Just nu i M3-nätverket
Jump to content

coobfacevirus


jejo07

Recommended Posts

Hej

Ja har fått virusproblem igen datorn hänger sig och startar om sig och är allmänt seg

Jag använde malwarebytes igår och då hittade den 9 virus som det stog att den tog bort utan problem. Sen funkade datorn jättebra tills i dag nu har jag startat om den 4 ggr på morgonen. Det stod på malwarebytes att det var bla. coobfacevirus

Klistrar in dds

DDS (Ver_10-11-10.01) - NTFSx86

Run by Žgaren at 8:19:04,06 on 2010-11-19

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.511.160 [GMT 1:00]

 

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

c:\apps\Powercinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

C:\apps\Powercinema\PCMService.exe

C:\apps\ABoard\ABoard.exe

C:\apps\ABoard\AOSD.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\Alwil Software\Avast5\avastUI.exe

C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Windows Live\Toolbar\wltuser.exe

D:\Documents and Settings\Ägaren\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.eniro.se/

uSearch Page =

uWindow Title = Packard Bell

uSearch Bar =

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=localhost:7171

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File

TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [smpcSys] c:\apps\smp\SmpSys.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Vade Retro Outlook Express] "c:\program\gotoso~1\vadere~1\Vaderetro_oe.exe"

mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"

mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program\k-lite codec pack\quicktime\qttask.exe" -atboottime

mRun: [avast5] "c:\program\alwil software\avast5\avastUI.exe" /nogui

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: d:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: d:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\program\micros~4\office10\EXCEL.EXE/3000

IE: {3063c161-2f7e-4225-ba73-08bc8f64c67e} - c:\program\betway\casino\casinogame.exe

IE: {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - c:\program\betway\poker\MPPoker.exe

IE: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\poker\unibetpokermpp\MPPoker.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: film2home.se\www

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091111095637

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158244611729

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab

DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://189.124.130.132/activex/AMC.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by142fd.bay142.hotmail.msn.com/activex/HMAtchmt.ocx

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Notify: OPXPGina - c:\apps\softex\omnipass\opxpgina.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-5 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-21 54752]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-8-5 704864]

 

=============== Created Last 30 ================

 

2010-11-18 09:20:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-18 09:20:32 -------- d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-18 09:20:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-18 09:20:31 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-11-18 06:04:13 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-06 10:37:34 103864 ----a-w- c:\program\mozilla firefox\plugins\nppdf32.dll

2010-11-06 10:37:34 103864 ----a-w- c:\program\internet explorer\plugins\nppdf32.dll

 

==================== Find3M ====================

 

2010-10-26 19:04:10 19657194 ----a-w- d:\docume~1\alluse~1\applic~1\vlc-1.1.4-win32.exe

2010-09-18 10:23:44 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:42 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:42 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:42 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-10 05:52:34 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

2010-09-01 11:52:44 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57:46 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03:53 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:54:29 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:56 617472 ----a-w- c:\windows\system32\comctl32.dll

 

============= FINISH: 8:20:15,14 ===============

Attach.txt

Link to comment
Share on other sites

Hej igen!

Öppna Internet Explorer, Verktyg och Internetalternativ, sedan fliken Anslutningar.

Klicka på knappen LAN inställningar, martkera ur/ta bort allt som har med proxy att göra i de olika alternativen.

 

Glöm inte att posta Malwarebytes loggarna.

Mvh

Mats H

Link to comment
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 5142

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-11-18 10:42:27

mbam-log-2010-11-18 (10-42-27).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 217149

Förfluten tid: 19 minut(er), 42 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 4

Infekterade registervärden: 1

Infekterade registerdataposter: 2

Infekterade mappar: 0

Infekterade filer: 4

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\t55ft2792f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\t55ft2810f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

 

 

Denna loggen fick jag igår och denna nu idag

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 5142

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-11-19 08:39:30

mbam-log-2010-11-19 (08-39-30).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 216905

Förfluten tid: 11 minut(er), 47 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

Link to comment
Share on other sites

Hej igen!

Öppna Internet Explorer, Verktyg och Internetalternativ, sedan fliken Anslutningar.

Klicka på knappen LAN inställningar, martkera ur/ta bort allt som har med proxy att göra i de olika alternativen.

 

Glöm inte att posta Malwarebytes loggarna.

Mvh

Mats H

 

Det finns inget ikryssat i Laninställning

Link to comment
Share on other sites

Hej,

kör följande on-Line skanner:

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet "Remove found threats"

Bocka för "Scan Archives

 

Klicka på "Advanced Settings"

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Tryck på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Mvh

Mats H

Link to comment
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=9c7a4cdbb0f65a4f8f6e23998084c0c6

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-11-19 03:15:19

# local_time=2010-11-19 04:15:19 (+0100, Västeuropa, normaltid)

# country="Sweden"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 5722134 5722134 0 0

# compatibility_mode=8192 67108863 100 0 3766 3766 0 0

# scanned=63259

# found=2

# cleaned=0

# scan_time=2598

C:\Microgaming\Casino\Ladbrokes\install.exe a variant of Win32/PrimeCasino application 00000000000000000000000000000000 I

C:\Program Files\LucasArts\Monkey Island 1 and 2\AUTORUN.INF INF/Autorun.gen trojan 00000000000000000000000000000000 I

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=9c7a4cdbb0f65a4f8f6e23998084c0c6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-11-19 05:12:07

# local_time=2010-11-19 06:12:07 (+0100, Västeuropa, normaltid)

# country="Sweden"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 5724838 5724838 0 0

# compatibility_mode=8192 67108863 100 0 6470 6470 0 0

# scanned=166810

# found=2

# cleaned=0

# scan_time=6904

C:\Microgaming\Casino\Ladbrokes\install.exe a variant of Win32/PrimeCasino application 00000000000000000000000000000000 I

C:\Program Files\LucasArts\Monkey Island 1 and 2\AUTORUN.INF INF/Autorun.gen trojan 00000000000000000000000000000000 I

Link to comment
Share on other sites

DDS (Ver_10-11-10.01) - NTFSx86

Run by Žgaren at 0:01:50,40 on 2010-11-20

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.511.330 [GMT 1:00]

 

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

c:\apps\Powercinema\Kernel\TV\CLSched.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

C:\apps\Powercinema\PCMService.exe

C:\apps\ABoard\ABoard.exe

C:\apps\ABoard\AOSD.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\Alwil Software\Avast5\avastUI.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Documents and Settings\Ägaren\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.eniro.se/

uSearch Page =

uWindow Title = Packard Bell

uSearch Bar =

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=localhost:7171

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File

TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [smpcSys] c:\apps\smp\SmpSys.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Vade Retro Outlook Express] "c:\program\gotoso~1\vadere~1\Vaderetro_oe.exe"

mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"

mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program\k-lite codec pack\quicktime\qttask.exe" -atboottime

mRun: [avast5] "c:\program\alwil software\avast5\avastUI.exe" /nogui

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: d:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: d:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\program\micros~4\office10\EXCEL.EXE/3000

IE: {3063c161-2f7e-4225-ba73-08bc8f64c67e} - c:\program\betway\casino\casinogame.exe

IE: {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - c:\program\betway\poker\MPPoker.exe

IE: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\poker\unibetpokermpp\MPPoker.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: film2home.se\www

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091111095637

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158244611729

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab

DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://189.124.130.132/activex/AMC.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by142fd.bay142.hotmail.msn.com/activex/HMAtchmt.ocx

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Notify: OPXPGina - c:\apps\softex\omnipass\opxpgina.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-5 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-21 54752]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-8-5 704864]

 

=============== Created Last 30 ================

 

2010-11-19 14:29:14 -------- d-----w- c:\program\ESET

2010-11-18 09:20:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-18 09:20:32 -------- d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-18 09:20:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-18 09:20:31 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-11-18 06:04:13 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-06 10:37:34 103864 ----a-w- c:\program\mozilla firefox\plugins\nppdf32.dll

2010-11-06 10:37:34 103864 ----a-w- c:\program\internet explorer\plugins\nppdf32.dll

 

==================== Find3M ====================

 

2010-10-26 19:04:10 19657194 ----a-w- d:\docume~1\alluse~1\applic~1\vlc-1.1.4-win32.exe

2010-09-18 10:23:44 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:42 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:42 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:42 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-10 05:52:34 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

2010-09-01 11:52:44 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57:46 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03:53 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:54:29 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:56 617472 ----a-w- c:\windows\system32\comctl32.dll

 

============= FINISH: 0:03:28,21 ===============

Attach.txt

Link to comment
Share on other sites

Hej,

dags för Combofix.

 

Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Mvh

Mats H

Link to comment
Share on other sites

ComboFix 10-11-19.02 - Ägaren 2010-11-20 8:04.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.511.235 [GMT 1:00]

Körs från: d:\documents and settings\Ägaren\Skrivbord\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\Thumbs.db

d:\documents and settings\Ägaren\Lokala inställningar\Application Data\DoubleD

d:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe

d:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe

d:\documents and settings\All Users\Application Data\vlc-1.1.4-win32.exe

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-10-20 till 2010-11-20 ))))))))))))))))))))))))))))))

.

 

2010-11-19 14:29 . 2010-11-19 14:29 -------- d-----w- c:\program\ESET

2010-11-18 09:20 . 2010-11-18 09:20 -------- d-----w- d:\documents and settings\Ägaren\Application Data\Malwarebytes

2010-11-18 09:20 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-18 09:20 . 2010-11-18 09:20 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-18 09:20 . 2010-11-18 09:20 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-11-18 09:20 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-18 06:04 . 2010-09-15 01:29 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program\Mozilla Firefox\plugins\nppdf32.dll

2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program\Internet Explorer\PLUGINS\nppdf32.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 10:23 . 2004-09-14 08:33 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-09-14 08:33 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-09-14 08:33 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-09-14 08:33 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 03:50 . 2010-08-31 11:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-10 05:52 . 2004-09-14 08:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52 . 2004-09-14 08:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52 . 2004-09-14 08:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-07 15:12 . 2010-09-14 08:57 38848 ----a-w- c:\windows\avastSS.scr

2010-09-07 15:11 . 2006-12-29 10:02 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-07 14:52 . 2006-12-29 10:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-07 14:52 . 2008-04-05 18:34 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-07 14:47 . 2006-12-29 10:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-07 14:47 . 2006-12-29 10:02 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-07 14:47 . 2006-12-29 10:02 94544 -c--a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-07 14:47 . 2008-04-05 18:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-07 14:46 . 2006-12-29 10:02 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-09-01 11:52 . 2004-09-14 08:33 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57 . 2004-09-14 08:33 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03 . 2004-09-14 08:33 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:54 . 2004-09-14 08:33 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2004-09-14 08:33 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-23 16:12 . 2004-09-14 08:33 617472 ----a-w- c:\windows\system32\comctl32.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]

"Vade Retro Outlook Express"="c:\program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 143360]

"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

"nwiz"="nwiz.exe" [2006-08-11 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program\K-Lite Codec Pack\QuickTime\qttask.exe" [2010-03-17 421888]

"avast5"="c:\program\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

 

d:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-5 939920]

Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2006-01-30 06:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program\\SopCast\\SopCast.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Microgaming\\Casino\\Ladbrokes\\casinogame.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-04-05 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 17744]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-11-19 c:\windows\Tasks\Ställa in datorn.job

- c:\apps\SMP\PCSETUP.EXE [2005-11-17 08:03]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.eniro.se/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=localhost:7171

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\program\MICROS~4\Office10\EXCEL.EXE/3000

IE: {{3063c161-2f7e-4225-ba73-08bc8f64c67e} - c:\program\Betway\Casino\casinogame.exe

IE: {{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - c:\program\Betway\Poker\MPPoker.exe

IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe

Trusted Zone: film2home.se\www

DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091111095637

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://189.124.130.132/activex/AMC.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - d:\documents and settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\93notdm8.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.eniro.se/

FF - component: d:\documents and settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\93notdm8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: d:\documents and settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\93notdm8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - plugin: c:\program\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program\Personal\bin\np_prsnl.dll

FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: d:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-20 08:24

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(612)

c:\apps\Softex\OmniPass\opxpgina.dll

.

Sluttid: 2010-11-20 08:35:02

ComboFix-quarantined-files.txt 2010-11-20 07:34

 

Före genomsökningen: 5 226 262 528 byte ledigt

Efter genomsökningen: 5 170 503 680 byte ledigt

 

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

- - End Of File - - C6A46EB96BABA52D1E41DD2C3408BA5D

Link to comment
Share on other sites

DDS (Ver_10-11-10.01) - NTFSx86

Run by Žgaren at 8:54:37,45 on 2010-11-20

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.511.208 [GMT 1:00]

 

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\Java\jre6\bin\jqs.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

c:\apps\Powercinema\Kernel\TV\CLSched.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

C:\apps\Powercinema\PCMService.exe

C:\apps\ABoard\ABoard.exe

C:\apps\ABoard\AOSD.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\Alwil Software\Avast5\avastUI.exe

C:\APPS\SMP\SmpSys.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Documents and Settings\Ägaren\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.eniro.se/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=localhost:7171

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File

uRun: [smpcSys] c:\apps\smp\SmpSys.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Vade Retro Outlook Express] "c:\program\gotoso~1\vadere~1\Vaderetro_oe.exe"

mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"

mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program\k-lite codec pack\quicktime\qttask.exe" -atboottime

mRun: [avast5] "c:\program\alwil software\avast5\avastUI.exe" /nogui

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: d:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: d:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\program\micros~4\office10\EXCEL.EXE/3000

IE: {3063c161-2f7e-4225-ba73-08bc8f64c67e} - c:\program\betway\casino\casinogame.exe

IE: {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - c:\program\betway\poker\MPPoker.exe

IE: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\poker\unibetpokermpp\MPPoker.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: film2home.se\www

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091111095637

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158244611729

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab

DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://189.124.130.132/activex/AMC.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by142fd.bay142.hotmail.msn.com/activex/HMAtchmt.ocx

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Notify: OPXPGina - c:\apps\softex\omnipass\opxpgina.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-5 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-21 54752]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-8-5 704864]

 

=============== Created Last 30 ================

 

2010-11-20 07:02:51 -------- d-sha-r- C:\cmdcons

2010-11-20 06:57:06 98816 ----a-w- c:\windows\sed.exe

2010-11-20 06:57:06 89088 ----a-w- c:\windows\MBR.exe

2010-11-20 06:57:06 256512 ----a-w- c:\windows\PEV.exe

2010-11-20 06:57:06 161792 ----a-w- c:\windows\SWREG.exe

2010-11-19 14:29:14 -------- d-----w- c:\program\ESET

2010-11-18 09:20:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-18 09:20:32 -------- d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-18 09:20:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-18 09:20:31 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-11-18 06:04:13 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-06 10:37:34 103864 ----a-w- c:\program\mozilla firefox\plugins\nppdf32.dll

2010-11-06 10:37:34 103864 ----a-w- c:\program\internet explorer\plugins\nppdf32.dll

 

==================== Find3M ====================

 

2010-09-18 10:23:44 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:42 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:42 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:42 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-10 05:52:34 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

2010-09-01 11:52:44 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57:46 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03:53 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:54:29 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:56 617472 ----a-w- c:\windows\system32\comctl32.dll

 

============= FINISH: 8:55:52,64 ===============

Attach.txt

Link to comment
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:50:48, on 2010-11-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

c:\apps\Powercinema\Kernel\TV\CLSched.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

C:\apps\Powercinema\PCMService.exe

C:\apps\ABoard\ABoard.exe

C:\apps\ABoard\AOSD.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\Alwil Software\Avast5\avastUI.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\Trend Micro\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eniro.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"

O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast5] "C:\Program\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Program\Betway\Casino\casinogame.exe

O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program\Betway\Poker\MPPoker.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=SE&range=AD&phase=7&key=IESTART

O15 - Trusted Zone: http://www.film2home.se

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091111095637

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158244611729

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://189.124.130.132/activex/AMC.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by142fd.bay142.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 10532 bytes

Link to comment
Share on other sites

Hej,

kör nu Hijack This, "Do a system scan".

Markera följande rad:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

Tryck "Fix Checked".

 

Avsluta Hijack This, starta om datorn, och kör nu en ny HiJack This, "Do a system scan and save a logfile".

Klistra in loggen här i din tråd.

Mvh

Mats H

Link to comment
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:01:04, on 2010-11-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

c:\apps\Powercinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

C:\apps\Powercinema\PCMService.exe

C:\apps\ABoard\ABoard.exe

C:\apps\ABoard\AOSD.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\Alwil Software\Avast5\avastUI.exe

C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Trend Micro\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eniro.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"

O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast5] "C:\Program\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Program\Betway\Casino\casinogame.exe

O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program\Betway\Poker\MPPoker.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=SE&range=AD&phase=7&key=IESTART

O15 - Trusted Zone: http://www.film2home.se

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091111095637

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158244611729

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://189.124.130.132/activex/AMC.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by142fd.bay142.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 10444 bytes

Link to comment
Share on other sites

Hej,

hur fungerar din dator nu?

Verkar som vi nu fått bort problemen.

Så då återstår en sista städomgång.

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

XP:

Start - Program- Tillbehör - Systemverktyg - Systemåterställning

Välj att skapa en ny återställningspunkt och tryck på Nästa.

Vista och Windows 7 (?):

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

 

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och de olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn. Ta bort DDS-programmet och dess loggar, liksom de olika RKill-filerna. Om något är kvar efter det så fråga hur du ska ta bort det.

 

3. Ta bort alla tillfälliga filer genom att ladda ner TFC-Cleaner på Skrivbordet:

http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på TFC-Cleaner.exe för att starta programmet.

 

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

http://sites.google.com/site/ceblstockholm/home

 

Om du fortfarande upplever att det skulle finnas något bekymmer, säg då till här i din tråd, så fortsätter vi att leta!

Mvh

Mats H

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...