Just nu i M3-nätverket
Jump to content

Internet strular ad/malware


niklan

Recommended Posts

Jag använder mig av Windovs Xp:s brandvägg och emellanåt så letar jag uppdateringar, men jag kan inte ansluta till microsoft update sen nån vecka tillbaka. Dessutom har internet blivit mkt segare. Jag använder avast! antivirus. Jag installerade just ett anti ad/malware prgrm som hitta en massa skit. Dock kan jag inte ta bort det mesta så jag undrar nu om det finns något bra gratis program som tar bort ad/malware, trojaner etc. som redan existerar på datorn? Jag har också problem att uppdatera ad-ware programmet så det kanske är nått problem med internet inställningarna.

 

jag lägger till ett Hijack this-logg om det är till ngn nytta

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:25:33, on 2009-11-15

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Hotspot Shield\bin\openvpnas.exe

C:\Program\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\ASUS\EPU-4 Engine\FourEngine.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\a-squared Free\a2service.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program\Hotspot Shield\hssie\HssIE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [six Engine] "C:\Program\ASUS\EPU-4 Engine\FourEngine.exe" -r

O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"

O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE"

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdalt.exe] C:\WINDOWS\system32\kdalt.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.focus.lib.kth.se/lib/kth/support/plugins/ebraryRdr.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://ps.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227791100526

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227791357401

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{496731AC-D9CB-45A0-8E33-CFBEE718FF1F}: NameServer = 85.255.112.110;85.255.112.172

O17 - HKLM\System\CCS\Services\Tcpip\..\{C25E8718-F18A-42EC-B1B1-3301FA1894E6}: NameServer = 85.255.112.110;85.255.112.172

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

 

End of file - 10475 bytes

 

 

[/log]

 

Link to comment
Share on other sites

Hej! Jag ser att du har a-squared som är ett av dom bättre programmen på att åtgärda trojaner o dyl så fixar inte den detta otyg så får vi ta till ComboFix som är ett vassare verktyg istället![log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[/log]Mvh Laston

 

Link to comment
Share on other sites

Hej, här kommer loggen från Combofix.

 

[log]

ComboFix 09-11-16.01 - Administratör 2009-11-15 21:17..4 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3327.2711 [GMT 1:00]

Körs från: c:\documents and settings\Administratör\Skrivbord\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 091115-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\resycled

c:\windows\system32\pagefileconfig.vbs

E:\resycled

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-10-15 till 2009-11-15 ))))))))))))))))))))))))))))))

.

 

2009-11-15 17:09 . 2009-11-15 17:18 -------- d-----w- c:\program\a-squared Free

2009-11-15 11:10 . 2009-11-15 11:10 -------- d-----w- c:\program\MSSOAP

2009-11-15 11:10 . 2009-11-15 11:10 -------- d-----w- c:\program\Webroot

2009-11-15 11:07 . 2009-11-15 11:07 -------- d-----w- c:\program\Trend Micro

2009-11-15 10:48 . 2009-11-15 10:48 -------- d-----w- c:\documents and settings\LocalService\Skrivbord

2009-11-15 10:39 . 2009-11-15 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-11-13 12:59 . 2009-11-13 12:59 -------- d-----w- c:\program\Microsoft Silverlight

2009-11-07 13:56 . 2009-11-07 13:56 -------- d-----w- c:\program\Microsoft

2009-11-07 13:56 . 2009-11-07 13:56 -------- d-----w- c:\program\Windows Live SkyDrive

2009-11-07 13:51 . 2009-11-07 13:51 -------- d-----w- c:\program\Delade filer\Windows Live

2009-11-01 17:51 . 2008-11-04 02:30 30568 ----a-w- c:\windows\system32\mdimon.dll

2009-11-01 17:39 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll

2009-11-01 17:38 . 2009-11-01 17:41 -------- d-----w- c:\program\Microsoft Works

2009-11-01 17:37 . 2009-11-01 17:37 -------- d-----w- c:\program\Microsoft.NET

2009-11-01 17:35 . 2009-11-01 17:49 -------- d-----w- c:\program\Microsoft Visual Studio 8

2009-11-01 17:35 . 2009-11-01 17:37 -------- d-----w- c:\windows\SHELLNEW

2009-11-01 17:34 . 2009-11-01 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-11-01 17:34 . 2009-11-01 17:34 -------- d-----r- C:\MSOCache

2009-10-24 09:13 . 2009-10-24 09:13 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-15 20:27 . 2001-09-28 12:00 91868 ----a-w- c:\windows\system32\perfc01D.dat

2009-11-15 20:27 . 2001-09-28 12:00 463138 ----a-w- c:\windows\system32\perfh01D.dat

2009-11-07 13:57 . 2008-11-27 20:06 -------- d-----w- c:\program\Windows Live

2009-11-02 20:17 . 2009-08-27 15:19 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-11-01 17:38 . 2008-11-27 15:53 -------- d-----w- c:\program\MSBuild

2009-10-25 10:14 . 2008-12-05 16:42 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-10-25 10:14 . 2008-12-05 16:41 190160 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-10-24 09:13 . 2008-12-05 16:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-10-08 17:56 . 2009-01-21 18:19 -------- d-----w- c:\program\Solid Edge V20

2009-09-19 15:01 . 2008-11-29 13:58 -------- d-----w- c:\program\MATLAB

2009-08-27 10:50 . 2009-08-27 10:50 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2009-08-23 18:38 . 2009-08-23 18:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-08-19 17:19 . 2009-08-19 17:18 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2009-02-12 10:48 204248 ----a-w- c:\program\Hotspot Shield\HssIE\HssIE.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-29 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"Six Engine"="c:\program\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2008-11-04 413696]

"avast!"="c:\program\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2009-03-27 198160]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-16 16806400]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartPersonal.lnk - c:\program\Personal\bin\Personal.exe [2009-1-15 927248]

Windows Search.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program2\\sopcast\\sopcast\\adv\\SopAdver.exe"=

"c:\\Program2\\sopcast\\sopcast\\SopCast.exe"=

"c:\\Documents and Settings\\Administratör\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=

"c:\\SPEL\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=

"c:\\Program\\TVAnts\\Tvants.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\Mozilla Firefox\\firefox.exe"=

"c:\\SPEL\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"c:\\Program\\Java\\jre6\\bin\\java.exe"=

"c:\\Program\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program\\ANSYS\\v100\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"=

"c:\\Program\\ANSYS\\v100\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"=

"c:\\Program\\ANSYS\\v100\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"=

"c:\\Program\\ANSYS\\v100\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"=

"c:\\Program\\ANSYS\\v100\\CommonFiles\\TCL\\bin\\intel\\wish.exe"=

"c:\\Program\\ANSYS\\v100\\ANSYS\\bin\\intel\\ANSYS.exe"=

"c:\\Documents and Settings\\Administratör\\Application Data\\PowerChallenge\\PowerSoccer-beta\\PowerSoccer.exe"=

"c:\\WINDOWS\\system32\\Nagasoft\\FFVJPlayer.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Program\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"c:\\Documents and Settings\\Administratör\\Skrivbord\\MYP2P_EPL_MEDIA_PLAYER_v1.2.exe"=

"c:\\Program\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\a-squared Free\\a2free.exe"=

"c:\\Program\\a-squared Free\\a2service.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-15 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-15 20560]

R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-27 36864]

S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-28 27904]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*NewlyCreated* - MBR

*Deregistered* - mbr

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

.

------- Extra genomsökning -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://ps.powerchallenge.com/applet/PowerLoader.cab

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab

FF - ProfilePath - c:\documents and settings\Administratör\Application Data\Mozilla\Firefox\Profiles\y5x877h0.defaultFF - prefs.js: browser.startup.homepage - www.google.se

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program\Personal\bin\np_prsnl.dll

FF - plugin: c:\program\Veetle\Player\npvlc.dll

FF - plugin: c:\program\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program2\DivX\DivX Web Player\npdivx32.dll

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKLM-Run-c:\windows\system32\kdalt.exe - c:\windows\system32\kdalt.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-15 21:24

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-1417001333-651377827-839522115-500\Software\SecuROM\License information*]

"datasecu"=hex:1d,cf,42,64,16,9a,9c,d5,e0,2c,38,4d,e6,2f,f6,d2,5c,eb,10,a3,79,

ee,24,15,97,3f,aa,67,67,2e,ba,af,9e,95,70,82,ee,e7,ce,15,a4,6d,f4,a9,fe,a1,"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(1644)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3764)

c:\program\Windows Desktop Search\deskbar.dll

c:\program\Windows Desktop Search\sv-se\dbres.dll.mui

c:\program\Windows Desktop Search\dbres.dll

c:\program\Windows Desktop Search\wordwheel.dll

c:\program\Windows Desktop Search\sv-se\msnlExtRes.dll.mui

c:\program\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\program\Alwil Software\Avast4\aswUpdSv.exe

c:\program\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\Ati2evxx.exe

c:\program\a-squared Free\a2service.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Hotspot Shield\bin\openvpnas.exe

c:\program\Hotspot Shield\HssWPR\hsssrv.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\SearchIndexer.exe

c:\program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program\iPod\bin\iPodService.exe

c:\program\Alwil Software\Avast4\ashMaiSv.exe

c:\program\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Sluttid: 2009-11-15 21:32 - datorn startades om.

ComboFix-quarantined-files.txt 2009-11-15 20:32

 

Före genomsökningen: 3 268 411 392 byte ledigt

Efter genomsökningen: 4 326 645 760 byte ledigt

 

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

 

- - End Of File - - 843875271C069C750EE623736840C87E

 

[/log]

 

Kan mitt sega internet bero på adwares eller är det något annat? Så som det ser ut nu så kan jag iaf. gå ut på microsoft update och uppdatera drivr. o dyl. Tackar Laston

 

 

Link to comment
Share on other sites

Hej! Ok ComboFix åtgärdade en del otrevligheter!

Är det meningen att datorn ska vara uppkopplad mot ukrainska dns-servrar,detta kan förklara segheten på internet!

Om inte så åtgärda detta med Hijackthis!

 

Skanna med HijackThis och bocka för:

O17 - HKLM\System\CCS\Services\Tcpip\..\{496731AC-D9CB-45A0-8E33-C

FBEE718FF1F}: NameServer = 85.255.112.110;85.255.112.172

O17 - HKLM\System\CCS\Services\Tcpip\..\{C25E8718-F18A-42EC-B1B1-3

301FA1894E6}: NameServer = 85.255.112.110;85.255.112.172

 

Avsluta alla andra program.

Tryck Fix checked.

 

Mvh Laston

 

Link to comment
Share on other sites

hehe, nej inte ska jag vara uppkopplad via ukraina!

när jag körde hijack this hittade jag inte det du frågade efter, comboFix

verkar ha fixat det. Så här ser det ut nu iaf. tack för hjälpen Laston det var väldigt sjyst!

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:16:59, on 2009-11-15

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\a-squared Free\a2service.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Hotspot Shield\bin\openvpnas.exe

C:\Program\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program\ASUS\EPU-4 Engine\FourEngine.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program\Hotspot Shield\hssie\HssIE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [six Engine] "C:\Program\ASUS\EPU-4 Engine\FourEngine.exe" -r

O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.focus.lib.kth.se/lib/kth/support/plugins/ebraryRdr.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://ps.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227791100526

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227791357401

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 9657 bytes

[/log]

 

Link to comment
Share on other sites

Ok tänkte väl det:)

Nu ser Hijackthis ok ut,uppdatera och skanna med a-squared o posta loggan om något hittas!Hur fungerar det annars nu,är det fortfarande segt?

 

Mvh Laston

 

"Using Malwarebytes´ Anti-Malware is like bringing an M4 to a knife fight."

 

Link to comment
Share on other sites

A-squared hittade ingenting mer så nu verkar allt vara bra

(virusvis). Dock är internet fortfarande segt, den är inte som förr...

 

Link to comment
Share on other sites

det är ett program som ansluter till en proxyserver i usa, vet inte riktigt om det är skadligt eller inte, jag har ju också haft det ett tag nu och det har funkat bra med internet då också. vad tror du, ska jag ta bort det?

 

Link to comment
Share on other sites

Så, nu har jag avinstallerat hotspot, rebootat, kollat hijackthisloggen att den inte finns med i loggen, surfat lite men dock är det fortfarande segt!

 

Link to comment
Share on other sites

Hmm ok för säkerhets skull kör vi malwarebytes o kollar så att inget skit finns kvar som a-squared missat![log]Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]Mvh Laston

 

[inlägget ändrat 2009-11-16 19:50:49 av Laston]

Link to comment
Share on other sites

Fixat, här kommer malwarebytes loggen, hittade en trojan.

[log]

Malwarebytes' Anti-Malware 1.41

Databasversion: 3180

Windows 5.1.2600 Service Pack 3

 

2009-11-16 20:00:48

mbam-log-2009-11-16 (20-00-48).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 109516

Förfluten tid: 3 minute(s), 38 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

& Hijack this loggen

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:01:12, on 2009-11-16

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\a-squared Free\a2service.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\ASUS\EPU-4 Engine\FourEngine.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [six Engine] "C:\Program\ASUS\EPU-4 Engine\FourEngine.exe" -r

O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.focus.lib.kth.se/lib/kth/support/plugins/ebraryRdr.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://ps.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227791100526

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227791357401

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 9440 bytes

[/log]

Tack för hjälpen Laston

 

Mvh niklan

 

Link to comment
Share on other sites

Varsegod o tack för alla poäng:):thumbsup:

Malwarebytes hittade en fuling till där,blev det nåt bättre nu då?

Mvh Laston

 

"Using Malwarebytes´ Anti-Malware is like bringing an M4 to a knife fight."

 

Link to comment
Share on other sites

Jo, jag märker en stor skillnad i hastighet från förr, dock inte lika stor...

Tänker försöka uppdatera drivrutiner och dyl. och se vad som händer, det behöver väl inte bara vara virus...

 

mvh niklan

 

Link to comment
Share on other sites

jag har redan snackat med min internet operatör ngn vecka sedan och enligt dem fungerar allt ok, är det inte möjligt att jag har fel internet inställnignar...

drivrutiner kommer att ta ett tag, jag måste också plugga! :P

Tack för din hjälp Laston

Mvh niklan

 

 

Link to comment
Share on other sites

Ok vi tar bort Combofix och alla återställningspunkter så att inget otyg kommer tillbaka igen!

Nedanstående verktyg har förmågan att kunna ta bort/deleta filer/mappar/genvägar från de fix-program som vi har använt oss av (Dock ej TM HJT).

 

Skriv ut eller kopiera nedanstående till ett textdokument och spara det till skrivbordet:

Läs/Följ Instruktionerna noga:

 

Hämta hem avinstallationsprogrammet OTCleanIt:

 

http://oldtimer.geekstogo.com/OTC.exe

 

1: Spara ner den till skrivbordet

2: Starta programmet/verktyget genom att dubbelklicka på OTCleanIt.exe

 

3: Klicka på CleanUp! knappen.

4: Om du får varningar från dina skyddsprogram så ge OTCleanIt tillåtelse att få tillgång till Internet.

5: De olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn.[log]C:\System Volume Information\_restore är stället där systemåterställningsfunktionen lagrar olika systemåterställningspunkter. Det betyder att medan din dator var infekterad så skapade Windows en systemåterställningspunkt. Så länge som de skadliga filerna ligger i den mappen så är de ofarliga. Däremot så om du återställer till en tidpunkt då datorn var infekterad så blir även de skadliga filerna återställda.

 

Du kan ta bort samtliga systemåterställningspunkter genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Skapa sedan en ny punkt.

Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning [/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...