Just nu i M3-nätverket
Jump to content

Ad-ware eller vad är det för nåt???


Yoshis

Recommended Posts

Hej alla trevliga människor!

Jag har fått problem med min dator, sedan ett par dagar så när jag går ut på nätet så dyker det upp en helsides annons och hela datorn börjar slöa sig när jag klickat på internet. När jag startar om datorn  är säkerhetscenter avstängt trots att jag aktiverat det innan ja startade om. Datorn är 400gb ledig utrymme så det är väl inte det som gör att den blir så slö????

Gjorde en logg i Hijackthis om det är någon som förstår sig på detta d.v.s

Jag har kört med antivirus och Ad-Aware 2007 och dessa säger att datorn är ren, så ja fattar inte varför detta dyker upp?? Någon som kan hjälpa mig, behöver datorn i arbetet och skulle vara överlycklig om någon/några kunde hjälpa mig.

MVH

Yoshis

Loggen >
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:47, on 2008-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program\Creative\Shared Files\CTDevSrv.exe
c:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe
C:\Program\InterVideo\Common\Bin\WinRemote.exe
C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program\Logitech\QuickCam\Quickcam.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\QuickTime\QTTask.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tt.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [1c48b4c0] rundll32.exe "C:\WINDOWS\system32\ckhmwetd.dll",b
O4 - HKLM\..\Run: [bM1f7b875c] Rundll32.exe "C:\WINDOWS\system32\fysmyvkd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uIWatcher] C:\Program\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program\Delade filer\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 10314 bytes

Link to comment
Share on other sites

Att Ad-aware säger att datorn är ren säger tyvärr inte så mycket eftersom det inte är ett särskilt bra program längre.

Ladda ner Malwarebytes Anti-Malware från en av dessa:
http://www.besttechie.net/tools/mbam-setup.exe
http://www.brothersoft.com/download-malwarebytes.-anti-malware-71406.html
Dubbelklicka på mbam-setup.exe för att installera programmet.
Bocka för:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Tryck på Finish
Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj Perform Quick Scan och tryck på Scan.
Skanningen tar ett tag.
När den är klar så tryck på OK och sedan Show Results.
Bocka för allt och tryck sedan Remove Selected.
När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.
Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på Logs-fliken i MBAM.
Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.

Link to comment
Share on other sites

Cecilia:

Har nu kört enligt dina anvisningar och ändå kommer det upp reklam och datorn går som sirap, Kanske inte kan?? Eller bara gör fel eller? Ner
MVH Yoshis

Loggen från Malwarebytes Anti Malware:

Malwarebytes' Anti-Malware 1.20
Databasversion: 941
Windows 5.1.2600 Service Pack 2

00:22:51 2008-07-12
mbam-log-7-12-2008 (00-22-51).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 44887
Förfluten tid: 5 minute(s), 33 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 4
Infekterade registernycklar: 10
Infekterade registervärden: 3
Infekterade registerdataposter: 2
Infekterade mappar: 0
Infekterade filer: 16

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
C:\WINDOWS\system32\gbedupla.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\nnnnLeFx.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\xaxneyhg.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayvWmJa.dll (Trojan.Vundo) -> Unloaded module successfully.

Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7778d30e-b435-4dc1-9752-d7e8e82edf0f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7778d30e-b435-4dc1-9752-d7e8e82edf0f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f505979-b759-4a89-b9e0-3c2a17c68d76} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f505979-b759-4a89-b9e0-3c2a17c68d76} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvwmja (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1c48b4c0 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1f7b875c (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5f505979-b759-4a89-b9e0-3c2a17c68d76} (Trojan.Vundo) -> Delete on reboot.

Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnlefx -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnlefx  -> Delete on reboot.

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\WINDOWS\system32\nnnnLeFx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xFeLnnnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xFeLnnnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gbedupla.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\alpudebg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ihpknprf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frpnkphi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xaxneyhg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ghyenxax.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovpitled.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mlJYRHwV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayvWmJa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\BM1f7b875c.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1f7b875c.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Loggen från Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:56, on 2008-07-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program\Creative\Shared Files\CTDevSrv.exe
c:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe
C:\Program\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program\Logitech\QuickCam\Quickcam.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\QuickTime\QTTask.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tt.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (no name) - {116F9EC0-8A31-4725-84DE-146266D6A53E} - C:\WINDOWS\system32\xxyyvVlI.dll (file missing)
O2 - BHO: {17eef386-dc2b-84ea-4f44-352b07aac343} - {343caa70-b253-44f4-ae48-b2cd683fee71} - C:\WINDOWS\system32\sphgai.dll
O2 - BHO: (no name) - {48AE01E9-CAF9-4227-B0DE-82B2280B41D8} - C:\WINDOWS\system32\vtUlKbBR.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {821D94F0-6142-4912-8515-3D1F1026D35A} - C:\WINDOWS\system32\nnnnLeFx.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uIWatcher] C:\Program\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: urqPhedC - C:\WINDOWS\SYSTEM32\urqPhedC.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program\Delade filer\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 10800 bytes


Link to comment
Share on other sites

Det tar ett tag att bli av med alla de skadliga filerna men det kommer att ordna sig så småningom.

Ladda ner ComboFix till Skrivbordet:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.
Kör ComboFix och följ anvisningarna som visas.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Link to comment
Share on other sites

COMBOFix logg:

ComboFix 08-07-12.2 - HP_Ägaren 2008-07-13 16:24:21.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1053.18.800 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Ägaren\Skrivbord\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dMoYJRqr.ini
C:\WINDOWS\system32\dMoYJRqr.ini2
C:\WINDOWS\system32\dtewmhkc.ini
C:\WINDOWS\system32\dyakisuq.ini
C:\WINDOWS\system32\IlVvyyxx.ini
C:\WINDOWS\system32\IlVvyyxx.ini2
C:\WINDOWS\system32\ivgimujh.ini
C:\WINDOWS\system32\jkkLCTmK.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\RBbKlUtv.ini
C:\WINDOWS\system32\RBbKlUtv.ini2
C:\WINDOWS\system32\RqYIPXyb.ini
C:\WINDOWS\system32\RqYIPXyb.ini2
C:\WINDOWS\system32\urqPhedC.dll
C:\WINDOWS\system32\utvENqss.ini
C:\WINDOWS\system32\utvENqss.ini2
C:\WINDOWS\system32\xFeLnnnn.ini
E:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-06-13 to 2008-07-13  )))))))))))))))))))))))))))))))
.

2008-07-13 16:31 . 2008-07-13 16:31 233 ---hs---- C:\WINDOWS\system32\ivgimujh.ini
2008-07-13 16:30 . 2008-07-13 16:30 22 --a------ C:\WINDOWS\pskt.ini
2008-07-13 15:36 . 2008-07-13 15:36 105,296 --a------ C:\WINDOWS\system32\qqctspxm.dll
2008-07-13 15:36 . 2008-07-13 15:36 105,296 --a------ C:\WINDOWS\system32\mrcfrz.dll
2008-07-13 15:34 . 2008-07-13 15:34 90,928 --a------ C:\WINDOWS\system32\hdebroxf.dll
2008-07-13 15:34 . 2008-07-13 15:34 81,152 --a------ C:\WINDOWS\system32\hjumigvi.dll
2008-07-13 15:33 . 2008-07-13 15:33 314,608 --a------ C:\WINDOWS\system32\ssqNEvtu.dll
2008-07-12 19:09 . 2008-07-12 19:09 105,248 --a------ C:\WINDOWS\system32\hegfcd.dll
2008-07-12 19:09 . 2008-07-12 19:09 105,248 --a------ C:\WINDOWS\system32\gxyslrle.dll
2008-07-12 19:07 . 2008-07-13 16:31 110,419 --a------ C:\WINDOWS\BM1f7b875c.xml
2008-07-12 19:07 . 2008-07-12 19:07 90,992 --a------ C:\WINDOWS\system32\wctuhhdr.dll
2008-07-12 00:14 . 2008-07-12 00:14 <KAT> d-------- C:\Program\Malwarebytes' Anti-Malware
2008-07-12 00:14 . 2008-07-12 00:14 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 00:14 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-12 00:14 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-12 00:09 . 2008-07-12 00:09 105,248 --a------ C:\WINDOWS\system32\sphgai.dll
2008-07-12 00:09 . 2008-07-12 00:09 105,248 --a------ C:\WINDOWS\system32\rbmodayt.dll
2008-07-12 00:07 . 2008-07-12 00:22 90,928 --------- C:\WINDOWS\system32\ovpitled.dll
2008-07-12 00:07 . 2008-07-12 00:22 81,168 --------- C:\WINDOWS\system32\xaxneyhg.dll
2008-07-12 00:06 . 2008-07-12 00:22 314,608 --------- C:\WINDOWS\system32\nnnnLeFx.dll
2008-07-11 07:57 . 2008-07-11 07:57 105,232 --a------ C:\WINDOWS\system32\blqskdoo.dll
2008-07-11 07:54 . 2008-07-11 07:54 90,912 --a------ C:\WINDOWS\system32\harsmlbm.dll
2008-07-11 07:54 . 2008-07-12 00:22 81,120 --------- C:\WINDOWS\system32\gbedupla.dll
2008-07-10 20:31 . 2008-07-10 20:31 <KAT> d-------- C:\Program\Trend Micro
2008-07-10 20:28 . 2008-07-10 20:28 105,232 --a------ C:\WINDOWS\system32\iyyamh.dll
2008-07-10 20:28 . 2008-07-10 20:28 105,232 --a------ C:\WINDOWS\system32\amgwmihd.dll
2008-07-10 20:23 . 2008-07-10 20:23 90,912 --a------ C:\WINDOWS\system32\fysmyvkd.dll
2008-07-09 20:05 . 2008-07-09 20:05 <KAT> d-------- C:\Program\Lavasoft
2008-07-09 20:05 . 2008-07-11 07:53 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-09 17:54 . 2008-07-09 17:54 105,152 --a------ C:\WINDOWS\system32\zahddf.dll
2008-07-09 17:54 . 2008-07-09 17:54 105,152 --a------ C:\WINDOWS\system32\kxfnhwpy.dll
2008-07-09 17:54 . 2008-07-09 17:54 90,816 --a------ C:\WINDOWS\system32\cdkqknyy.dll
2008-07-09 17:48 . 2008-07-12 00:22 25,856 --------- C:\WINDOWS\system32\yayvWmJa.dll
2008-07-02 19:22 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-07-02 19:22 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-07-02 19:21 . 2008-07-02 19:21 <KAT> d-------- C:\Program\Steinberg
2008-07-02 19:21 . 2008-07-02 19:22 <KAT> d-------- C:\Program\Image-Line
2008-07-02 08:13 . 2008-07-08 22:36 <KAT> d-------- C:\WINDOWS\system32\QuickTime
2008-07-02 08:13 . 2006-09-22 04:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-07-01 15:51 . 2008-07-01 15:51 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-07-01 15:50 . 2008-07-01 16:10 <KAT> d-------- C:\Program\Ashampoo
2008-07-01 14:31 . 2008-07-02 16:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-01 14:31 . 2008-07-01 14:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-24 09:01 . 2008-06-24 09:01 <KAT> d-------- C:\Documents and Settings\Steffi\Application Data\TuneUp Software
2008-06-23 16:09 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-06-23 16:09 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-06-18 19:48 . 2008-07-09 21:24 <KAT> d-------- C:\Documents and Settings\Steffi\Application Data\LimeWire
2008-06-17 22:14 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-06-16 19:07 . 2008-06-16 19:07 <KAT> d-------- C:\Documents and Settings\Steffi\Application Data\InstallShield Installation Information

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 14:29 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-07-13 14:29 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-07-08 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-08 17:49 --------- d-----w C:\Documents and Settings\Steffi\Application Data\Skype
2008-07-08 17:22 --------- d-----w C:\Documents and Settings\Steffi\Application Data\skypePM
2008-07-03 17:10 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-01 14:02 --------- d--h--w C:\Program\InstallShield Installation Information
2008-07-01 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 20:14 --------- d-----w C:\Program\Creative
2008-06-15 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-14 18:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 15:20 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-02 15:20 --------- d-----w C:\Program\VSO
2008-05-28 17:46 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-05-28 17:45 --------- d-----w C:\Program\Delade filer\Nikon
2008-05-28 17:45 --------- d-----w C:\Program\Delade filer\muvee Technologies
2008-05-28 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nikon
2008-05-28 17:44 --------- d-----w C:\Program\Nikon
2008-05-28 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-05-28 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metadata Importer
2008-05-28 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-05-28 17:43 --------- d-----w C:\Program\ArcSoft
2008-05-27 19:43 --------- d-----w C:\Program\SystemRequirementsLab
2008-05-21 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-05-14 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-05-14 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Xara
2008-01-19 20:16 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28a9b3a7-232a-4fa4-a40d-00e89bea75a1}]
2008-07-13 15:36 105296 --a------ C:\WINDOWS\system32\mrcfrz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296CE211-3CF9-40EA-BFA6-7525BAFA3DE9}]
2008-07-13 15:33 314608 --a------ C:\WINDOWS\system32\ssqNEvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{821D94F0-6142-4912-8515-3D1F1026D35A}]
2008-07-12 00:22 314608 --------- C:\WINDOWS\system32\nnnnLeFx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"AnyDVD"="C:\Program\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-28 10:43 1682368]
"msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-14 01:24 1694208]
"UIWatcher"="C:\Program\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [2007-11-06 16:16 1741184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 16:32 5537792]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
"Home Theater SchSvr"="C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" [2005-05-10 11:48 106496]
"WINREMOTE"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2005-05-10 11:05 233472]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
"CTDVDDET"="C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 09:00 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 09:00 90112]
"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"LogitechCommunicationsManager"="C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-07-03 19:10 1232152]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"1c48b4c0"="C:\WINDOWS\system32\hjumigvi.dll" [2008-07-13 15:34 81152]
"BM1f7b875c"="C:\WINDOWS\system32\hdebroxf.dll" [2008-07-13 15:34 90928]
"nwiz"="nwiz.exe" [2005-02-24 16:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 24576 C:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 49152 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.yv12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
"HPHUPD06"=c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\uTorrent\\uTorrent.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program\\Internet Explorer\\iexplore.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 19:10]
R2 avg8wd;AVG8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-07-03 19:10]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-10-27 22:40]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-10-24 17:35]
R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;C:\WINDOWS\system32\DRIVERS\wn5401.sys [2005-01-07 02:08]
S2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E555}]
C:\Documents and Settings\HP_Ägaren\Skrivbord\AnyDVD 6.3.1.5\AnyDVD leftover killer 1.3.exe -M
.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 14:30:19 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program\TuneUp Utilities 2008\OneClickStarter.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{116F9EC0-8A31-4725-84DE-146266D6A53E} - C:\WINDOWS\system32\xxyyvVlI.dll
BHO-{48AE01E9-CAF9-4227-B0DE-82B2280B41D8} - C:\WINDOWS\system32\vtUlKbBR.dll
BHO-{B8885F7A-C632-4A52-96A1-3F1114A3729D} - C:\WINDOWS\system32\byXPIYqR.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 16:30:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\ivgimujh.ini 294 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-07-13 16:36:02
ComboFix-quarantined-files.txt  2008-07-13 14:35:22

Pre-Run: 108,775,792,640 byte ledigt
Post-Run: 109,163,159,552 byte ledigt

224 --- E O F --- 2008-07-09 15:44:06

Link to comment
Share on other sites

Surfa till http://uploads.malwarebytes.org/
Kopiera in följande filnamn i rutorna och när du fyllt i 4 rutor så trycker du på Upload och så upprepar du med 4 filer till.
C:\WINDOWS\system32\sphgai.dll
C:\WINDOWS\system32\rbmodayt.dll
C:\WINDOWS\system32\ovpitled.dll
C:\WINDOWS\system32\xaxneyhg.dll
C:\WINDOWS\system32\nnnnLeFx.dll
C:\WINDOWS\system32\blqskdoo.dll
C:\WINDOWS\system32\harsmlbm.dll
C:\WINDOWS\system32\gbedupla.dll
C:\WINDOWS\system32\iyyamh.dll
C:\WINDOWS\system32\amgwmihd.dll
C:\WINDOWS\system32\fysmyvkd.dll
C:\WINDOWS\system32\zahddf.dll
C:\WINDOWS\system32\kxfnhwpy.dll
C:\WINDOWS\system32\cdkqknyy.dll
C:\WINDOWS\system32\yayvWmJa.dll

Kopiera alla kursiva rader

File::
C:\WINDOWS\system32\ivgimujh.ini
C:\WINDOWS\system32\qqctspxm.dll
C:\WINDOWS\system32\mrcfrz.dll
C:\WINDOWS\system32\hdebroxf.dll
C:\WINDOWS\system32\hjumigvi.dll
C:\WINDOWS\system32\ssqNEvtu.dll
C:\WINDOWS\system32\hegfcd.dll
C:\WINDOWS\system32\gxyslrle.dll
C:\WINDOWS\system32\wctuhhdr.dll
C:\WINDOWS\system32\sphgai.dll
C:\WINDOWS\system32\rbmodayt.dll
C:\WINDOWS\system32\ovpitled.dll
C:\WINDOWS\system32\xaxneyhg.dll
C:\WINDOWS\system32\nnnnLeFx.dll
C:\WINDOWS\system32\blqskdoo.dll
C:\WINDOWS\system32\harsmlbm.dll
C:\WINDOWS\system32\gbedupla.dll
C:\WINDOWS\system32\iyyamh.dll
C:\WINDOWS\system32\amgwmihd.dll
C:\WINDOWS\system32\fysmyvkd.dll
C:\WINDOWS\system32\zahddf.dll
C:\WINDOWS\system32\kxfnhwpy.dll
C:\WINDOWS\system32\cdkqknyy.dll
C:\WINDOWS\system32\yayvWmJa.dll

och klistra in i Anteckningar.
Spara filen på Skrivbordet med namnet CFScript.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet  så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut.

Link to comment
Share on other sites

Hej!
Visst var det bara denna del ja skulle använda till combfix???

C:\WINDOWS\system32\ivgimujh.ini
C:\WINDOWS\system32\qqctspxm .dll
C:\WINDOWS\system32\mrcfrz.dll
C:\WINDOWS\system32\hdebro xf.dll
C:\WINDOWS\system32\hjumigvi.dll
C:\WINDOWS\system32\ss qNEvtu.dll
C:\WINDOWS\system32\hegfcd.dll
C:\WINDOWS\system32\ gxyslrle.dll
C:\WINDOWS\system32\wctuhhdr.dll
C:\WINDOWS\syste m32\sphgai.dll
C:\WINDOWS\system32\rbmodayt.dll
C:\WINDOWS\system32\ovpitled.dll
C:\WINDOWS\system32\xaxneyhg.dll
C:\WINDOWS\system32\nnnnLeFx.dll
C:\WINDOWS\system32\blqskdoo.dll
C:\WINDOWS\system32\harsmlbm.dll
C:\WINDOWS\system32\gbedupla.dll
C:\WINDOWS\system32\iyyamh.dll
C:\WINDOWS\system32\amgwmihd.dll
C:\WINDOWS\system32\fysmyvkd.dll
C:\WINDOWS\system32\zahddf.dll
C:\WINDOWS\system32\kxfnhwpy.dll
C:\WINDOWS\system32\cdkqknyy.dll
C:\WINDOWS\system32\yayvWmJa.dll

och klistra in i Anteckningar.
Spara filen på Skrivbordet med namnet CFScript.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet  så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut.
________________________________________________________________________________________

Logg från Combofix

ComboFix 08-07-12.2 - HP_Ägaren 2008-07-14 15:45:47.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1053.18.523 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Ägaren\Skrivbord\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Ägaren\Skrivbord\CFScript.txt
 * Created a new restore point
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\rhkboksm.ini
C:\WINDOWS\system32\utvENqss.ini
C:\WINDOWS\system32\utvENqss.ini2

.
(((((((((((((((((((((((((   Files Created from 2008-06-14 to 2008-07-14  )))))))))))))))))))))))))))))))
.

2008-07-13 16:41 . 2008-07-13 16:41 105,296 --a------ C:\WINDOWS\system32\etwadhsy.dll
2008-07-13 16:41 . 2008-07-13 16:41 105,296 --a------ C:\WINDOWS\system32\eehrlr.dll
2008-07-13 16:41 . 2008-07-13 16:41 90,928 --a------ C:\WINDOWS\system32\ebmfivnk.dll
2008-07-13 16:41 . 2008-07-13 16:41 81,152 --a------ C:\WINDOWS\system32\mskobkhr.dll
2008-07-13 16:36 . 2008-07-13 16:36  d-------- C:\WINDOWS\system32\config\systemprofile\Lokala inställningar
2008-07-13 16:36 . 2008-07-13 16:36  d-------- C:\Documents and Settings\Steffi\Lokala inställningar
2008-07-13 16:36 . 2008-07-13 16:36  d-------- C:\Documents and Settings\NetworkService\Lokala inställningar
2008-07-13 16:36 . 2008-07-13 16:36  d-------- C:\Documents and Settings\HP_Ägaren
2008-07-13 16:36 .    C:\Documents and Settings\HP_-garen\Lokala inställningar
2008-07-13 16:36 .    C:\Documents and Settings\HP_-garen\Lokala inställningar
2008-07-13 16:31 . 2008-07-13 16:36 354 ---hs---- C:\WINDOWS\system32\ivgimujh.ini
2008-07-13 15:36 . 2008-07-13 15:36 105,296 --a------ C:\WINDOWS\system32\qqctspxm.dll
2008-07-13 15:36 . 2008-07-13 15:36 105,296 --a------ C:\WINDOWS\system32\mrcfrz.dll
2008-07-13 15:34 . 2008-07-13 15:34 90,928 --a------ C:\WINDOWS\system32\hdebroxf.dll
2008-07-13 15:33 . 2008-07-13 15:33 314,608 --a------ C:\WINDOWS\system32\ssqNEvtu.dll
2008-07-12 19:09 . 2008-07-12 19:09 105,248 --a------ C:\WINDOWS\system32\hegfcd.dll
2008-07-12 19:09 . 2008-07-12 19:09 105,248 --a------ C:\WINDOWS\system32\gxyslrle.dll
2008-07-12 19:07 . 2008-07-13 16:36 110,419 --a------ C:\WINDOWS\BM1f7b875c.xml
2008-07-12 19:07 . 2008-07-12 19:07 90,992 --a------ C:\WINDOWS\system32\wctuhhdr.dll
2008-07-12 00:14 . 2008-07-12 00:14  d-------- C:\Program\Malwarebytes' Anti-Malware
2008-07-12 00:14 . 2008-07-12 00:14  d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 00:14 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-12 00:14 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-12 00:09 . 2008-07-12 00:09 105,248 --a------ C:\WINDOWS\system32\sphgai.dll
2008-07-12 00:09 . 2008-07-12 00:09 105,248 --a------ C:\WINDOWS\system32\rbmodayt.dll
2008-07-12 00:07 . 2008-07-12 00:22 90,928 --------- C:\WINDOWS\system32\ovpitled.dll
2008-07-12 00:07 . 2008-07-12 00:22 81,168 --------- C:\WINDOWS\system32\xaxneyhg.dll
2008-07-12 00:06 . 2008-07-12 00:22 314,608 --------- C:\WINDOWS\system32\nnnnLeFx.dll
2008-07-11 07:57 . 2008-07-11 07:57 105,232 --a------ C:\WINDOWS\system32\blqskdoo.dll
2008-07-11 07:54 . 2008-07-11 07:54 90,912 --a------ C:\WINDOWS\system32\harsmlbm.dll
2008-07-11 07:54 . 2008-07-12 00:22 81,120 --------- C:\WINDOWS\system32\gbedupla.dll
2008-07-10 20:31 . 2008-07-10 20:31  d-------- C:\Program\Trend Micro
2008-07-10 20:28 . 2008-07-10 20:28 105,232 --a------ C:\WINDOWS\system32\iyyamh.dll
2008-07-10 20:28 . 2008-07-10 20:28 105,232 --a------ C:\WINDOWS\system32\amgwmihd.dll
2008-07-10 20:23 . 2008-07-10 20:23 90,912 --a------ C:\WINDOWS\system32\fysmyvkd.dll
2008-07-09 20:05 . 2008-07-11 07:53  d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-09 17:54 . 2008-07-09 17:54 105,152 --a------ C:\WINDOWS\system32\zahddf.dll
2008-07-09 17:54 . 2008-07-09 17:54 105,152 --a------ C:\WINDOWS\system32\kxfnhwpy.dll
2008-07-09 17:48 . 2008-07-12 00:22 25,856 --------- C:\WINDOWS\system32\yayvWmJa.dll
2008-07-02 19:22 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-07-02 19:22 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-07-02 19:21 . 2008-07-02 19:21  d-------- C:\Program\Steinberg
2008-07-02 19:21 . 2008-07-02 19:22  d-------- C:\Program\Image-Line
2008-07-02 08:13 . 2008-07-08 22:36  d-------- C:\WINDOWS\system32\QuickTime
2008-07-02 08:13 . 2006-09-22 04:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-07-01 15:51 . 2008-07-01 15:51  d-------- C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-07-01 15:50 . 2008-07-01 16:10  d-------- C:\Program\Ashampoo
2008-07-01 14:31 . 2008-07-02 16:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-01 14:31 . 2008-07-01 14:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-24 09:01 . 2008-06-24 09:01  d-------- C:\Documents and Settings\Steffi\Application Data\TuneUp Software
2008-06-23 16:09 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-06-23 16:09 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-06-18 19:48 . 2008-07-09 21:24  d-------- C:\Documents and Settings\Steffi\Application Data\LimeWire
2008-06-17 22:14 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-06-16 19:07 . 2008-06-16 19:07  d-------- C:\Documents and Settings\Steffi\Application Data\InstallShield Installation Information

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 15:05 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-07-14 15:05 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-07-08 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-08 17:49 --------- d-----w C:\Documents and Settings\Steffi\Application Data\Skype
2008-07-08 17:22 --------- d-----w C:\Documents and Settings\Steffi\Application Data\skypePM
2008-07-03 17:10 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-01 14:02 --------- d--h--w C:\Program\InstallShield Installation Information
2008-07-01 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 20:14 --------- d-----w C:\Program\Creative
2008-06-15 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-14 18:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 15:20 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-02 15:20 --------- d-----w C:\Program\VSO
2008-05-28 17:46 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-05-28 17:45 --------- d-----w C:\Program\Delade filer\Nikon
2008-05-28 17:45 --------- d-----w C:\Program\Delade filer\muvee Technologies
2008-05-28 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nikon
2008-05-28 17:44 --------- d-----w C:\Program\Nikon
2008-05-28 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-05-28 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metadata Importer
2008-05-28 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-05-28 17:43 --------- d-----w C:\Program\ArcSoft
2008-05-27 19:43 --------- d-----w C:\Program\SystemRequirementsLab
2008-05-21 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-05-14 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-05-14 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Xara
2008-01-19 20:16 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{440d4b43-f130-4f37-b98f-9c385f6253f1}]
2008-07-13 16:41 105296 --a------ C:\WINDOWS\system32\eehrlr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{821D94F0-6142-4912-8515-3D1F1026D35A}]
2008-07-12 00:22 314608 --------- C:\WINDOWS\system32\nnnnLeFx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDE54A63-68AD-4D06-BAC6-B658ADA20F9A}]
2008-07-13 15:33 314608 --a------ C:\WINDOWS\system32\ssqNEvtu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"AnyDVD"="C:\Program\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-28 10:43 1682368]
"msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-14 01:24 1694208]
"UIWatcher"="C:\Program\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [2007-11-06 16:16 1741184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 16:32 5537792]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
"Home Theater SchSvr"="C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" [2005-05-10 11:48 106496]
"WINREMOTE"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2005-05-10 11:05 233472]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
"CTDVDDET"="C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 09:00 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 09:00 90112]
"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"LogitechCommunicationsManager"="C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-07-03 19:10 1232152]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"1c48b4c0"="C:\WINDOWS\system32\mskobkhr.dll" [2008-07-13 16:41 81152]
"nwiz"="nwiz.exe" [2005-02-24 16:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 24576 C:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 49152 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.yv12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
"HPHUPD06"=c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\uTorrent\\uTorrent.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program\\Internet Explorer\\iexplore.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 19:10]
R2 avg8wd;AVG8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-07-03 19:10]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-10-27 22:40]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-10-24 17:35]
R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;C:\WINDOWS\system32\DRIVERS\wn5401.sys [2005-01-07 02:08]
S2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E555}]
C:\Documents and Settings\HP_Ägaren\Skrivbord\AnyDVD 6.3.1.5\AnyDVD leftover killer 1.3.exe -M
.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 15:07:06 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 17:07:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\rhkboksm.ini 1841133 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\mskobkhr.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program\Creative\Shared Files\CTDevSrv.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Delade filer\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-14 17:13:21 - machine was rebooted [HP_garen]
ComboFix-quarantined-files.txt  2008-07-14 15:12:43
ComboFix2.txt  2008-07-13 14:36:03

Pre-Run: 109,863,260,160 byte ledigt
Post-Run: 109,903,753,216 byte ledigt

237 --- E O F --- 2008-07-09 15:44:06

Link to comment
Share on other sites

Nu har det blivit fler skadliga filer så nu blir det följande som gäller:
Kopiera alla kursiva rader

File::
C:\WINDOWS\system32\etwadhsy.dll
C:\WINDOWS\system32\eehrlr.dll
C:\WINDOWS\system32\ebmfivnk.dll
C:\WINDOWS\system32\mskobkhr.dll
C:\WINDOWS\system32\ivgimujh.ini
C:\WINDOWS\system32\qqctspxm .dll
C:\WINDOWS\system32\mrcfrz.dll
C:\WINDOWS\system32\hdebro xf.dll
C:\WINDOWS\system32\hjumigvi.dll
C:\WINDOWS\system32\ss qNEvtu.dll
C:\WINDOWS\system32\hegfcd.dll
C:\WINDOWS\system32\ gxyslrle.dll
C:\WINDOWS\system32\wctuhhdr.dll
C:\WINDOWS\syste m32\sphgai.dll
C:\WINDOWS\system32\rbmodayt.dll
C:\WINDOWS\system32\ovpitled.dll
C:\WINDOWS\system32\xaxneyhg.dll
C:\WINDOWS\system32\nnnnLeFx.dll
C:\WINDOWS\system32\blqskdoo.dll
C:\WINDOWS\system32\harsmlbm.dll
C:\WINDOWS\system32\gbedupla.dll
C:\WINDOWS\system32\iyyamh.dll
C:\WINDOWS\system32\amgwmihd.dll
C:\WINDOWS\system32\fysmyvkd.dll
C:\WINDOWS\system32\zahddf.dll
C:\WINDOWS\system32\kxfnhwpy.dll
C:\WINDOWS\system32\cdkqknyy.dll
C:\WINDOWS\system32\yayvWmJa.dll


och klistra in i Anteckningar.
Spara filen på Skrivbordet med namnet CFScript.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet  så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut.

Link to comment
Share on other sites

Hej!

Detta beskymmer börja göra mig tokig!!! Ledsen
Det är möjligen inte lättare att bara göra en definitiv systemåterställning och
lägga in alla program och annat på nytt??
Ska ja fortfrarande starta combifix i felsäkert läge, eftersom den ikonen på skrivbordet bara är för att köra programmet, någon genväg till programmet exsisterar inte på datorn och bara dra anteckningsfilen över programikonen??

Spara filen på Skrivbordet med namnet CFScript.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet  så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut.

MVH Yoshis

Link to comment
Share on other sites

Antingen felsäkert läge eller så stänga av så många program som möjligt.

Vilket som är enklast kan jag inte svara på, jag vet inte hur lång tid det tar för dig att installera om allt och få datorn som du vill.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...