Just nu i M3-nätverket
Jump to content

Virtomonde eller annat skräp?


pixmania

Recommended Posts

Något har hänt med min dator. Antivirusprogrammet hittar inget o Spybot hittar en massa Virtumonde som verkar omöjliga att få bort.

Ha installerat Hijack och nedan följer logen. Hoppas någon kunnig kan hjälpa mig.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 08:32:31, on 2009-02-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\WINDOWS\Installer\MSI6F4.tmp

C:\Program\Intel\WiFi\bin\WLKeeper.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe

C:\Program\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Apoint\Apoint.exe

C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program\Apoint\HidFind.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Logitech\QuickCam\Quickcam.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\IObit\Advanced SystemCare 3\AWC.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe

C:\Program\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program\Internet Explorer\iexplore.exe

C:\DOCUME~1\MIKAEL~2\LOKALA~1\Temp\Temporary Internet Files\Content.IE5\ZNMQTTW2\HijackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.opic.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {41c69111-bc18-42d7-956a-24cc8e5f551f} - C:\WINDOWS\system32\ponovisi.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\WiFi\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [bVRPLiveUpdate] C:\Program\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [lawetaweje] Rundll32.exe "C:\WINDOWS\system32\miyebelu.dll",s

O4 - HKLM\..\Run: [CPM17bf69eb] Rundll32.exe "c:\windows\system32\lonayemu.dll",a

O4 - HKLM\..\Run: [148c5a77] rundll32.exe "C:\WINDOWS\system32\saperiho.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\Program\SuperOffice\SoIeExtensions.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214659128218

O16 - DPF: {86702DD4-6E0B-4D72-8715-C963F1BA38B3} (RxClientView Control) - http://viewserver.parmen.se/RxVS/rxclientview.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234526905055&h=b751bf7a79abbab580a3dc62e605be68/&filename=jinstall-6u12-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\parakodo.dll c:\windows\system32\lubudeyu.dll c:\windows\system32\lonayemu.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lonayemu.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program\Intel\WiFi\bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program\Java\jre6\bin\jqs.exe" -service -config "C:\Program\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program\Intel\WiFi\bin\S24EvMon.exe

O23 - Service: SolidConverterPDFv4ReadSpool (SCPDFV4ReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI6F4.tmp

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program\Delade filer\SureThing Shared\stllssvr.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\WiFi\bin\WLKeeper.exe

 

[/log]

 

Link to comment
Share on other sites

Hej! Vi kan se om jag kan hjälpa dig att bli av med detta otyg!Du har en gammal Hijackthis som dessutom är installerad på fel ställe,avinstallera denna och ta hem en ny!

[log]Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg[/log]

 

Link to comment
Share on other sites

Kanon om du kan hjälpa mig. Här kommer ny log.

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:16:43, on 2009-02-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\WINDOWS\Installer\MSI6F4.tmp

C:\Program\Intel\WiFi\bin\WLKeeper.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe

C:\Program\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Apoint\Apoint.exe

C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program\Apoint\HidFind.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Logitech\QuickCam\Quickcam.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\IObit\Advanced SystemCare 3\AWC.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe

C:\Program\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.opic.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {41c69111-bc18-42d7-956a-24cc8e5f551f} - C:\WINDOWS\system32\ponovisi.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\WiFi\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [bVRPLiveUpdate] C:\Program\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [lawetaweje] Rundll32.exe "C:\WINDOWS\system32\miyebelu.dll",s

O4 - HKLM\..\Run: [CPM17bf69eb] Rundll32.exe "c:\windows\system32\lonayemu.dll",a

O4 - HKLM\..\Run: [148c5a77] rundll32.exe "C:\WINDOWS\system32\saperiho.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [lawetaweje] Rundll32.exe "C:\WINDOWS\system32\miyebelu.dll",s (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\Program\SuperOffice\SoIeExtensions.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214659128218

O16 - DPF: {86702DD4-6E0B-4D72-8715-C963F1BA38B3} (RxClientView Control) - http://viewserver.parmen.se/RxVS/rxclientview.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234526905055&h=b751bf7a79abbab580a3dc62e605be68/&filename=jinstall-6u12-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\parakodo.dll c:\windows\system32\lubudeyu.dll c:\windows\system32\lonayemu.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lonayemu.dll (file missing)

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lonayemu.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program\Intel\WiFi\bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program\Intel\WiFi\bin\S24EvMon.exe

O23 - Service: SolidConverterPDFv4ReadSpool (SCPDFV4ReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI6F4.tmp

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program\Delade filer\SureThing Shared\stllssvr.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\WiFi\bin\WLKeeper.exe

 

--

End of file - 10892 bytes

[/log]

 

Link to comment
Share on other sites

Jag ska göra mitt bästa [sKOJ Nu ser det bättre ut med Hijackthis][log]Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

[inlägget ändrat 2009-02-22 09:25:11 av Laston]

Link to comment
Share on other sites

Hijack:

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:56:07, on 2009-02-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe

C:\Program\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Apoint\Apoint.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program\Intel\WiFi\bin\EvtEng.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\Installer\MSI6F4.tmp

C:\Program\Intel\WiFi\bin\WLKeeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\IObit\Advanced SystemCare 3\AWC.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.opic.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\WiFi\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [bVRPLiveUpdate] C:\Program\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [lawetaweje] Rundll32.exe "C:\WINDOWS\system32\miyebelu.dll",s (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\Program\SuperOffice\SoIeExtensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214659128218

O16 - DPF: {86702DD4-6E0B-4D72-8715-C963F1BA38B3} (RxClientView Control) - http://viewserver.parmen.se/RxVS/rxclientview.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234526905055&h=b751bf7a79abbab580a3dc62e605be68/&filename=jinstall-6u12-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: c:\windows\system32\lubudeyu.dll c:\windows\system32\lonayemu.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program\Intel\WiFi\bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program\Intel\WiFi\bin\S24EvMon.exe

O23 - Service: SolidConverterPDFv4ReadSpool (SCPDFV4ReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI6F4.tmp

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program\Delade filer\SureThing Shared\stllssvr.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\WiFi\bin\WLKeeper.exe

 

 

End of file - 9920 bytes

[/log]

 

[log]Malwarebytes' Anti-Malware 1.34

Databasversion: 1792

Windows 5.1.2600 Service Pack 3

 

2009-02-22 09:50:07

mbam-log-2009-02-22 (09-50-07).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 75279

Förfluten tid: 7 minute(s), 47 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 3

Infekterade registernycklar: 8

Infekterade registervärden: 5

Infekterade registerdataposter: 4

Infekterade mappar: 0

Infekterade filer: 3

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

C:\WINDOWS\system32\ponovisi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\miyebelu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\parakodo.dll (Trojan.Vundo.H) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41c69111-bc18-42d7-956a-24cc8e5f551f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{41c69111-bc18-42d7-956a-24cc8e5f551f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41c69111-bc18-42d7-956a-24cc8e5f551f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lawetaweje (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm17bf69eb (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\148c5a77 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\parakodo.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\parakodo.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\parakodo.dll -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\system32\miyebelu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\ponovisi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\parakodo.dll (Trojan.Vundo.H) -> Delete on reboot.

 

 

Malware:[/log]

 

Rättat till LOG-taggar, det ska vara en före och en efter loggen.

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2009-02-22 09:59:39 av Cecilia]

Link to comment
Share on other sites

Hej! Malwarebytes har åtgärdat en del men inte allt![log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[/log]

 

Link to comment
Share on other sites

[log]ComboFix 09-02-21.01 - Mikael Rask - OPIC 2009-02-22 10:18:57.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1014.437 [GMT 1:00]

Körs från: c:\documents and settings\Mikael Rask - OPIC\Skrivbord\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

* Skapade en ny återställningspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\AutoRun.inf

c:\windows\system32\Plugins

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-01-22 till 2009-02-22 ))))))))))))))))))))))))))))))

.

 

2009-02-22 09:34 . 2009-02-22 09:34 <KAT> d-------- c:\documents and settings\Mikael Rask - OPIC\Application Data\Malwarebytes

2009-02-22 09:33 . 2009-02-22 09:34 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-02-22 09:33 . 2009-02-22 09:33 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-22 09:33 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-22 09:33 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-22 09:15 . 2009-02-22 09:15 <KAT> d-------- c:\program\Trend Micro

2009-02-21 15:54 . 2009-02-22 09:34 <KAT> d-------- c:\program\Spybot - Search & Destroy

2009-02-21 15:54 . 2009-02-22 09:53 <KAT> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-20 22:13 . 2009-02-20 22:13 <KAT> d-------- c:\program\Vuze

2009-02-20 22:13 . 2009-02-21 08:07 <KAT> d-------- c:\documents and settings\Mikael Rask - OPIC\Application Data\Azureus

2009-02-20 22:13 . 2009-02-20 22:13 <KAT> d-------- c:\documents and settings\All Users\Application Data\Azureus

2009-02-19 08:57 . 2008-12-17 07:00 768,024 --a------ c:\windows\system32\drivers\lvrs.sys

2009-02-19 08:57 . 2008-12-17 06:55 195,096 --a------ c:\windows\system32\lvci11901262.dll

2009-02-19 08:55 . 2009-02-19 08:55 <KAT> d-------- c:\program\Logitech

2009-02-19 08:46 . 2009-02-19 08:46 <KAT> d-------- c:\windows\TWAIN_32

2009-02-19 08:46 . 2008-12-17 07:01 6,364,440 --a------ c:\windows\system32\drivers\lvuvc.sys

2009-02-19 08:46 . 2007-10-12 02:59 1,920,920 -ra------ c:\windows\system32\drivers\lvpopflt.sys

2009-02-19 08:46 . 2008-12-17 07:00 494,104 --a------ c:\windows\system32\LVUI2.dll

2009-02-19 08:46 . 2008-12-17 07:01 432,664 --a------ c:\windows\system32\LVUI2RC.dll

2009-02-19 08:46 . 2008-12-17 06:55 416,280 --a------ c:\windows\system32\lvcodec2.dll

2009-02-19 08:46 . 2007-10-12 02:57 195,096 -ra------ c:\windows\system32\lvci1150.dll

2009-02-19 08:46 . 2008-12-17 06:37 81,110 --a------ c:\windows\system32\lvcoinst.ini

2009-02-19 08:46 . 2008-12-17 07:01 41,752 --a------ c:\windows\system32\drivers\LVUSBSta.sys

2009-02-19 08:46 . 2008-12-17 06:37 29,562 --a------ c:\windows\system32\Repository.reg

2009-02-19 08:46 . 2008-12-17 07:02 23,832 --a------ c:\windows\system32\drivers\lvuvcflt.sys

2009-02-19 08:41 . 2009-02-19 08:58 <KAT> d-------- c:\program\Delade filer\LogiShrd

2009-02-13 13:07 . 2009-02-13 13:07 410,984 --a------ c:\windows\system32\deploytk.dll

2009-02-13 11:51 . 2009-02-13 11:51 <KAT> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant

2009-02-12 11:33 . 2009-02-12 11:33 <KAT> d-------- c:\documents and settings\All Users\Application Data\WEBREG

2009-02-12 11:28 . 2009-02-12 11:28 <KAT> d-------- c:\documents and settings\All Users\Application Data\HPSSUPPLY

2009-02-12 10:46 . 2009-02-12 10:49 151,115 --------- c:\windows\hpoins14.dat.temp

2009-02-12 10:46 . 2007-09-20 17:34 2,000 --------- c:\windows\hpomdl14.dat.temp

2009-02-12 10:00 . 2007-03-28 14:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll

2009-02-12 09:59 . 2007-03-31 06:07 267,864 --a------ c:\windows\system32\SETE46.tmp

2009-02-12 09:08 . 2009-02-12 12:01 <KAT> d-------- c:\documents and settings\Mikael Rask - OPIC\Application Data\Image Zone Express

2009-02-11 09:34 . 2009-02-11 09:34 1,374 --a------ c:\windows\imsins.BAK

2009-02-08 22:13 . 2009-02-08 22:29 <KAT> d-------- C:\Garmin

2009-02-07 17:33 . 2009-02-07 17:33 <KAT> d-------- c:\documents and settings\Mikael Rask - OPIC\Application Data\anpo.republika.pl

2009-02-07 17:32 . 2009-02-07 17:32 <KAT> d-------- c:\documents and settings\Mikael Rask - OPIC\Application Data\fltk.org

2009-02-07 12:32 . 2004-05-12 07:49 1,089,536 --a------ c:\windows\system32\ROBOEX32.DLL

2009-02-07 12:32 . 2004-05-12 07:48 49,152 --a------ c:\windows\system32\INETWH32.dll

2009-01-28 22:56 . 2009-01-28 22:56 <KAT> d-------- c:\program\IObit

2009-01-26 11:02 . 2009-01-26 11:05 <KAT> d-------- c:\program\Avanquest update

2009-01-26 11:01 . 2009-01-26 11:12 <KAT> d-------- c:\program\Sony Ericsson

2009-01-26 11:01 . 2009-01-26 11:01 <KAT> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson

2009-01-23 07:45 . 2009-02-12 12:01 <KAT> d-------- c:\documents and settings\Mikael Rask - OPIC\Application Data\SolidDocuments

2009-01-23 07:42 . 2009-01-23 07:42 <KAT> d-------- c:\program\SolidDocuments

2009-01-23 07:42 . 2009-01-23 07:42 <KAT> d-------- c:\documents and settings\All Users\Application Data\SolidDocuments

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-20 21:13 --------- d-----w c:\program\Vuze

2009-02-20 06:32 0 ----a-w c:\windows\system32\drivers\lvuvc.hs

2009-02-20 06:32 0 ----a-w c:\windows\system32\drivers\logiflt.iad

2009-02-19 07:55 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd

2009-02-13 12:07 --------- d-----w c:\program\Java

2009-02-12 10:30 --------- d-----w c:\program\Delade filer\HP

2009-02-12 10:28 --------- d-----w c:\program\HP

2009-02-12 10:02 --------- d-----w c:\documents and settings\All Users\Application Data\HP

2009-02-12 08:08 --------- d-----w c:\documents and settings\Mikael Rask - OPIC\Application Data\Printer Info Cache

2009-02-07 11:50 --------- d-----w c:\documents and settings\Mikael Rask - OPIC\Application Data\GARMIN

2009-02-07 11:32 --------- d--h--w c:\program\InstallShield Installation Information

2009-01-27 13:26 --------- d-----w c:\documents and settings\Mikael Rask - OPIC\Application Data\Download Manager

2009-01-26 15:51 --------- d-----w c:\program\Windows Media Connect 2

2009-01-20 12:39 --------- d-----w c:\program\ESET

2009-01-20 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\ESET

2009-01-10 15:27 --------- d-----w c:\program\Nokia

2009-01-08 19:27 --------- d-----w c:\documents and settings\Mikael Rask - OPIC\Application Data\PC Suite

2009-01-07 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite

2009-01-07 12:47 --------- d-----w c:\documents and settings\All Users\Application Data\Installations

2008-12-30 22:03 --------- d-----w c:\program\CyberLink

2008-12-29 20:23 --------- d-----w c:\documents and settings\Mikael Rask - OPIC\Application Data\dvdcss

2008-12-29 15:40 --------- d-----w c:\documents and settings\Mikael Rask - OPIC\Application Data\Software Informer

2008-12-28 13:11 --------- d-----w c:\documents and settings\Mikael Rask - OPIC\Application Data\HP

2008-11-17 15:11 61,224 ----a-w c:\documents and settings\Mikael Rask - OPIC\GoToAssistDownloadHelper.exe

2008-07-02 06:18 88 --sh--r c:\windows\system32\64CAACCC3C.sys

2008-06-28 14:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008062820080629\index.dat

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Sony Ericsson PC Suite"="c:\program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]

"Advanced SystemCare 3"="c:\program\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]

"SpybotSD TeaTimer"="c:\program\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]

"IntelWireless"="c:\program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]

"Corel File Shell Monitor"="c:\program\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Apoint"="c:\program\Apoint\Apoint.exe" [2005-10-07 176128]

"PDVDDXSrv"="c:\program\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]

"egui"="c:\program\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]

"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-02-13 148888]

"LogitechQuickCamRibbon"="c:\program\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartBankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2008-11-27 927248]

HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-11-20 13:20 290088 c:\program\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2008-12-20 07:50 2656528 c:\program\Logitech\QuickCam\Quickcam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-11-04 10:30 413696 c:\program\QuickTime\QTTask.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

"mRouterConfig"="c:\program\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

"DAEMON Tools"="c:\program\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"RoxWatchTray"="c:\program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

"ISUSScheduler"="c:\program\Delade filer\InstallShield\UpdateService\issch.exe" -start

"PDVDDXSrv"="c:\program\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

"ISUSPM Startup"=c:\program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

"igfxtray"=c:\windows\system32\igfxtray.exe

"igfxhkcmd"=c:\windows\system32\hkcmd.exe

"igfxpers"=c:\windows\system32\igfxpers.exe

"ccApp"="c:\program\Delade filer\Symantec Shared\ccApp.exe"

"SunJavaUpdateSched"="c:\program\Java\jre1.6.0_07\bin\jusched.exe"

"SigmatelSysTrayApp"=c:\program\SigmaTel\C-Major Audio\WDM\stsystra.exe

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"IntelZeroConfig"="c:\program\Intel\Wireless\bin\ZCfgSvc.exe"

"IntelWireless"="c:\program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

"PC Suite for Smartphones"="c:\program\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

"QuickTime Task"="c:\program\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Program\\Vuze\\Azureus.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34772:TCP"= 34772:TCP:torr

 

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]

R2 ekrn;Eset Service;c:\program\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]

R2 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\Installer\MSI6F4.tmp [2009-01-23 189688]

R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-01-11 16896]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-06-29 10976]

S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2009-01-07 135680]

S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2009-01-07 8320]

S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2009-01-07 12288]

S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2009-01-07 12288]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2008-10-27 90408]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2008-10-27 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2008-10-27 122024]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2008-10-27 115368]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2008-10-27 25768]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2008-10-27 111784]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2008-10-27 117544]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-10-01 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-10-01 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-10-01 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-10-01 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-10-01 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-10-01 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-10-01 110120]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{968cc84c-c3ba-11dd-b725-001a6b33decf}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6a031dd-ee99-11dd-b78d-001a6b33decf}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-02-22 c:\windows\Tasks\AWC AutoSweep.job

- c:\program\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-01-06 11:32]

 

2009-02-21 c:\windows\Tasks\AWC Update.job

- c:\program\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-01-06 11:37]

 

2009-02-21 c:\windows\Tasks\AWC Update.job

- c:\program\IObit\Advanced SystemCare 3\ [2009-02-22 10:22]

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKLM-Run-BVRPLiveUpdate - c:\program\Avanquest update\Engine\Setup.exe

 

 

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.opic.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{CC88D81F-6166-4F46-AC89-B75CD9CEB292} - {76E2006B-AC76-4710-AC10-4ADE018779EB} - c:\program\SuperOffice\SoIeExtensions.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab

DPF: {86702DD4-6E0B-4D72-8715-C963F1BA38B3} - hxxp://viewserver.parmen.se/RxVS/rxclientview.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-22 10:22:30

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFV4ReadSpool]

"ImagePath"="c:\windows\Installer\MSI6F4.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"="a"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Intel\WiFi\bin\S24EvMon.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Intel\WiFi\bin\EvtEng.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\PSIService.exe

c:\program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

c:\program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\program\Intel\WiFi\bin\WLKEEPER.exe

c:\program\iPod\bin\iPodService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program\Apoint\hidfind.exe

c:\program\Apoint\ApntEx.exe

c:\program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Sluttid: 2009-02-22 10:26:47 - datorn startades om.

ComboFix-quarantined-files.txt 2009-02-22 09:26:43

 

Före genomsökningen: 50 783 203 328 byte ledigt

Efter genomsökningen: 50,779,385,856 byte ledigt

 

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

269 --- E O F --- 2009-02-11 08:36:56

[/log]

 

Link to comment
Share on other sites

Hej! Avinstallera crackade program typ Avanquest och om du har fler!

Kör sen Flash Disinfector på alla externa enheter som Usbminne etc

Ladda ner Flash Disinfector by sUBs till Skrivbordet:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

När det står att du ska sätta in flash-diskar så stoppar du in de USB-minnen etc som kan tänkas vara infekterade.

När allt är klart så avsluta programmet och starta om datorn.

 

Återkom sen med en ny Hijackthis logga

 

 

Link to comment
Share on other sites

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:00:13, on 2009-02-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe

C:\Program\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Apoint\Apoint.exe

C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\IObit\Advanced SystemCare 3\AWC.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\WINDOWS\Installer\MSI6F4.tmp

C:\Program\Intel\WiFi\bin\WLKeeper.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe

C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.opic.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\WiFi\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\Program\SuperOffice\SoIeExtensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214659128218

O16 - DPF: {86702DD4-6E0B-4D72-8715-C963F1BA38B3} (RxClientView Control) - http://viewserver.parmen.se/RxVS/rxclientview.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234526905055&h=b751bf7a79abbab580a3dc62e605be68/&filename=jinstall-6u12-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program\Intel\WiFi\bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program\Intel\WiFi\bin\S24EvMon.exe

O23 - Service: SolidConverterPDFv4ReadSpool (SCPDFV4ReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI6F4.tmp

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program\Delade filer\SureThing Shared\stllssvr.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\WiFi\bin\WLKeeper.exe

 

--

End of file - 9124 bytes

[/log]

 

Link to comment
Share on other sites

Hej! Jag kan inte se några otrevligheter längre,kvarstår några problem?[log]Ladda ner avinstallationsprogrammet OTCleanIt till Skrivbordet.

http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och de olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn.

[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...