Just nu i M3-nätverket
Jump to content

Spärrar antivirus sidor & update


Ljuset

Recommended Posts

Hjälper en kollega som installerat falskt antivirusprogram. Har nu scannat med Avira. Fått bort mycket skräp.

Men några problem kvar.

Kommer inte in på ativirussidor.

Ej heller MS update

 

Får även upp en ruta då och då - Skriv in orden för att bekräfta XP? Annars stängs datorn av efter 3 min.

post-63518-1271529977,99_thumb.jpg

 

 

Någon som ser något skadligt i loggen nedan?

 

[log]aLogfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 20:24:23, on 2010-04-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

C:\Program Files\SEKO\Startlist.exe

C:\Program Files\Citrix\ICA Client\PNAMain.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://klubb.seko.se/~k20102/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Program Neighborhood Agent.lnk = ?

O4 - Global Startup: SEKO Startlist.lnk = C:\Program Files\SEKO\Startlist.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 10153 bytes

[/log]

Link to comment
Share on other sites

Vad hette det falska antivirusprogrammet? Med ett namn så blir det lättare att veta vad som behöver göras för att få datorn helt ren.

Om du kan få fram en logg från Antivir med vad den har hittat, vilka filer och i vilka mappar som filerna låg, så är det också väldigt bra information.

 

DDS visar mer än HijackThis om du kan ladda ner det. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites

Minns ej namnet på programmet.. Men när jag tänker efter så kan det varit webbsida som bluffade.

 

Kommer tyvär inte in på DDS hemsidan heller. (Update: Klappträ! Ska ju ladda ner den från annan dator. Återkommer)

 

Logg från Avira's 2 första körningar

[log]The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions> was removed successfully.

The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun> was removed successfully.

C:\WINDOWS\bill107.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The registration entry <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray> was removed successfully.

[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003

[WARNING] The file could not be deleted!

[NOTE] Attempting to perform action using the ARK library.

[WARNING] The file could not be copied to quarantine!

[WARNING] Error in ARK library

 

 

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\RHMTU6X3\v2newblogger[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\RHMTU6X3\v2newblogger[1].exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

--> Object

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '4e749884.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\RHMTU6X3\v2captcha21[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\RHMTU6X3\v2captcha21[1].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '56fcb723.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\J43ITV80\tor[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\J43ITV80\tor[1].exe

[DETECTION] Is the TR/Downloader.Gen Trojan

--> Object

[DETECTION] Is the TR/Downloader.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '04b0ee08.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\J43ITV80\v2captcha21[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\J43ITV80\v2captcha21[1].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '6294a209.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\J43ITV80\v2bloggerjs[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\J43ITV80\v2bloggerjs[1].exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

--> Object

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '27138f37.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F14O6COQ\v2newblogger[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F14O6COQ\v2newblogger[1].exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

--> Object

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '5814bd56.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F14O6COQ\v2captcha21[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F14O6COQ\v2captcha21[1].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '14b3911c.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F14O6COQ\v2newblogger[2].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F14O6COQ\v2newblogger[2].exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

--> Object

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '68b4d14c.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F14O6COQ\v2captcha21[3].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F14O6COQ\v2captcha21[3].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '45f1fe06.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F14O6COQ\v2captcha21[2].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F14O6COQ\v2captcha21[2].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '5c99c59c.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F1AURSFR\v2captcha21[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F1AURSFR\v2captcha21[1].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '30c5e9ac.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F1AURSFR\v2bloggerjs[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F1AURSFR\v2bloggerjs[1].exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

--> Object

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '417fd039.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F1AURSFR\loader[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F1AURSFR\loader[1].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '4f64e33b.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F1AURSFR\v2captcha21[3].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\F1AURSFR\v2captcha21[3].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '0a4f99bc.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\AJ2BF5GR\v2captcha21[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\AJ2BF5GR\v2captcha21[1].exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.fvz worm

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the WORM/Koobface.fvz worm

[NOTE] The file was moved to the quarantine directory under the name '03449d17.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\AJ2BF5GR\v2captcha21[2].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\AJ2BF5GR\v2captcha21[2].exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.fvz worm

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the WORM/Koobface.fvz worm

[NOTE] The file was moved to the quarantine directory under the name '5b05847e.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\AJ2BF5GR\v2bloggerjs[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\AJ2BF5GR\v2bloggerjs[1].exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

--> Object

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '77f2fdb2.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\AJ2BF5GR\v2captcha21[3].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\AJ2BF5GR\v2captcha21[3].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '490f9d68.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\AJ2BF5GR\v2captcha21[4].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\AJ2BF5GR\v2captcha21[4].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '2a01b61b.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\7CFWG819\v2captcha21[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\7CFWG819\v2captcha21[1].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '0cc9f606.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\2CFVPN3R\setup[1].exe'

C:\Documents and Settings\Klubben\Local Settings\Temporary Internet Files\Content.IE5\2CFVPN3R\setup[1].exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '3e4c8e50.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271334365.exe'

C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271334365.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '340ba52f.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271336050.exe'

C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271336050.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '0b58c16b.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271338859.exe'

C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271338859.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '7574cd4c.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271341315.exe'

C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271341315.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

--> Object

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '200cc987.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271341321.exe'

C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271341321.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '2d9ab8af.qua'.

Begin scan in 'C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271341867.exe'

C:\Documents and Settings\Klubben\Local Settings\Application Data\rdr_1271341867.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '31c7aca6.qua'.

[/log]

Link to comment
Share on other sites

[log]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2007-03-20 19:59:40

System Uptime: 2010-04-17 16:00:48 (5 hours ago)

 

Motherboard: ASUSTeK Computer Inc. | | F5R

Processor: Intel® Celeron® M CPU 440 @ 1.86GHz | Socket 478 | 1862/133mhz

 

==== Disk Partitions =========================

 

C: is FIXED (FAT32) - 54 GiB total, 32,917 GiB free.

D: is FIXED (FAT32) - 36 GiB total, 35,34 GiB free.

E: is CDROM ()

F: is Removable

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP205: 2010-01-27 12:11:49 - Systemkontrollpunkt

RP206: 2010-01-27 13:08:53 - Installed Sonic CinePlayer DVD Pack

RP207: 2010-01-27 13:17:13 - Removed Sonic CinePlayer DVD Pack

RP208: 2010-01-27 13:18:06 - Installed Sonic CinePlayer DVD Pack

RP209: 2010-02-03 23:02:22 - Systemkontrollpunkt

RP210: 2010-02-04 03:00:16 - Software Distribution Service 3.0

RP211: 2010-02-05 03:21:45 - Systemkontrollpunkt

RP212: 2010-03-10 17:12:09 - Software Distribution Service 3.0

RP213: 2010-03-16 12:29:21 - Systemkontrollpunkt

RP214: 2010-03-16 15:15:24 - Software Distribution Service 3.0

RP215: 2010-03-24 08:39:42 - Software Distribution Service 3.0

RP216: 2010-04-03 10:38:22 - Systemkontrollpunkt

RP217: 2010-04-04 11:25:26 - Systemkontrollpunkt

RP218: 2010-04-05 03:00:18 - Software Distribution Service 3.0

RP219: 2010-04-06 19:42:06 - Systemkontrollpunkt

RP220: 2010-04-12 16:54:28 - Återställningsåtgärd

RP221: 2010-04-15 16:58:32 - Systemkontrollpunkt

RP222: 2010-04-15 17:30:59 - Installed HiJackThis

RP223: 2010-04-15 19:33:36 - Java 6 Update 20 installerades

RP224: 2010-04-16 20:29:35 - Systemkontrollpunkt

 

==== Installed Programs ======================

 

Ad-Aware

Ad-Aware Email Scanner for Outlook

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.1.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Live Update

Asus MultiFrame

ASUS Splendid Video Enhancement Technology

ASUS Touch Pad Extra

Asus_Camera_ScreenSaver

ATI - Hjälp för avinstallation av program

ATI Catalyst Control Center

ATI Display Driver

ATI Parental Control & Encoder

ATK Media

ATK0100 ACPI UTILITY

Attansic Giga Ethernet Utility

Avira AntiVir Personal - Free Antivirus

Bonjour

Cardio PC Link v1.1.1se

Citrix Presentation Server Client

GearDrvs

Google Earth

Google Toolbar for Internet Explorer

High Definition Audio Driver Package - KB888111

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

iDump (Backing up your iPod)

iPhone Configuration Utility

iTunes

Java Auto Updater

Java 6 Update 20

Löne Lots (remove only)

LifeFrame2

LiveUpdate 3.2 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

Localization Pack for Microsoft Windows XP Media Center Edition

Malwarebytes' Anti-Malware

Media Player Classic - Home Cinema v. 1.3.1249.0

MetaFrame Presentation Server Web Client for Win32

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 1.1 Swedish Language Pack

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (Swedish) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (Swedish) 2007

Microsoft Office PowerPoint MUI (Swedish) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (Swedish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Swedish) 2007

Microsoft Office Word MUI (Swedish) 2007

Microsoft Software Update for Web Folders (Swedish) 12

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Motorola SM56 Speakerphone Modem

Mozilla Firefox (3.6.3)

Net4Switch

Norton 360

OpenOffice.org Installer 1.0

PL-2303 USB-to-Serial

Power4 Gear

PowerForPhone

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB978380)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978706)

SEKO Filer 11.0

SEKO Startlist 1.0

Simplify Printing Client v3

Sonic CinePlayer DVD Pack

Symantec KB-DocID:2003093015493306

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

USB2.0 1.3M WebCam

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format Runtime

Windows XP Media Center Edition 2005 KB888316

Windows XP Media Center Edition 2005 KB890629

Windows XP Media Center Edition 2005 KB890760

Windows XP Media Center Edition 2005 KB895198

Windows XP Media Center Edition 2005 KB895678

Windows XP Media Center Edition 2005 KB911061

Windows XP Media Center Edition 2005 KB919803

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinFlash

Wireless Console 2

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

 

==== End Of File ===========================

[/log]

 

[log]

DDS (Ver_10-03-17.01) - FAT32x86

Run by Klubben at 21:24:14,25 on 2010-04-17

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.895.196 [GMT 2:00]

 

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

SVCHOST.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

C:\Program Files\SEKO\Startlist.exe

C:\Program Files\Citrix\ICA Client\PNAMain.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe -k captcha

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k WinError

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

SVCHOST.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

c:\program files\avira\antivir desktop\avcenter.exe

C:\WINDOWS\system32\notepad.exe

F:\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://klubb.seko.se/~k20102/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9

uRun: [Net4Switch] c:\program files\asus\net4switch\Net4Switch.exe

mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE

mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe

mRun: [sMSERIAL] c:\windows\sm56hlpr.exe

mRun: [skyTel] SkyTel.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [PowerForPhone] c:\program files\asus\powerforphone\PowerForPhone.exe

mRun: [HControl] c:\windows\atk0100\HControl.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Alcmtr] ALCMTR.EXE

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\windows\installer\{42accb45-3363-47e0-94e9-f0074cc8bc56}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sekost~1.lnk - c:\program files\seko\Startlist.exe

uPolicies-explorer: HideClock = 0 (0x0)

dPolicies-explorer: HideClock = 0 (0x0)

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab

Notify: AtiExtEvent - Ati2evxx.dll

LSA: Authentication Packages = msv1_0 nwprovau

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\klubben\applic~1\mozilla\firefox\profiles\b2cjy4a4.default\

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-15 64288]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-15 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-15 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-15 267432]

R2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;c:\program files\symantec\liveupdate\AluSchedulerSvc.exe [2007-3-20 554352]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-15 60936]

R2 captcha;captcha;c:\windows\system32\svchost.exe -k captcha [2006-9-18 14336]

R2 i600oko;Target Inproc NLA Update Microsoft DeskBarApp port The;c:\windows\system32\svchost.exe -k WinError [2006-9-18 14336]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-20 1251720]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-17 38224]

R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2007-3-20 1116544]

R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2007-3-20 7808]

RUnknown dac6oko;dac6oko; [x]

S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2007-3-20 34944]

 

=============== Created Last 30 ================

 

2010-04-17 18:58:54 0 d-----w- c:\docume~1\klubben\applic~1\Malwarebytes

2010-04-17 18:58:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-17 18:58:42 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-17 18:58:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-17 18:58:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-04-15 20:35:27 0 d-----w- c:\docume~1\alluse~1\applic~1\CA

2010-04-15 17:34:07 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-04-15 17:34:07 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-15 16:16:20 0 d-----w- c:\docume~1\klubben\applic~1\Avira

2010-04-15 15:31:00 0 d-----w- c:\program files\TrendMicro

2010-04-15 14:36:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-04-15 14:36:53 0 d-----w- c:\program files\Avira

2010-04-15 14:36:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-04-15 14:08:41 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-04-15 13:37:52 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-04-15 13:36:35 0 d--h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-04-15 13:36:18 0 d-----w- c:\program files\Lavasoft

2010-04-15 12:57:31 7813 ----a-w- c:\windows\fs1235.dat

2010-04-12 14:54:55 0 d-----w- c:\windows\system32\wbem\Repository

2010-04-10 16:59:08 0 d-sh--w- C:\FOUND.002

2010-04-10 16:38:06 0 d-----w- c:\docume~1\klubben\applic~1\CComponents

2010-04-08 17:23:15 38 ----a-w- c:\windows\bk20856.dat

2010-04-06 07:19:09 1 ----a-w- c:\windows\lgo

2010-04-06 06:14:32 1 ---h--w- c:\windows\bk23567.dat

2010-04-06 06:14:32 1 ----a-w- c:\windows\fdgg34353edfgdfdf

2010-03-23 06:24:45 293376 ------w- c:\windows\system32\browserchoice.exe

 

==================== Find3M ====================

 

2010-04-17 18:06:48 106496 ----a-w- c:\windows\system32\camoko.dll

2010-02-25 09:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-24 09:54:26 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 12:10:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101620081017\index.dat

 

============= FINISH: 21:25:31,39 ===============

[/log]

Link to comment
Share on other sites

Efter att installerat och kört "Malwarebytes Anti-Mailware" å verkar det löst sig. Kommer nu åt ativirus sidor och kan uppdatera Avira :thumbsup:

Link to comment
Share on other sites

Ja, MBAM brukar vara bra på denna sorts skadliga program. Om du vill så kan jag kolla att de skadliga filer som syns i DDS-loggen är borta ur en ny DDS-logg.

 

Om det inte längre ska finnas några Symantec/Norton-program i datorn så avinstallera

LiveUpdate 3.2 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

samt kör det särskilda städprogrammet som behövs efter en avinstallation av Norton 360:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2007080716174339?Open&docid=2005033108162039&nsf=tsgeninfo.nsf&view=docid Step 3

 

Det finns två sätt för denna typ av skadliga program att komma in i datorn, antingen att man trycker på den falska webbsida som visar att datorn är infekterad så man ger tillåtelse för det att installeras eller att det finns något känt säkerhetshål i datorn, t ex i form av en gammal version av Flash eller Adobe Reader. Kolla om det finns kända säkerhetshål i sådana program genom att låta Secunias Software Inspector kolla upp datorn.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...