0 119159 Bytes 2009-02-20 19:51:33

AEGEN.DLL : 8.1.1.20 336245 Bytes 2009-02-20 19:51:32

AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 10:05:56

AECORE.DLL : 8.1.6.6 176501 Bytes 2009-02-20 19:51:32

AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 10:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 09:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 12:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 13:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: high

 

Start of the scan: den 20 februari 2009 20:52

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'msmsgs.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

21 processes with 21 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '39' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <Backup>

D:\Jonas Karlsson dokument mappen\Mina dokument\Min musik\MP3\Inte hårdrock\Katy Perry - One Of The Boys (2008)\01 Katy Perry - One Of The Boys.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

D:\Jonas Karlsson dokument mappen\Mina dokument\Spelfusk & tips\GTA\san andreas\tools\programs\zippade\Crazytrainer.rar

[0] Archive type: RAR

--> GTA-SA Crazy Trainer.exe

[DETECTION] Is the TR/Agent.BXM Trojan

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006305.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006306.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006307.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was moved to '49cf0e14.qua'!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006308.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was moved to '49cf0e18.qua'!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006309.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006310.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006311.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006312.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006313.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006314.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006315.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006316.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006317.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006318.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006319.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006320.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006321.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006322.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006323.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006324.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006325.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006326.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006327.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006328.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006329.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006330.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006331.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006332.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006333.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006334.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006335.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006336.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006337.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006338.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006339.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{3B2B348E-5E7E-48C5-A6A6-3D7696AB560C}\RP13\A0006340.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0008737.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0008738.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0008739.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009346.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009347.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009348.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009349.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009350.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009351.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009352.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009353.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009354.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009355.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009356.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009357.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009358.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009359.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009515.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009516.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009519.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009545.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009551.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009584.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009585.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009586.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009615.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009626.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009636.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009678.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009698.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009701.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009704.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009706.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009715.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009716.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009717.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009718.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009720.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009722.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009726.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009728.exe

[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.135 dropper

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009728.exe

[0] Archive type: RAR SFX (self extracting)

--> SmitfraudFix\IEDFix.C.exe

[DETECTION] Is the TR/Agent.82432.1 Trojan

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009730.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009733.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009742.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009756.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0009757.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010888.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010898.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010900.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010913.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010914.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010925.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010927.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010928.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010929.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010930.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010931.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010933.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010934.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010935.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010937.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010939.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010940.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP13\A0010941.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

D:\System Volume Information\_restore{C0FD0782-45D8-4866-8A65-5E28B839F3A2}\RP8\A0003702.exe

[DETECTION] Contains code of the W32/Virut.Gen Windows virus

[NOTE] The file was deleted!

 

 

End of the scan: den 20 februari 2009 21:25

Used time: 32:49 Minute(s)

 

The scan has been done completely.

 

2940 Scanning directories

228596 Files were scanned

104 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

101 files were deleted

0 files were repaired

2 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

228491 Files not concerned

2801 Archives were scanned

1 Warnings

103 Notes

[/log]

 

Virusen där är ju i princip "bara" i gamla återställningspunkter om jag fattat rätt.

 

[Cecilia]

Virut verkar bara finnas där i systemåterställningen, men det var några andra filer där i början också så du får nog vara försiktigare med du laddar ner.

 

Du bör ta bort samtliga systemåterställningspunkter på D: genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen därför att när antivirusprogrammet har varit där och raderat vissa saker så är det troligen så att den funktionen inte kan göra sitt jobb. Skapa sedan en ny punkt.

Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning

 

Med tanke på att du hade en del infekterade filer på D: så kan det ju vara bra med en online-skanning också:

http://usa.kaspersky.com/products_services/free-virus-scanner.php

Den tar normalt några timmar på sig men är mycket bra.

 

[940Turbo]

Tusen tack igen !!!!

Ska prova Kaspersky Online direkt !!

 

[940Turbo]

Kaspersky hittade inget heller. Känns ju lite skönt.

Tusen tack igen !!!!!!!!!

 

[Cecilia]

Tack för poäng!

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home