Kapad dator?

[Palle58]

Hej, misstänker att min dator är kapad, blir mycket tacksam om jag kan få hjälp att titta på bifogad Hijackthis log.

 

Tack!!

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:22:25, on 2009-12-09

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG9\avgchsvx.exe

C:\Program\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe

C:\Program\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program\AVG\AVG9\avgnsx.exe

C:\Program\CACHEM~1\CachemanXP.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Norton Ghost\Agent\VProSvc.exe

C:\Program\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe

C:\Program\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Launch Manager\LaunchAp.exe

C:\Program\Launch Manager\HotkeyApp.exe

C:\Program\Launch Manager\Wbutton.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\Norton Ghost\Agent\VProTray.exe

C:\WINDOWS\PixArt\PAC7311\Monitor.exe

C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Acesoft\Tracks Eraser Pro\te.exe

C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\Program\Launch Manager\WLBTTray.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Norton Ghost\Shared\Drivers\SymSnapService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program\Opera\opera.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Skype\Toolbars\Shared\SkypeNames.exe

C:\Program\Microsoft Office\Office12\EXCEL.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\Program\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passagen.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"

O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CtrlVol] C:\Program\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\Program\AVG\AVG9\avgtray.exe

O4 - HKLM\..\RunOnce: [MONITOR] C:\Program\Innovative Solutions\Advanced Uninstaller PRO - Version 9\LoaderRunOnce.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe"

O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program\Acesoft\Tracks Eraser Pro\te.exe min

O4 - HKCU\..\Run: [RoboForm] "C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Anpassa meny - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fyll i formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RF verktygsfält - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Spara formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Spara formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF verktygsfält - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238485794071

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238490013640

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =

O17 - HKLM\Software\..\Telephony: DomainName =

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG9\avgwdsvc.exe

O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program\Delade filer\BCL Technologies\NitroPDF5\bepldr.exe

O23 - Service: Ati External Event Utility (biuuygsia4o) - Unknown owner - C:\Documents and Settings\Administratör\Application Data\Microsoft\fooquofou.exe (file missing)

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\Program\CACHEM~1\CachemanXP.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe (file missing)

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program\Norton Ghost\Agent\VProSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

O23 - Service: SymSnapService - Symantec - C:\Program\Norton Ghost\Shared\Drivers\SymSnapService.exe

 

--

End of file - 14431 bytes[/log]

 

 

 

[Malou_031]

Hej Palle58!

 

På vilket sätt misstänker du att din dator är kapad?

Flaggar ditt skyddsprogram upp för något (AVG)?

Om ja vad flaggar den upp för?

 

Gå in på nedanstående sida och hämta hem Malwarebytes Anti-Malware och utför dess procedur: Du hittar instruktion/nerladdningslänk lite längre ner på sidan (under TM HJT).

http://www.saswsupport.se/?page_id=241'>http://www.saswsupport.se/?page_id=241

 

I ditt svar bifogar du loggan från MBAM:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen nappen i Besvara-fönstret

 

//Malou

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[inlägget ändrat 2009-12-10 00:07:05 av Malou_031]

[Palle58]

Hej och tack för hjälpen, misstänker att den är kapad därför att jag tappar min nätverksansluning. Brukar göra det när jag laddar ner mycket. misstänker därför att aktivitet sker genom routern.

Nej AVG flaggar inte något.

 

Tack

Palle58

 

Här kommer loggarna.

 

[log]Malwarebytes' Anti-Malware 1.42

Databasversion: 3334

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2009-12-10 00:36:55

mbam-log-2009-12-10 (00-36-55).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 109892

Förfluten tid: 6 minute(s), 18 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)[/log]

 

 

___________________________________

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:47:21, on 2009-12-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG9\avgchsvx.exe

C:\Program\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe

C:\Program\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program\AVG\AVG9\avgnsx.exe

C:\Program\CACHEM~1\CachemanXP.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Norton Ghost\Agent\VProSvc.exe

C:\Program\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe

C:\Program\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Launch Manager\LaunchAp.exe

C:\Program\Launch Manager\HotkeyApp.exe

C:\Program\Launch Manager\Wbutton.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\Norton Ghost\Agent\VProTray.exe

C:\WINDOWS\PixArt\PAC7311\Monitor.exe

C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Acesoft\Tracks Eraser Pro\te.exe

C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\Program\Launch Manager\WLBTTray.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Norton Ghost\Shared\Drivers\SymSnapService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program\Opera\opera.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spider.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Skype\Toolbars\Shared\SkypeNames.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passagen.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"

O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CtrlVol] C:\Program\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\Program\AVG\AVG9\avgtray.exe

O4 - HKLM\..\RunOnce: [MONITOR] C:\Program\Innovative Solutions\Advanced Uninstaller PRO - Version 9\LoaderRunOnce.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe"

O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program\Acesoft\Tracks Eraser Pro\te.exe min

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Anpassa meny - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fyll i formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RF verktygsfält - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Spara formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Spara formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF verktygsfält - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238485794071

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238490013640

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =

O17 - HKLM\Software\..\Telephony: DomainName =

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG9\avgwdsvc.exe

O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program\Delade filer\BCL Technologies\NitroPDF5\bepldr.exe

O23 - Service: Ati External Event Utility (biuuygsia4o) - Unknown owner - C:\Documents and Settings\Administratör\Application Data\Microsoft\fooquofou.exe (file missing)

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\Program\CACHEM~1\CachemanXP.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe (file missing)

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program\Norton Ghost\Agent\VProSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

O23 - Service: SymSnapService - Symantec - C:\Program\Norton Ghost\Shared\Drivers\SymSnapService.exe

 

 

End of file - 14492 bytes[/log]

Lagt till LOG-taggar

När du har klistrat in en logg så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som i inläggsfönstret.

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2009-12-10 01:05:42 av Cecilia]

[Malou_031]

Hej Palle58!

 

Ber om ursäkt för att svar har dröjt *ler*

 

Ser att MBAM har hittat samt åtgärdat en elaking (Rootkit.TDSS). Mycket bra.

I och med detta så känner jag att vi tar till ett litet skarpare verktyg för att säkerställa att denna elaking verkligen är åtgärdad. Om den inte är det så kommer förhoppningsvis ComboFix att hitta samt åtgärda resterande.

 

[log]Hämta hem ComboFix från nedanstående länk:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Spara ComboFix till skrivbordet "Mycket viktigt"

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.[/log]

 

//Malou

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Palle58]

Hej Malou och tack, har varit borta ett par dgr men är nu tillbaka och kört det program du instruerade om här kommer loggen.

 

Försökte stänga ner AVG så gott jag kunde.

 

[log]ComboFix 09-12-11.04 - Administratör 2009-12-12 11:27:55.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2550.1580 [GMT 1:00]

Körs från: c:\documents and settings\Administratör\Skrivbord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\patchw32.dll

c:\windows\pw32a.dll

c:\windows\system32\pagefileconfig.vbs

c:\windows\system32\srcr.dat

c:\windows\twain_16.dll

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-11-12 till 2009-12-12 ))))))))))))))))))))))))))))))

.

 

2009-12-07 13:03 . 2009-12-08 13:08 -------- d-----w- C:\$AVG

2009-12-07 13:02 . 2009-12-07 13:02 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-07 13:02 . 2009-12-07 13:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-12-07 13:02 . 2009-12-07 13:02 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-12-07 13:02 . 2009-12-07 13:02 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-12-07 13:02 . 2009-12-12 10:10 -------- d-----w- c:\windows\system32\drivers\Avg

2009-12-07 12:29 . 2009-12-07 12:29 -------- d-----w- c:\program\Trend Micro

2009-12-07 11:17 . 2009-12-07 11:17 -------- d-----w- c:\program\CCleaner

2009-12-07 06:33 . 2009-12-07 06:33 -------- d-----w- C:\sh4ldr

2009-12-07 06:32 . 2009-12-07 06:33 6853096 ----a-w- C:\SpyHunter-Compact-OS.exe

2009-12-07 06:32 . 2009-12-07 06:32 -------- d-----w- c:\program\Enigma Software Group

2009-12-07 05:51 . 2009-12-07 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2009-12-05 22:32 . 2009-12-05 22:43 -------- d-----w- c:\program\Spybot - Search & Destroy

2009-12-05 22:30 . 2009-12-06 00:08 -------- d-----w- C:\98b0e4f205625caf97

2009-12-05 21:26 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-05 21:26 . 2009-12-05 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-05 21:26 . 2009-12-05 21:28 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2009-12-05 21:26 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-05 17:37 . 2009-12-05 17:37 -------- d-----w- C:\9ddc422aa2c177ba3fe9d42a5225

2009-12-05 15:28 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll

2009-12-05 15:28 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll

2009-12-05 15:28 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip

2009-12-05 15:28 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll

2009-12-05 15:28 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll

2009-12-05 15:28 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip

2009-12-05 15:27 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-12-05 15:27 . 2009-12-05 17:25 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-12-05 15:27 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-12-05 15:26 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-12-05 15:26 . 2009-12-07 11:35 -------- d-----w- c:\program\Spyware Doctor

2009-12-05 15:26 . 2009-12-05 15:26 -------- d-----w- c:\program\Delade filer\PC Tools

2009-12-05 15:26 . 2009-12-05 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-12-05 15:26 . 2009-12-12 10:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-05 12:11 . 2009-12-05 12:11 -------- d-----w- C:\PROGRAM FILES

2009-12-05 10:27 . 2009-12-05 10:27 -------- d-----w- C:\8b534499378094c07b312fcf

2009-12-05 08:13 . 2009-12-05 08:13 -------- d--h--w- c:\windows\PIF

2009-12-04 21:40 . 2009-12-04 21:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-12-01 23:58 . 2009-12-01 23:58 -------- d-----w- c:\program\Delade filer\EZB Systems

2009-12-01 23:58 . 2009-12-01 23:58 -------- d-----w- c:\program\UltraISO

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-12 10:31 . 2009-03-31 09:30 93064 ----a-w- c:\windows\system32\perfc01D.dat

2009-12-12 10:31 . 2009-03-31 09:30 466468 ----a-w- c:\windows\system32\perfh01D.dat

2009-12-10 08:06 . 2009-03-31 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-12-08 07:25 . 2009-12-08 07:25 3963160 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2009-12-08 07:24 . 2009-12-08 07:24 844056 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2009-12-08 07:24 . 2009-12-08 07:24 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2009-12-07 11:18 . 2009-03-31 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-24 10:47 . 2009-04-03 06:55 -------- d-----w- c:\program\Opera

2009-11-08 13:03 . 2009-04-14 15:54 -------- d-----w- c:\program\Canon

2009-11-05 12:50 . 2009-04-14 15:50 -------- d-----w- c:\program\Delade filer\ScanSoft Shared

2009-11-05 12:49 . 2009-04-14 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanWizard

2009-11-05 12:49 . 2009-04-14 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanAppDataDir

2009-11-03 16:47 . 2009-03-31 05:56 -------- d-----w- c:\program\AVG

2009-11-03 16:14 . 2009-11-03 16:14 -------- d-----w- c:\program\iTunes

2009-11-03 16:14 . 2009-11-03 16:14 -------- d-----w- c:\program\iPod

2009-11-03 16:14 . 2009-09-30 14:05 -------- d-----w- c:\program\Delade filer\Apple

2009-11-03 16:08 . 2009-11-03 16:08 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-02 16:25 . 2009-03-31 15:44 -------- d--h--w- c:\program\InstallShield Installation Information

2009-11-02 09:14 . 2009-03-31 12:42 -------- d-----r- c:\program\Skype

2009-11-02 09:14 . 2009-03-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-10-30 11:28 . 2009-10-30 11:27 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-10-29 07:44 . 2009-03-31 09:30 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-27 09:39 . 2009-10-27 09:39 -------- d-----w- c:\program\Personal

2009-10-21 05:40 . 2009-03-31 09:30 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:40 . 2009-03-31 09:30 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-16 15:25 . 2009-10-16 15:25 -------- d-----w- c:\program\ESET

2009-10-16 14:34 . 2009-03-31 11:12 -------- d-----w- c:\program\Delade filer\Adobe

2009-10-13 10:38 . 2009-03-31 09:30 270848 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:40 . 2009-03-31 09:30 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:40 . 2009-03-31 09:30 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-03 10:31 . 2009-10-03 10:31 51780 ---ha-w- c:\windows\system32\mlfcache.dat

2007-04-11 11:12 . 2009-04-27 18:54 2279464 ----a-w- c:\program\PcSetup.exe

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced Uninstaller PRO Installation Monitor"="c:\program\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe" [2008-11-26 1340389]

"Tracks Eraser Pro"="c:\program\Acesoft\Tracks Eraser Pro\te.exe" [2009-07-23 1437504]

"Skype"="c:\program\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"SpybotSD TeaTimer"="c:\program\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"RoboForm"="c:\program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-10-26 160592]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-08-19 149280]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"DefragTaskBar"="c:\program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]

"Nitro PDF Printer Monitor"="c:\program\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-03-26 210208]

"GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"LaunchAp"="c:\program\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"HotkeyApp"="c:\program\Launch Manager\HotkeyApp.exe" [2006-04-19 65536]

"Wbutton"="c:\program\Launch Manager\Wbutton.exe" [2006-05-04 86016]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 761946]

"Norton Ghost 14.0"="c:\program\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]

"Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]

"OpwareSE2"="c:\program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"NeroFilterCheck"="c:\program\Delade filer\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"MONITOR"="c:\program\Innovative Solutions\Advanced Uninstaller PRO - Version 9\LoaderRunOnce.exe" [2008-09-03 1015696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartWindows Search.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-12-07 13:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program\\Norstedts Juridik\\Tax2009\\Skatt09.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Program\\Opera\\opera.exe"=

"c:\\Program\\Delade filer\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-05 207280]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-07 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-07 360584]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2009-12-07 285392]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program\Spyware Doctor\BDT\BDTUpdateService.exe [2009-12-05 112592]

R2 CachemanXPService;CachemanXP;c:\program\CACHEM~1\CachemanXP.exe [2009-03-31 244224]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-03-31 5120]

R3 SymSnapService;SymSnapService;c:\program\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1562096]

S1 mailKmd;mailKmd; [x]

S2 biuuygsia4o;Ati External Event Utility;c:\documents and settings\Administratör\Application Data\Microsoft\fooquofou.exe --> c:\documents and settings\Administratör\Application Data\Microsoft\fooquofou.exe [?]

S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program\Delade filer\BCL Technologies\NitroPDF5\bepldr.exe [2008-02-11 151552]

S3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [2006-11-08 530304]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program\Spyware Doctor\pctsAuxs.exe [2009-12-05 359624]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.passagen.se/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Anpassa meny - file://c:\program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xportera till Microsoft Excel - c:\program\MICROS~4\Office12\EXCEL.EXE/3000

IE: Fyll i formulär - file://c:\program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RF verktygsfält - file://c:\program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Spara formulär - file://c:\program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-CtrlVol - c:\program\Launch Manager\CtrlVol.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-12 11:36

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CtrlVol = c:\program\Launch Manager\CtrlVol.exe???????????????????????????????????????????????0???`??????|?&?|?????&?|B%?|t????????????????doct????????doc???????????sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s??????7~??@?N'?s$=:? :@?0=:????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-1957994488-1935655697-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,58,0e,9f,a4,46,18,49,95,28,14,"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,ed,93,fa,5f,6d,8d,40,95,92,c2,.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(3452)

c:\program\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\program\Windows Desktop Search\deskbar.dll

c:\program\Windows Desktop Search\sv-se\dbres.dll.mui

c:\program\Windows Desktop Search\dbres.dll

c:\program\Windows Desktop Search\wordwheel.dll

c:\program\Windows Desktop Search\sv-se\msnlExtRes.dll.mui

c:\program\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\AVG\AVG9\avgchsvx.exe

c:\program\AVG\AVG9\avgrsx.exe

c:\program\AVG\AVG9\avgcsrvx.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Norton Ghost\Agent\VProSvc.exe

c:\windows\system32\IoctlSvc.exe

c:\program\AVG\AVG9\avgnsx.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\program\Launch Manager\WLBTTray.exe

c:\program\iPod\bin\iPodService.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\msdtc.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Sluttid: 2009-12-12 11:45:43 - datorn startades om.

ComboFix-quarantined-files.txt 2009-12-12 10:45

 

Före genomsökningen: 98 613 604 352 byte ledigt

Efter genomsökningen: 98 679 480 320 byte ledigt

 

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - D2D7BECFE238C35CA4A5010727A3D6AC

[/log]

 

//Pär

 

[Malou_031]

Hej Palle58!

 

Varsegod!

Man återkommer då man har tid (finns annat att göra också speciellt nu då det är jultider *ler* ).

 

Ser att ComboFix har hittat samt åtgärdat en del. Mycket bra.

Skall alldeles strax gå igenom resterande av combologgan för att se om där finns fler filer som behöver åtgärdas. Detta kommer att ta en stund så håll ut så länge.

 

Hur mår datorn nu?

 

//Malou

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Laston]

Hej! Malou_031 är upptagen med annat så jag hoppar in och hjälper till lite!

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan,

C:\sh4ldr

c:\windows\PIF

c:\windows\UDB.zip

tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn

 

Ladda ner Lop S&D till Skrivbordet.

http://eric.71.mespages.googlepages.com/LopSD.exe

Stäng av antivirusprogrammet och andra realtidsskydd så att de inte stör borttagningen.

Dubbelklicka på filen för att starta programmet.

Välj språk och välj därefter Option 1 (Search)

Vänta tills skanningen är klar.

Kopiera den logg som kommer upp och klistra in i ditt svar.

Om loggen inte kommer upp så finns den som C:\lopR.txt.

 

Mvh Laston

 

[Palle58]

Hej och tack.

 

De två första är Foldrar så jag kan inte analysera dem:

C:\sh4ldr c:\windows\PIF

Den sista är en fil:

c:\windows\UDB.zip

Här är resultatet:

analisis/565ae946682fd9de8d9611c007847d9dadb2658564e13924b19f2060b162fcff-1259715503.

 

Här kommer loggen:

 

[log]--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T5500 @ 1.66GHz )

BIOS : Ver 1.00PARTTBL

USER : Administratör ( Administrator )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 9.0 (Not Activated)

C:\ (Local Disk) - NTFS - Total:111 Go (Free:91 Go)

D:\ (CD or DVD)

G:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 2009-12-12|17:16 )

 

--------------------\\ Listing folders in APPLIC~1

 

 

[2009-10-16|23:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe

[2009-12-02|01:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead

[2009-09-30|19:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

[2009-04-14|17:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft

[2009-11-30|19:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon

[2009-12-02|18:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help

[2009-03-31|02:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[2009-08-17|22:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield

[2009-03-31|13:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia

[2009-12-05|22:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes

[2009-04-27|20:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic

[2009-10-16|16:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[2009-08-17|22:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

[2009-03-31|14:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nitro PDF

[2009-04-01|19:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Norstedts Juridik

[2009-04-03|07:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Opera

[2009-12-05|16:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools

[2009-03-31|22:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Personal

[2009-04-14|16:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\ScanSoft

[2009-12-12|16:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype

[2009-04-01|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun

[2009-03-31|19:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[2009-11-02|17:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thinstall

[2009-12-02|21:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\U3

[2009-12-06|15:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent

[2009-03-31|09:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Desktop Search

[2009-04-01|07:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Search

[2009-04-01|07:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

[2009-04-27|20:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso

[0|fil(er)] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte

[31|katalog(er)] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte ledigt

 

[2009-09-30|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009-03-31|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[2009-03-31|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead

[2009-09-30|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[2009-09-30|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[2009-03-31|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ashampoo

[2009-12-07|14:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg9

[2009-12-07|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure

[2009-03-31|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Innovative Solutions

[2009-12-05|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[2009-03-31|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[2009-12-10|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

[2009-04-26|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

[2009-03-31|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nitro PDF

[2009-04-01|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norstedts Juridik

[2009-03-31|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage

[2009-12-05|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools

[2009-03-31|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm

[2009-11-02|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[2009-12-07|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[2009-11-05|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir

[2009-11-05|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard

[2009-03-31|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[2009-12-12|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[2009-03-31|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte

[27|katalog(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledigt

 

[2009-03-31|01:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte

[3|katalog(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledigt

 

[2009-03-31|12:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe

[2009-12-07|14:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte

[4|katalog(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledigt

 

[2009-12-07|14:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte

[3|katalog(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledigt

 

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

 

[2009-12-01 11:55][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009-12-12 16:44][--a------] C:\WINDOWS\tasks\OGADaily.job

[2009-12-12 11:36][--a------] C:\WINDOWS\tasks\OGALogon.job

[2009-12-12 11:34][--ah-----] C:\WINDOWS\tasks\SA.DAT

[2004-08-04 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing Folders in C:\Program

 

[2009-03-31|13:35] C:\Program\Acesoft

[2009-10-16|15:30] C:\Program\Adobe

[2009-09-30|15:05] C:\Program\Apple Software Update

[2009-04-14|16:47] C:\Program\ArcSoft

[2009-03-31|12:51] C:\Program\Ashampoo

[2009-11-03|17:47] C:\Program\AVG

[2009-04-27|20:07] C:\Program\BlindWrite6

[2009-09-30|15:06] C:\Program\Bonjour

[2009-03-31|12:48] C:\Program\CachemanXP

[2009-11-08|14:03] C:\Program\Canon

[2009-12-07|12:17] C:\Program\CCleaner

[2009-04-27|19:54] C:\Program\common

[2009-03-31|01:54] C:\Program\ComPlus Applications

[2009-12-12|11:29] C:\Program\Delade filer

[2009-03-31|16:13] C:\Program\DIFX

[2009-12-07|07:32] C:\Program\Enigma Software Group

[2009-10-16|16:25] C:\Program\ESET

[2009-03-31|12:17] C:\Program\Innovative Solutions

[2009-11-02|17:25] C:\Program\InstallShield Installation Information

[2009-03-31|16:43] C:\Program\Intel

[2009-12-10|09:35] C:\Program\Internet Explorer

[2009-11-03|17:14] C:\Program\iPod

[2009-11-03|17:14] C:\Program\iTunes

[2009-08-19|08:40] C:\Program\Java

[2009-03-31|13:45] C:\Program\K-Lite Codec Pack

[2009-03-31|16:47] C:\Program\Launch Manager

[2009-08-17|22:45] C:\Program\Logitech

[2009-12-05|22:28] C:\Program\Malwarebytes' Anti-Malware

[2009-03-31|09:22] C:\Program\Messenger

[2009-03-31|10:18] C:\Program\Microsoft

[2009-03-31|12:29] C:\Program\Microsoft Carioca Rummy

[2009-03-31|01:59] C:\Program\microsoft frontpage

[2009-03-31|15:13] C:\Program\Microsoft Office

[2009-03-31|15:13] C:\Program\Microsoft Visual Studio

[2009-03-31|15:11] C:\Program\Microsoft Visual Studio 8

[2009-10-12|08:43] C:\Program\Microsoft Works

[2009-03-31|15:13] C:\Program\Microsoft.NET

[2009-03-31|08:58] C:\Program\Movie Maker

[2009-03-31|15:14] C:\Program\MSBuild

[2009-03-31|01:54] C:\Program\MSN Gaming Zone

[2009-03-31|15:43] C:\Program\MSXML 4.0

[2009-04-26|20:49] C:\Program\Nero

[2009-03-31|08:57] C:\Program\NetMeeting

[2009-09-18|15:11] C:\Program\Network Print Monitor

[2009-03-31|14:58] C:\Program\Nitro PDF

[2009-04-01|19:41] C:\Program\Norstedts Juridik

[2009-03-31|18:40] C:\Program\Norton Ghost

[2009-03-31|01:54] C:\Program\Onlinetjänster

[2009-11-24|11:47] C:\Program\Opera

[2009-08-13|21:01] C:\Program\Outlook Express

[2009-10-27|10:39] C:\Program\Personal

[2009-06-10|18:40] C:\Program\Play65

[2009-03-31|20:45] C:\Program\PowerQuest

[2009-09-30|15:06] C:\Program\QuickTime

[2009-03-31|09:45] C:\Program\Reference Assemblies

[2009-04-14|16:50] C:\Program\ScanSoft

[2009-03-31|12:33] C:\Program\Siber Systems

[2009-11-02|10:14] C:\Program\Skype

[2009-12-05|23:43] C:\Program\Spybot - Search & Destroy

[2009-12-07|12:35] C:\Program\Spyware Doctor

[2009-03-31|18:42] C:\Program\Symantec

[2009-03-31|16:44] C:\Program\Synaptics

[2009-04-27|19:54] C:\Program\tools

[2009-12-07|13:29] C:\Program\Trend Micro

[2009-04-06|21:23] C:\Program\Trust

[2009-12-02|00:58] C:\Program\UltraISO

[2009-03-31|02:03] C:\Program\Uninstall Information

[2009-03-31|13:48] C:\Program\uTorrent

[2009-06-11|07:12] C:\Program\Windows Desktop Search

[2009-03-31|10:17] C:\Program\Windows Live

[2009-03-31|10:17] C:\Program\Windows Live SkyDrive

[2009-03-31|09:41] C:\Program\Windows Media Connect 2

[2009-03-31|09:41] C:\Program\Windows Media Player

[2009-03-31|08:57] C:\Program\Windows NT

[2009-03-31|01:54] C:\Program\WindowsUpdate

[2009-03-31|18:26] C:\Program\WinRAR

[2009-03-31|13:21] C:\Program\VS Revo Group

[2009-03-31|01:59] C:\Program\xerox

[0|fil(er)] C:\Program\byte

[80|katalog(er)] C:\Program\byte ledigt

 

--------------------\\ Listing Folders in C:\Program\Delade filer

 

[2009-10-16|15:34] C:\Program\Delade filer\Adobe

[2009-04-26|20:53] C:\Program\Delade filer\Ahead

[2009-11-03|17:14] C:\Program\Delade filer\Apple

[2009-03-31|14:58] C:\Program\Delade filer\BCL Technologies

[2009-05-09|14:42] C:\Program\Delade filer\Canon

[2009-03-31|15:13] C:\Program\Delade filer\DESIGNER

[2009-12-02|00:58] C:\Program\Delade filer\EZB Systems

[2009-08-17|22:44] C:\Program\Delade filer\InstallShield

[2009-03-31|01:58] C:\Program\Delade filer\Java

[2009-11-03|17:46] C:\Program\Delade filer\Microsoft Shared

[2009-03-31|01:54] C:\Program\Delade filer\MSSoap

[2009-03-31|14:58] C:\Program\Delade filer\Nitro PDF

[2009-04-01|19:37] C:\Program\Delade filer\NJAB Shared

[2009-03-31|03:37] C:\Program\Delade filer\ODBC

[2009-04-06|21:23] C:\Program\Delade filer\PAC7311

[2009-12-05|16:26] C:\Program\Delade filer\PC Tools

[2009-04-06|21:23] C:\Program\Delade filer\PXIINST

[2009-04-06|21:23] C:\Program\Delade filer\PXIINST64

[2009-08-17|22:46] C:\Program\Delade filer\Remote Control Software Common

[2009-08-17|22:45] C:\Program\Delade filer\Remote Control USB Driver

[2009-11-05|13:50] C:\Program\Delade filer\ScanSoft Shared

[2009-03-31|01:54] C:\Program\Delade filer\Services

[2009-03-31|03:37] C:\Program\Delade filer\SpeechEngines

[2009-03-31|18:42] C:\Program\Delade filer\Symantec Shared

[2009-10-12|08:41] C:\Program\Delade filer\System

[2009-03-31|10:14] C:\Program\Delade filer\Windows Live

[0|fil(er)] C:\Program\Delade filer\byte

[28|katalog(er)] C:\Program\Delade filer\byte ledigt

 

--------------------\\ Process

 

( 76 Processes )

 

IEXPLORE.EXE ~ [PID:1100]

IEXPLORE.EXE ~ [PID:4912]

IEXPLORE.EXE ~ [PID:4928]

IEXPLORE.EXE ~ [PID:5016]

 

--------------------\\ Searching with S_Lop

 

No Lop folder found !

 

--------------------\\ Searching for Lop Files - Folders

 

No Lop folder found !

 

--------------------\\ Searching within the Registry

 

..... OK !

 

--------------------\\ Checking the Hosts file

 

Hosts file CLEAN

 

 

--------------------\\ Searching for hidden files with Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-12 17:18:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Searching for other infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\ADMINI~1\Lokala inställningar\Application Data\Innovative Solutions\Advanced Uninstaller PRO\Installation Logs\WinRAR 3.80keygen.INSTALL_LOG

C:\DOCUME~1\ADMINI~1\Lokala inställningar\Application Data\Opera\Opera\icons\http%3A%2F%2F4.bp.blogspot.com%2F_-okOlfNLgys%2FSd6XrdQOo9I%2FAAAAAAAAAEc%2FcQkvgMBgWgM%2Fs320%2Fcrackulous2.png

C:\DOCUME~1\ADMINI~1\Mina dokument\OneSwarm Downloads\TROJAN REMOVER v6.7.6 + Crack REZMAN1984.7z

 

 

[F:397][D:7]-> C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp

[F:16][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies

[F:135][D:4]-> C:\DOCUME~1\ADMINI~1\LOKALA~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 2009-12-12|17:20 - Option : [1]

 

--------------------\\ Scan completed at 17:20:11

[/log]

 

 

[Malou_031]

Hej Palle58!

 

Då var jag tillbaka igen *ler*

 

Ser att du har fått god hjälp av Laston

 

Ser att där förekommer en del Cracks & Keygens. Sådana program drar in en massa otrevligheter i datorn och infekterar den.

Rekommenderar dig att avinstallera dessa. Avinstallera även alla äldre skyddsprogram (behåll det du använder).

 

Då du avinstallerat dessa så gör en ny scanning med Combofix enligt tidigare instruktion/procedur här i tråden (uppdatera den först om nödvändigt).

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

//Malou

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[inlägget ändrat 2009-12-12 17:48:07 av Malou_031]

[Laston]

Hej! Detta program som du har installerat:

c:\program\Enigma Software Group

C:\SpyHunter-Compact-OS.exe

Så här säger WOT om deras hemsida:

http://www.mywot.com/sv/scorecard/enigmasoftware.com

Alltså inte mycket att behålla då som jag ser det så avinstallera det!

Mvh Laston

 

[Palle58]

Hej Malou o Laston,

 

Malou, du skriver om cracks o keygen, kan du tipsa om hur jag hittar dem.

Vilket skydsprogram rekomenderar du att jag använder.

 

Laston, ok Jag följer ditt råd.

 

Mvh Pär.

 

[Laston]

Malou, du skriver om cracks o keygen, kan du tipsa om hur jag hittar dem.

Kör Lop S&D, men denna gång så väljer du Option 2 (Fix + Hosts).

Gör inget med datorn medan programmet håller på.

Klistra in den nya loggen här.

 

 

[Malou_031]

Hej Palle58!

 

Vilket skydsprogram rekomenderar du att jag använder.

Ser att du har AVG9 installerad så varför inte fortsätta med detta antivirusprogram under förutsättning att du är nöjd med detta skyddsprogram.

 

Återkom med de loggar som Laston har begärt så går vi vidare.

 

//Malou

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Palle58]

Hej Laston!

 

Har ännu inte avisntallerat andra skyddprogram än de du nämnde.

 

Här kommer loggen:

 

[log] --------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T5500 @ 1.66GHz )

BIOS : Ver 1.00PARTTBL

USER : Administratör ( Administrator )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 9.0 (Not Activated)

C:\ (Local Disk) - NTFS - Total:111 Go (Free:91 Go)

D:\ (CD or DVD)

G:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 2009-12-12|23:55 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing folders in APPLIC~1

 

 

[2009-10-16|23:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe

[2009-12-02|01:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead

[2009-09-30|19:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

[2009-04-14|17:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft

[2009-11-30|19:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon

[2009-12-02|18:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help

[2009-03-31|02:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[2009-08-17|22:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield

[2009-03-31|13:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia

[2009-12-05|22:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes

[2009-04-27|20:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic

[2009-10-16|16:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[2009-08-17|22:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

[2009-03-31|14:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nitro PDF

[2009-04-01|19:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Norstedts Juridik

[2009-04-03|07:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Opera

[2009-12-05|16:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools

[2009-03-31|22:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Personal

[2009-04-14|16:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\ScanSoft

[2009-12-12|23:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype

[2009-04-01|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun

[2009-03-31|19:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[2009-11-02|17:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thinstall

[2009-12-02|21:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\U3

[2009-12-06|15:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent

[2009-03-31|09:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Desktop Search

[2009-04-01|07:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Search

[2009-04-01|07:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

[2009-04-27|20:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso

[0|fil(er)] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte

[31|katalog(er)] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte ledigt

 

[2009-09-30|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009-03-31|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[2009-03-31|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead

[2009-09-30|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[2009-09-30|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[2009-03-31|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ashampoo

[2009-12-07|14:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg9

[2009-12-07|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure

[2009-03-31|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Innovative Solutions

[2009-12-05|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[2009-03-31|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[2009-12-10|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

[2009-04-26|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

[2009-03-31|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nitro PDF

[2009-04-01|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norstedts Juridik

[2009-03-31|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage

[2009-12-05|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools

[2009-03-31|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm

[2009-11-02|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[2009-12-07|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[2009-11-05|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir

[2009-11-05|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard

[2009-03-31|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[2009-12-12|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[2009-03-31|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte

[27|katalog(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledigt

 

[2009-03-31|01:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte

[3|katalog(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledigt

 

[2009-03-31|12:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe

[2009-12-07|14:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte

[4|katalog(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledigt

 

[2009-12-07|14:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte

[3|katalog(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledigt

 

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

 

[2009-12-01 11:55][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009-12-12 16:44][--a------] C:\WINDOWS\tasks\OGADaily.job

[2009-12-12 11:36][--a------] C:\WINDOWS\tasks\OGALogon.job

[2009-12-12 11:34][--ah-----] C:\WINDOWS\tasks\SA.DAT

[2004-08-04 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing Folders in C:\Program

 

[2009-03-31|13:35] C:\Program\Acesoft

[2009-10-16|15:30] C:\Program\Adobe

[2009-09-30|15:05] C:\Program\Apple Software Update

[2009-04-14|16:47] C:\Program\ArcSoft

[2009-03-31|12:51] C:\Program\Ashampoo

[2009-11-03|17:47] C:\Program\AVG

[2009-04-27|20:07] C:\Program\BlindWrite6

[2009-09-30|15:06] C:\Program\Bonjour

[2009-03-31|12:48] C:\Program\CachemanXP

[2009-11-08|14:03] C:\Program\Canon

[2009-12-07|12:17] C:\Program\CCleaner

[2009-04-27|19:54] C:\Program\common

[2009-03-31|01:54] C:\Program\ComPlus Applications

[2009-12-12|11:29] C:\Program\Delade filer

[2009-03-31|16:13] C:\Program\DIFX

[2009-12-12|19:20] C:\Program\Enigma Software Group

[2009-10-16|16:25] C:\Program\ESET

[2009-03-31|12:17] C:\Program\Innovative Solutions

[2009-11-02|17:25] C:\Program\InstallShield Installation Information

[2009-03-31|16:43] C:\Program\Intel

[2009-12-10|09:35] C:\Program\Internet Explorer

[2009-11-03|17:14] C:\Program\iPod

[2009-11-03|17:14] C:\Program\iTunes

[2009-08-19|08:40] C:\Program\Java

[2009-03-31|13:45] C:\Program\K-Lite Codec Pack

[2009-03-31|16:47] C:\Program\Launch Manager

[2009-08-17|22:45] C:\Program\Logitech

[2009-12-05|22:28] C:\Program\Malwarebytes' Anti-Malware

[2009-03-31|09:22] C:\Program\Messenger

[2009-03-31|10:18] C:\Program\Microsoft

[2009-03-31|12:29] C:\Program\Microsoft Carioca Rummy

[2009-03-31|01:59] C:\Program\microsoft frontpage

[2009-03-31|15:13] C:\Program\Microsoft Office

[2009-03-31|15:13] C:\Program\Microsoft Visual Studio

[2009-03-31|15:11] C:\Program\Microsoft Visual Studio 8

[2009-10-12|08:43] C:\Program\Microsoft Works

[2009-03-31|15:13] C:\Program\Microsoft.NET

[2009-03-31|08:58] C:\Program\Movie Maker

[2009-03-31|15:14] C:\Program\MSBuild

[2009-03-31|01:54] C:\Program\MSN Gaming Zone

[2009-03-31|15:43] C:\Program\MSXML 4.0

[2009-04-26|20:49] C:\Program\Nero

[2009-03-31|08:57] C:\Program\NetMeeting

[2009-09-18|15:11] C:\Program\Network Print Monitor

[2009-03-31|14:58] C:\Program\Nitro PDF

[2009-04-01|19:41] C:\Program\Norstedts Juridik

[2009-03-31|18:40] C:\Program\Norton Ghost

[2009-03-31|01:54] C:\Program\Onlinetjänster

[2009-11-24|11:47] C:\Program\Opera

[2009-08-13|21:01] C:\Program\Outlook Express

[2009-10-27|10:39] C:\Program\Personal

[2009-06-10|18:40] C:\Program\Play65

[2009-03-31|20:45] C:\Program\PowerQuest

[2009-09-30|15:06] C:\Program\QuickTime

[2009-03-31|09:45] C:\Program\Reference Assemblies

[2009-04-14|16:50] C:\Program\ScanSoft

[2009-03-31|12:33] C:\Program\Siber Systems

[2009-11-02|10:14] C:\Program\Skype

[2009-12-05|23:43] C:\Program\Spybot - Search & Destroy

[2009-12-07|12:35] C:\Program\Spyware Doctor

[2009-03-31|18:42] C:\Program\Symantec

[2009-03-31|16:44] C:\Program\Synaptics

[2009-04-27|19:54] C:\Program\tools

[2009-12-07|13:29] C:\Program\Trend Micro

[2009-04-06|21:23] C:\Program\Trust

[2009-12-02|00:58] C:\Program\UltraISO

[2009-03-31|02:03] C:\Program\Uninstall Information

[2009-03-31|13:48] C:\Program\uTorrent

[2009-06-11|07:12] C:\Program\Windows Desktop Search

[2009-03-31|10:17] C:\Program\Windows Live

[2009-03-31|10:17] C:\Program\Windows Live SkyDrive

[2009-03-31|09:41] C:\Program\Windows Media Connect 2

[2009-03-31|09:41] C:\Program\Windows Media Player

[2009-03-31|08:57] C:\Program\Windows NT

[2009-03-31|01:54] C:\Program\WindowsUpdate

[2009-03-31|18:26] C:\Program\WinRAR

[2009-03-31|13:21] C:\Program\VS Revo Group

[2009-03-31|01:59] C:\Program\xerox

[0|fil(er)] C:\Program\byte

[80|katalog(er)] C:\Program\byte ledigt

 

--------------------\\ Listing Folders in C:\Program\Delade filer

 

[2009-10-16|15:34] C:\Program\Delade filer\Adobe

[2009-04-26|20:53] C:\Program\Delade filer\Ahead

[2009-11-03|17:14] C:\Program\Delade filer\Apple

[2009-03-31|14:58] C:\Program\Delade filer\BCL Technologies

[2009-05-09|14:42] C:\Program\Delade filer\Canon

[2009-03-31|15:13] C:\Program\Delade filer\DESIGNER

[2009-12-02|00:58] C:\Program\Delade filer\EZB Systems

[2009-08-17|22:44] C:\Program\Delade filer\InstallShield

[2009-03-31|01:58] C:\Program\Delade filer\Java

[2009-11-03|17:46] C:\Program\Delade filer\Microsoft Shared

[2009-03-31|01:54] C:\Program\Delade filer\MSSoap

[2009-03-31|14:58] C:\Program\Delade filer\Nitro PDF

[2009-04-01|19:37] C:\Program\Delade filer\NJAB Shared

[2009-03-31|03:37] C:\Program\Delade filer\ODBC

[2009-04-06|21:23] C:\Program\Delade filer\PAC7311

[2009-12-05|16:26] C:\Program\Delade filer\PC Tools

[2009-04-06|21:23] C:\Program\Delade filer\PXIINST

[2009-04-06|21:23] C:\Program\Delade filer\PXIINST64

[2009-08-17|22:46] C:\Program\Delade filer\Remote Control Software Common

[2009-08-17|22:45] C:\Program\Delade filer\Remote Control USB Driver

[2009-11-05|13:50] C:\Program\Delade filer\ScanSoft Shared

[2009-03-31|01:54] C:\Program\Delade filer\Services

[2009-03-31|03:37] C:\Program\Delade filer\SpeechEngines

[2009-03-31|18:42] C:\Program\Delade filer\Symantec Shared

[2009-10-12|08:41] C:\Program\Delade filer\System

[2009-03-31|10:14] C:\Program\Delade filer\Windows Live

[0|fil(er)] C:\Program\Delade filer\byte

[28|katalog(er)] C:\Program\Delade filer\byte ledigt

 

--------------------\\ Process

 

( 70 Processes )

 

... OK !

 

--------------------\\ Searching with S_Lop

 

No Lop folder found !

 

--------------------\\ Searching for Lop Files - Folders

 

No Lop folder found !

 

--------------------\\ Searching within the Registry

 

..... OK !

 

--------------------\\ Checking the Hosts file

 

Hosts file CLEAN

 

 

--------------------\\ Searching for hidden files with Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-12 23:58:18

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Searching for other infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\ADMINI~1\Lokala inställningar\Application Data\Innovative Solutions\Advanced Uninstaller PRO\Installation Logs\WinRAR 3.80keygen.INSTALL_LOG

C:\DOCUME~1\ADMINI~1\Lokala inställningar\Application Data\Opera\Opera\icons\http%3A%2F%2F4.bp.blogspot.com%2F_-okOlfNLgys%2FSd6XrdQOo9I%2FAAAAAAAAAEc%2FcQkvgMBgWgM%2Fs320%2Fcrackulous2.png

C:\DOCUME~1\ADMINI~1\Mina dokument\OneSwarm Downloads\TROJAN REMOVER v6.7.6 + Crack REZMAN1984.7z

 

 

[F:5][D:0]-> C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp

[F:3][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies

[F:2][D:0]-> C:\DOCUME~1\ADMINI~1\LOKALA~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 2009-12-12|17:20 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 2009-12-13| 0:00 - Option : [2]

 

--------------------\\ Scan completed at 0:00:24

[/log]

 

[Malou_031]

Hej Palle58!

 

Har ännu inte avisntallerat andra skyddprogram än de du nämnde.

Vore bra om du avinstallerade övriga antivirusprogram. Risken är att de krockar med varandra och ställer till oreda och det är inte bra.

Behåll AVG9 som jag tidigare nämnde här i tråden under förutsättning att du trivs med detta skyddsprogram.

 

Nedanstående program bör du avinstallera. Detta görs via kontrollpanelen lägg till ta bort.

C:\DOCUME~1\ADMINI~1\Lokala inställningar\Application Data\Innovative Solutions\Advanced Uninstaller PRO\Installation Logs\WinRAR 3.80keygen.INSTALL_LOG

C:\DOCUME~1\ADMINI~1\Lokala inställningar\Application Data\Opera\Opera\icons\http%3A%2F%2F4.bp.blogspot.com%2F_-ok

OlfNLgys%2FSd6XrdQOo9I%2FAAAAAAAAAEc%2FcQkvgMBgWgM%2Fs320%2F

crackulous2.png

C:\DOCUME~1\ADMINI~1\Mina dokument\OneSwarm Downloads\TROJAN REMOVER v6.7.6 + Crack REZMAN1984.7z

 

Då ovanstående är gjort gör en fil och registerstädning med hjälp av CCleaner.

http://www.saswsupport.se/?page_id=142'>http://www.saswsupport.se/?page_id=142

 

Gör nu en ny scanning med Combofix enligt tidigare instruktion/procedur här i tråden (uppdatera den först om nödvändigt).

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

//Malou

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Palle58]

Ok Malou! Hur ser detta ut?

 

[log]ComboFix 09-12-11.05 - Administratör 2009-12-13 1:14.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2550.1628 [GMT 1:00]

Körs från: c:\documents and settings\Administratör\Skrivbord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

(((((((((((((((((((((((( Filer Skapade från 2009-11-13 till 2009-12-13 ))))))))))))))))))))))))))))))

.

 

2009-12-12 16:16 . 2009-12-12 23:00 -------- d-----w- C:\Lop SD

2009-12-07 13:03 . 2009-12-08 13:08 -------- d-----w- C:\$AVG

2009-12-07 13:02 . 2009-12-07 13:02 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-07 13:02 . 2009-12-07 13:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-12-07 13:02 . 2009-12-07 13:02 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-12-07 13:02 . 2009-12-07 13:02 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-12-07 13:02 . 2009-12-12 10:10 -------- d-----w- c:\windows\system32\drivers\Avg

2009-12-07 12:29 . 2009-12-07 12:29 -------- d-----w- c:\program\Trend Micro

2009-12-07 11:17 . 2009-12-07 11:17 -------- d-----w- c:\program\CCleaner

2009-12-07 06:32 . 2009-12-07 06:33 6853096 ----a-w- C:\SpyHunter-Compact-OS.exe

2009-12-07 06:32 . 2009-12-12 18:20 -------- d-----w- c:\program\Enigma Software Group

2009-12-07 05:51 . 2009-12-07 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2009-12-05 22:32 . 2009-12-05 22:43 -------- d-----w- c:\program\Spybot - Search & Destroy

2009-12-05 22:30 . 2009-12-06 00:08 -------- d-----w- C:\98b0e4f205625caf97

2009-12-05 21:26 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-05 21:26 . 2009-12-05 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-05 21:26 . 2009-12-05 21:28 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2009-12-05 21:26 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-05 17:37 . 2009-12-05 17:37 -------- d-----w- C:\9ddc422aa2c177ba3fe9d42a5225

2009-12-05 15:28 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll

2009-12-05 15:28 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll

2009-12-05 15:28 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip

2009-12-05 15:28 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll

2009-12-05 15:28 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll

2009-12-05 15:28 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip

2009-12-05 15:27 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-12-05 15:27 . 2009-12-05 17:25 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-12-05 15:27 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-12-05 15:26 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-12-05 15:26 . 2009-12-07 11:35 -------- d-----w- c:\program\Spyware Doctor

2009-12-05 15:26 . 2009-12-05 15:26 -------- d-----w- c:\program\Delade filer\PC Tools

2009-12-05 15:26 . 2009-12-05 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-12-05 15:26 . 2009-12-12 23:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-05 12:11 . 2009-12-05 12:11 -------- d-----w- C:\PROGRAM FILES

2009-12-05 10:27 . 2009-12-05 10:27 -------- d-----w- C:\8b534499378094c07b312fcf

2009-12-05 08:13 . 2009-12-05 08:13 -------- d--h--w- c:\windows\PIF

2009-12-04 21:40 . 2009-12-04 21:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-12-01 23:58 . 2009-12-01 23:58 -------- d-----w- c:\program\Delade filer\EZB Systems

2009-12-01 23:58 . 2009-12-01 23:58 -------- d-----w- c:\program\UltraISO

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-12 10:31 . 2009-03-31 09:30 93064 ----a-w- c:\windows\system32\perfc01D.dat

2009-12-12 10:31 . 2009-03-31 09:30 466468 ----a-w- c:\windows\system32\perfh01D.dat

2009-12-10 08:06 . 2009-03-31 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-12-07 13:02 . 2009-11-03 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-12-07 11:18 . 2009-03-31 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-08 13:03 . 2009-04-14 15:54 -------- d-----w- c:\program\Canon

2009-11-05 12:50 . 2009-04-14 15:50 -------- d-----w- c:\program\Delade filer\ScanSoft Shared

2009-11-05 12:49 . 2009-04-14 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanWizard

2009-11-05 12:49 . 2009-04-14 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanAppDataDir

2009-11-03 16:47 . 2009-03-31 05:56 -------- d-----w- c:\program\AVG

2009-11-03 16:14 . 2009-11-03 16:14 -------- d-----w- c:\program\iTunes

2009-11-03 16:14 . 2009-11-03 16:14 -------- d-----w- c:\program\iPod

2009-11-03 16:14 . 2009-09-30 14:05 -------- d-----w- c:\program\Delade filer\Apple

2009-11-03 16:08 . 2009-11-03 16:08 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-02 16:25 . 2009-03-31 15:44 -------- d--h--w- c:\program\InstallShield Installation Information

2009-11-02 09:14 . 2009-03-31 12:42 -------- d-----r- c:\program\Skype

2009-11-02 09:14 . 2009-03-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-10-30 11:28 . 2009-10-30 11:27 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-10-29 07:44 . 2009-03-31 09:30 916480 ------w- c:\windows\system32\wininet.dll

2009-10-27 09:39 . 2009-10-27 09:39 -------- d-----w- c:\program\Personal

2009-10-21 05:40 . 2009-03-31 09:30 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:40 . 2009-03-31 09:30 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-16 15:25 . 2009-10-16 15:25 -------- d-----w- c:\program\ESET

2009-10-16 14:34 . 2009-03-31 11:12 -------- d-----w- c:\program\Delade filer\Adobe

2009-10-13 10:38 . 2009-03-31 09:30 270848 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:40 . 2009-03-31 09:30 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:40 . 2009-03-31 09:30 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-03 10:31 . 2009-10-03 10:31 51780 ---ha-w- c:\windows\system32\mlfcache.dat

2007-04-11 11:12 . 2009-04-27 18:54 2279464 ----a-w- c:\program\PcSetup.exe

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Tracks Eraser Pro"="c:\program\Acesoft\Tracks Eraser Pro\te.exe" [2009-07-23 1437504]

"Skype"="c:\program\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"SpybotSD TeaTimer"="c:\program\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"RoboForm"="c:\program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-10-26 160592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-08-19 149280]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"DefragTaskBar"="c:\program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]

"Nitro PDF Printer Monitor"="c:\program\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-03-26 210208]

"GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"LaunchAp"="c:\program\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"HotkeyApp"="c:\program\Launch Manager\HotkeyApp.exe" [2006-04-19 65536]

"Wbutton"="c:\program\Launch Manager\Wbutton.exe" [2006-05-04 86016]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 761946]

"Norton Ghost 14.0"="c:\program\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]

"Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]

"OpwareSE2"="c:\program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"NeroFilterCheck"="c:\program\Delade filer\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartWindows Search.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-12-07 13:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program\\Norstedts Juridik\\Tax2009\\Skatt09.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Program\\Delade filer\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-05 207280]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-07 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-07 360584]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2009-12-07 285392]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program\Spyware Doctor\BDT\BDTUpdateService.exe [2009-12-05 112592]

R2 CachemanXPService;CachemanXP;c:\program\CACHEM~1\CachemanXP.exe [2009-03-31 244224]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-03-31 5120]

R3 SymSnapService;SymSnapService;c:\program\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1562096]

S1 mailKmd;mailKmd; [x]

S2 biuuygsia4o;Ati External Event Utility;c:\documents and settings\Administratör\Application Data\Microsoft\fooquofou.exe --> c:\documents and settings\Administratör\Application Data\Microsoft\fooquofou.exe [?]

S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program\Delade filer\BCL Technologies\NitroPDF5\bepldr.exe [2008-02-11 151552]

S3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [2006-11-08 530304]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program\Spyware Doctor\pctsAuxs.exe [2009-12-05 359624]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.passagen.se/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Anpassa meny - file://c:\program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xportera till Microsoft Excel - c:\program\MICROS~4\Office12\EXCEL.EXE/3000

IE: Fyll i formulär - file://c:\program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RF verktygsfält - file://c:\program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Spara formulär - file://c:\program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-13 01:18

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-1957994488-1935655697-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,58,0e,9f,a4,46,18,49,95,28,14,"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,ed,93,fa,5f,6d,8d,40,95,92,c2,.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(676)

c:\windows\system32\igfxdev.dll

 

- - - - - - - > 'explorer.exe'(4736)

c:\program\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\program\Windows Desktop Search\deskbar.dll

c:\program\Windows Desktop Search\sv-se\dbres.dll.mui

c:\program\Windows Desktop Search\dbres.dll

c:\program\Windows Desktop Search\wordwheel.dll

c:\program\Windows Desktop Search\sv-se\msnlExtRes.dll.mui

c:\program\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Sluttid: 2009-12-13 01:21:25

ComboFix-quarantined-files.txt 2009-12-13 00:21

ComboFix2.txt 2009-12-12 10:45

 

Före genomsökningen: 98 688 180 224 byte ledigt

Efter genomsökningen: 98 650 480 640 byte ledigt

 

- - End Of File - - 6EEBD79BDA0745FA568390877D7B6E90

[/log]

 

//Pär

 

[Malou_031]

Hej Palle58!

 

Då var jag tillbaka i etern igen!

 

Nu ser Combologgan betydligt bättre ut. Men där finns en del filer som verkar märkliga och som bör scannas.

Hur har det gått med eventualla avinstallationer som vi tidigare har nämnt för dig?

Hur mår datorn?

 

Gör en scanning med nedanstående scanner så får vi se vad den säger för något.

 

Gå till nedanstående sida (Fungerar bäst med Webbläsaren Internet Explorer):

http://www.virustotal.com/

 

1: Kopiera/Klistra in ett av följande filnamn i text-fältet bredvid Bläddra-knappen

(ELLER använd Bläddra-knappen och navigera dig fram enligt nedanstående sökväg/sökvägar)

 

C:\98b0e4f205625caf97

C:\9ddc422aa2c177ba3fe9d42a5225

C:\8b534499378094c07b312fcf

c:\windows\system32\d3d9caps.dat

c:\windows\system32\strmfilt.dll

c:\windows\system32\httpapi.dll

c:\windows\system32\drivers\http.sys

c:\windows\system32\oakley.dll

c:\windows\system32\raschap.dll

c:\windows\system32\rastls.dll

c:\windows\system32\mlfcache.dat

 

2: Klicka på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd).

3: Klistra in resultatet från de olika antivirusprogrammen (inkl. filstorlek) här till din tråd (dock ej Övrig information)

 

Upprepa med nästa filnamn

 

//Malou

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Palle58]

Hej Malou! Hoppas att jag gjort rätt, tack för all hjälp. //Pär

 

C:\98b0e4f205625caf97 Är en tom folder - Tagit bort

En folder med tre filer,

1

analisis/3c418a401cbe09f64ede6e598c5ca36717830446147c8ef6327168edc7b1cb0c-1260610407

2

Bigger than max permited size

3

analisis/f3aa2fd56a9d3aaa3d36ed0593b573ac34d2716899335b21c12468de2ba67876-1260313691

 

Nästa är en folder med tre filer samma som föregående, tror att det är från Microsoft borttagningav skadlig programvara.

 

http://www.virustotal.com/sv/analisis/a9696dcbc2bef81a08d6b1a798091d2b1a49654218d3ebdb12f9b255cbb1476f-1173202433

 

http://www.virustotal.com/sv/analisis/98560a757aa622634007291c34225a879f941a50de817d67316c1d8a35886e03-1260299905

 

http://www.virustotal.com/sv/analisis/3760796d1b3570592cbd75c62aa6567d419d238f857b49e2276d309594f906f4-1260300064

 

http://www.virustotal.com/sv/analisis/524d9e9201572929522f6805011783711b7c0f76308b924c89cf75f4b7a1fdf3-1260730360

 

http://www.virustotal.com/sv/analisis/5e5d71de8e40bc12dc5f3e2bda047027a1ccbc510f30b8692670b88441ed6635-1260302921

 

http://www.virustotal.com/sv/analisis/be11bd5ff38ba94c414edb80f8448536577417b3a487fe78cf3e571cba35bf35-1260299773

 

http://www.virustotal.com/sv/analisis/ca0ab21b56236824eb5e5bbf30e484b2eeb0518cd6cfe77c666d6ea0005c5b33-1260304618

 

http://www.virustotal.com/sv/analisis/6da11ac9e93a3a9e60cc8e6a3ac2adccbc0c1568928b13d3edf1e68884cda53a-1260742425

 

[Malou_031]

Hej Palle58!

 

Varsegod och tack själv för att vi får hjälpa

 

Hoppas att jag gjort rätt

Jadå du har gjort alldeles rätt.

Scanningsresultaten ser bra ut.

 

Nu skall vi städa bort en del verktyg som vi använt oss av bla ComboFix så gör nedanstående procedur.

[log]Skriv ut eller kopiera nedanstående till ett textdokument och spara det till skrivbordet:

Läs/Följ Instruktionerna noga:

 

Nedanstående verktyg har förmågan att kunna ta bort/deleta filer/mappar/genvägar från de fix-program som vi har använt oss av (Dock ej TM HJT, ATF-cleaner och DDS.scr).

 

Hämta hem avinstallationsprogrammet OTC by OldTimer:

 

http://oldtimer.geekstogo.com/OTC.exe

 

1: Spara ner den till skrivbordet

2: Starta programmet/verktyget genom att dubbelklicka på OTCleanIt.exe

(För Vista => Högerklicka på verktyget och välj => Kör som Admin)

3: Klicka på CleanUp! knappen.

4: Om du får varningar från dina skyddsprogram så ge OTCleanIt tillåtelse att få tillgång till Internet.

5: De olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn.[/log]

 

Då du gjort ovanstående:

 

[log]1:Uppdatera Malwarebytes' Anti-Malware

2: Starta programmet => välj Utför snabb scanning

3:Klicka på knappen Scanna

4: Scanningen kommer nu att ta en stund

5: När programmet scannat klart klicka Ok och sedan Visa resultat

6: Bocka för allt och klicka på Remove Selected

7:Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.

8: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.

9: Berätta/Tala om hur datorn mår och om där kvarstår problem[/log]

 

I ditt svar bifogar du de båda loggarna på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen nappen i Besvara-fönstret

Upprepa med nästa logg.

 

//Malou

 

 

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Palle58]

Hej Här Kommer svaren.

 

Har inte sett några symtom på problem på ett tag nu.

 

[log]Malwarebytes' Anti-Malware 1.42

Databasversion: 3356

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2009-12-14 00:40:54

mbam-log-2009-12-14 (00-40-54).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 109799

Förfluten tid: 7 minute(s), 6 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:42:43, on 2009-12-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG9\avgchsvx.exe

C:\Program\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe

C:\Program\AVG\AVG9\avgnsx.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\CACHEM~1\CachemanXP.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe

C:\Program\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Launch Manager\LaunchAp.exe

C:\Program\Launch Manager\HotkeyApp.exe

C:\Program\Launch Manager\Wbutton.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\Norton Ghost\Agent\VProTray.exe

C:\WINDOWS\PixArt\PAC7311\Monitor.exe

C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\Program\Acesoft\Tracks Eraser Pro\te.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program\Norton Ghost\Shared\Drivers\SymSnapService.exe

C:\Program\Launch Manager\WLBTTray.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Skype\Toolbars\Shared\SkypeNames.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passagen.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"

O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\Program\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [CtrlVol] C:\Program\Launch Manager\CtrlVol.exe

O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program\Acesoft\Tracks Eraser Pro\te.exe min

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Anpassa meny - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fyll i formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RF verktygsfält - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Spara formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Spara formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF verktygsfält - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238485794071

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238490013640

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =

O17 - HKLM\Software\..\Telephony: DomainName =

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG9\avgwdsvc.exe

O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program\Delade filer\BCL Technologies\NitroPDF5\bepldr.exe

O23 - Service: Ati External Event Utility (biuuygsia4o) - Unknown owner - C:\Documents and Settings\Administratör\Application Data\Microsoft\fooquofou.exe (file missing)

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\Program\CACHEM~1\CachemanXP.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe (file missing)

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program\Norton Ghost\Agent\VProSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

O23 - Service: SymSnapService - Symantec - C:\Program\Norton Ghost\Shared\Drivers\SymSnapService.exe

 

 

End of file - 13808 bytes[/log]

 

Lagt till LOG-taggar för den andra loggen.

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2009-12-14 00:46:11 av Cecilia]

[Malou_031]

Hej Palle58!

 

Har inte sett några symtom på problem på ett tag nu.

Det var härligt att höra

 

MBAM loggan är ren och fin. Mycket bra.

Din TM HJT-logga finns några detaljer som jag är lite undrande över.

 

Vet du vad det här nedanstående är/har varit för något?

O23 - Service: Ati External Event Utility (biuuygsia4o) - Unknown owner - C:\Documents and Settings\Administratör\Application Data\Microsoft\fooquofou.exe (file missing)

 

Den här nedanstående LiveUpdate.

Tillhör den Norton Ghost - Symantec Corporation eller är den en rest från tidigare skyddsprogram från Symantec?

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

 

//Malou

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Palle58]

Hej Malou, Ledsen men jag har ingen aning om vad detta är.

 

Sorry!

 

 

[Malou_031]

Hej Palle58!

Ledsen men jag har ingen aning om vad detta är.

Sorry!

Ok ja då blir det inte lätt.

 

Ati External Event Utility har uppenbarligen någonting med ATI grafikkort/grafikdrivrutiner att göra.

Kan det stämma tror du?

 

Gällande LiveUpdate - Symantec Corporation så gör nedanstående procedur:

 

[log]Skriv ut nedanstående eller kopiera det till något textdokument och spara det till skrivbordet:

Läs/Följ instruktionerna mycket noga:

 

Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger):

 

Gå till Start => Kör => Skriv i Kör fältet services.msc => Klicka Ok-knappen

 

Leta efter service med namnet

 

LiveUpdate - Symantec Corporation

 

1: Dubbelklicka på den och sen Stoppa den

(Om inte Stoppa-knappen fungerar gå vidare med steg 2: Inaktiverad)

2: Sen ändra Startmetod till Inaktiverad

3:] Klicka Verkställ och sen Ok

Stäng fönstret sen.

 

1: Öppna TM HJT

(För Vista => Högerklicka på verktyget och välj => Kör som Admin)

2: klicka på Do a system scan only-knappen => Bocka för nedanstående detaljer

3: Stäng ner Webbläsaren => klicka på Fix Checked-knappen:

 

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

 

Vidare:

Fortfarande felsäkert läge:

 

Visa dolda filer och mappar Windows XP och Windows Vista:

 

Windows XP-Användare:

1: Högerklicka på Start-knappen

2:Välj Utforska

3: I verktygsfältet klicka på => Verktyg => Mappalternativ

4: Välj fliken => Visning sätt en bock i => Visa dolda filer och mappar

5: Avbocka Dölj filnamnstillägg för kända filtyper

6: Avbocka Dölj skyddade operativsystemfiler

 

Sök/Leta reda på:

Navigera dig fram enligt nedanstående sökväg och deleta mappen (Om den hittas)

 

C:\Program\Symantec<=Deleta hela mappen Symantec

 

Vidare:

Fortfarande felsäkert läge:

 

Gå till Start => Kör => Skriv sen i Kör fältet cleanmgr => Klicka Ok-knappen

Bocka i de här nedanstående och putsa bort dom

 

Recycle Bin = Papperskorgen

Temporary Files = Temporära Filer

Temporary Internet Files = Temporära "Tillfälliga" Internetfiler

 

Nu:

Starta om datorn till normalläge igen:

 

Gör en ny scanning med Malwarebytes' Anti-Malware (Uppdatera programmet):

1: Kopiera in loggan du får fram från Malwarebytes'

2: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur det ser ut.

(För Vista => Högerklicka på verktyget och välj => Kör som Admin)

3: Berätta/Tala om hur datorn mår och om där kvarstår problem.[/log]

 

I ditt svar bifogar du de båda loggarna på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen nappen i Besvara-fönstret

Upprepa med nästa logg.

 

Lycka till

//Malou

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Palle58]

Hej Malou!

 

här är jag igen, Ja jag tror att ATI har med grafiken och göra,

 

Jag följer dina instruktioner och har inaktiverat LiveUpdate filen.

Däremot så kan jag inte hitta den i HJ och datorn stänger av när jag kör i felsäkert läge, vad tyder detta på? Jag har altså inte kommit Längre.

 

Mvh Palle58

 

[Malou_031]

Hej Palle58 !

 

Där är du igen *ler*

 

Ja jag tror att ATI har med grafiken och göra

Det stämmer så långt. Bara det att denna ligger i fel mapp samt att filen ser ut att vara en elaking (faikad fil som utger sig för att tillhöra ATI grafikkortet). Så jag tycker att vi skall åtgärda den och inte heller helt omöjligt att det är den som ställer till det för dig gällande problemen i felsäkert läge där datorn stänger av sig.

 

Helt ok däremot om du inte hittar den i TM HJT (bara bra).

 

Skall skriva en ny procedur till dig ang den faikade ATI filen. Återkommer så snart jag är klar så håll ut så länge.

 

//Malou

 

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/