Hijacklo

August 12, 2010

Hejsan, jag har lite virus/trojanproblem på min laptop och skulle vara tacksam om någon här kunde ta en titt på min hijackthislogg:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:44:42, on 2010-08-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG9\avgchsvx.exe

C:\Program\AVG\AVG9\avgrsx.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Telenor\Connection Manager\Sesam\BIN\SecMIPService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\AVG\AVG9\avgnsx.exe

C:\Program\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

C:\Program\AVG\AVG9\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program\Telenor\Connection Manager\Connection Manager.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\LAUNCH~1\LManager.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\igfxext.exe

C:\Documents and Settings\Mag\Lokala inställningar\Application Data\gvkdwsula\ouvwubitssd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\iPod\bin\iPodService.exe

C:\DOCUME~1\Mag\LOKALA~1\Temp\RtkBtMnt.exe

C:\Program\CheckPoint\ZAForceField\ForceField.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=0&o=xph&d=0409&m=doa150'>http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=0&o=xph&d=0409&m=doa150

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=0&o=xph&d=0409&m=doa150

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program\ZoneAlarm\tbZone.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG9\avgssie.dll

O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program\ZoneAlarm\tbZone.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program\ZoneAlarm\tbZone.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program\Realtek\Audio\Drivers\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\Program\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe

O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\Program\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iSW] "C:\Program\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

O4 - HKLM\..\Run: [sjyxmoiq] C:\Documents and Settings\Mag\Lokala inställningar\Application Data\gvkdwsula\ouvwubitssd.exe

O4 - HKLM\..\Run: [lijyxvnd] C:\Documents and Settings\Mag\Lokala inställningar\Application Data\pjccwlifr\odqaawytssd.exe

O4 - HKLM\..\Run: [sta] rundll32 "husap.dll",,Run

O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\uusap.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sjyxmoiq] C:\Documents and Settings\Mag\Lokala inställningar\Application Data\gvkdwsula\ouvwubitssd.exe

O4 - HKCU\..\Run: [lijyxvnd] C:\Documents and Settings\Mag\Lokala inställningar\Application Data\pjccwlifr\odqaawytssd.exe

O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop-hanteraren 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GTMM Device Service - Option nv - C:\Program\Telenor\Connection Manager\GtmmDeviceService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Sesam Control Service (SesamService) - Swisscom - C:\Program\Telenor\Connection Manager\Sesam\BIN\SecMIPService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: wwanSvc - Unknown owner - C:\Program\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

--

End of file - 11835 bytes

Tackar!

August 12, 2010

Hej,

en DDS logg ger betydligt mer information än HiJack This.

Läs igenom och ge oss så mycket info du kan.

För att du ska få så bra hjälp som möjligt så är det bra om nedanstående information finns i ditt inlägg.

Beskriv noga vad du har för problem med datorn, varför du tror eller vet att det finns skadliga program i datorn.

Om något antivirus- eller antispionprogram har hittat något skadligt så klistra in en logg där det framgår vad som har hittats och vilka filer och mappar som är inblandade.

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

Mvh

Mats H

August 12, 2010

Hej, tack för ditt svar!

Problem jag upplever är felmeddelanden när jag startar upp, en .dll som tydligen saknas. Dessutom så börjar mitt AVG antivirus och zone alarm brandvägg varna för trojaner och okända program.

AVG har följande i sitt "vault"

"Infection";"Trojan horse Dropper.Generic2.AHER";"c:\Documents and Settings\Mag\Lokala inställningar\Temp\753410.exe";"";"2010-08-10, 21:14:21"

"Infection";"Trojan horse BackDoor.Generic12.CEEJ";"c:\Documents and Settings\Mag\Lokala inställningar\Temp\8556799.exe";"";"2010-08-10, 21:14:22"

"Infection";"Trojan horse Generic18.BJMB";"c:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\1IC9GD1T\secureapp70700[1].exe";"";"2010-08-10, 21:14:23"

"Infection";"Trojan horse Generic18.BFEE";"c:\Documents and Settings\Mag\Lokala inställningar\Temp\9218.exe";"";"2010-08-10, 21:14:24"

"Infection";"Trojan horse Downloader.Generic9.CFQM";"c:\Documents and Settings\Mag\Lokala inställningar\Temp\532.exe";"";"2010-08-10, 21:14:25"

"Infection";"Trojan horse Generic18.AQRH";"c:\WINDOWS\system32\dusap.dll";"";"2010-08-10, 21:14:30"

"PUP";"Adware Generic4.AKPT";"c:\WINDOWS\system32\husap.dll";"";"2010-08-10, 21:14:31"

"Infection";"Trojan horse Generic18.BJMB";"c:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\1IC9GD1T\secureapp70700[2].exe";"";"2010-08-10, 21:14:32"

"Infection";"Trojan horse Generic18.BJMB";"c:\Documents and Settings\Mag\Application Data\FCD4057AB9E5D43C034BD3A2FDF29011\secureapp70700.exe";"";"2010-08-10, 21:20:21"

"Infection";"Trojan horse Generic18.BJMB";"c:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\1IC9GD1T\secureapp70700[1].exe";"";"2010-08-10, 21:24:46"

"Infection";"Trojan horse Downloader.Generic_c.BOC";"c:\WINDOWS\system32\uusap.exe";"";"2010-08-10, 21:45:49"

"Infection";"Trojan horse SHeur3.ARPA";"C:\DOCUME~1\Mag\LOKALA~1\Temp\xmeaonwcrs.tmp";"";"2010-08-10, 21:51:26"

"Warning";"Found registry key with reference to infected file C:\DOCUME~1\Mag\LOKALA~1\Temp\xmeaonwcrs.tmp";"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\lsdefrag";"";"2010-08-10, 21:51:26"

"Infection";"Trojan horse Generic18.BJMB";"C:\Documents and Settings\Mag\Application Data\FCD4057AB9E5D43C034BD3A2FDF29011\secureapp70700.exe";"";"2010-08-10, 21:58:09"

"Infection";"Trojan horse BackDoor.Generic12.CEEJ";"C:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\9EKAQOPQ\backbot[1].exe";"";"2010-08-10, 22:00:42"

"Infection";"Trojan horse Generic18.BFEE";"C:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\9EKAQOPQ\new[1].exe";"";"2010-08-10, 22:00:54"

"Infection";"Trojan horse Dropper.Generic2.AHER";"C:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\9EKAQOPQ\pr[1].exe";"";"2010-08-10, 22:00:55"

"Infection";"Trojan horse Downloader.Generic9.CFQM";"C:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\L67PTF10\rp020832[1].exe";"";"2010-08-10, 22:01:43"

"Infection";"Trojan horse BackDoor.Generic12.CEEJ";"c:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\1IC9GD1T\backbot[1].exe";"";"2010-08-12, 20:32:49"

"Infection";"Trojan horse Downloader.Agent2.AAMI";"c:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\1IC9GD1T\loaderadv600[1].exe";"";"2010-08-12, 20:32:57"

"Infection";"Trojan horse Downloader.Generic9.CFQM";"c:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\1IC9GD1T\rp020832[1].exe";"";"2010-08-12, 20:33:07"

"Infection";"Trojan horse Downloader.Agent2.AAMI";"c:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\9EKAQOPQ\loaderadv600[1].exe";"";"2010-08-12, 20:34:01"

"Infection";"Trojan horse Generic18.BLTW";"c:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\9EKAQOPQ\kofmhoahpk[1].htm";"";"2010-08-12, 20:34:01"

"Infection";"Trojan horse Generic18.BMMR";"c:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\9EKAQOPQ\sjnvpnidk[1].htm";"";"2010-08-12, 20:34:02"

"Infection";"Trojan horse Generic18.BMGP";"c:\Documents and Settings\Mag\Lokala inställningar\Temporary Internet Files\Content.IE5\FE0PJA1N\imhbjepxrz[3].htm";"";"2010-08-12, 20:34:34"

"Infection";"Trojan horse Downloader.Generic9.CFQM";"c:\Documents and Settings\Mag\Lokala inställningar\Temp\75181.exe";"";"2010-08-12, 20:35:40"

"Infection";"Trojan horse BackDoor.Generic12.CEEJ";"c:\Documents and Settings\Mag\Lokala inställningar\Temp\559288.exe";"";"2010-08-12, 20:35:40"

"Infection";"Trojan horse Generic18.BLTW";"c:\Documents and Settings\Mag\Lokala inställningar\Temp\llipk.exe";"";"2010-08-12, 20:35:40"

"Infection";"Trojan horse Generic18.BMHL";"c:\Documents and Settings\Mag\Lokala inställningar\Application Data\gvkdwsula\ouvwubitssd.exe";"";"2010-08-12, 21:45:52"

DDS-logg:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Mag at 21:48:30,23 on 2010-08-12

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1012.221 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\AVG\AVG9\avgchsvx.exe

svchost.exe

C:\Program\AVG\AVG9\avgrsx.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Telenor\Connection Manager\Sesam\BIN\SecMIPService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\AVG\AVG9\avgnsx.exe

C:\Program\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

C:\Program\AVG\AVG9\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program\Telenor\Connection Manager\Connection Manager.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\LAUNCH~1\LManager.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\iPod\bin\iPodService.exe

C:\DOCUME~1\Mag\LOKALA~1\Temp\RtkBtMnt.exe

C:\Program\CheckPoint\ZAForceField\ForceField.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\Mag\LOKALA~1\Temp\12620.exe

C:\Documents and Settings\Mag\Mina dokument\Hämtade filer\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=0&o=xph&d=0409&m=doa150

uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=0&o=xph&d=0409&m=doa150

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program\zonealarm\tbZone.dll

mWinlogon: Taskman=c:\documents and settings\mag\application data\ohydy.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg9\avgssie.dll

BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program\zonealarm\tbZone.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\googletoolbar1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\3.1.415.1646\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\googletoolbar1.dll

TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program\zonealarm\tbZone.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [<NO NAME>]

uRun: [skype] "c:\program\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [sjyxmoiq] c:\documents and settings\mag\lokala inställningar\application data\gvkdwsula\ouvwubitssd.exe

uRun: [lijyxvnd] c:\documents and settings\mag\lokala inställningar\application data\pjccwlifr\odqaawytssd.exe

uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AzMixerSel] c:\program\realtek\audio\drivers\AzMixerSel.exe

mRun: [synTPEnh] c:\program\synaptics\syntp\SynTPEnh.exe

mRun: [LManager] c:\program\launch~1\LManager.exe

mRun: [Google Desktop Search] "c:\program\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [PLFSetL] c:\windows\PLFSetL.exe

mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [AVG9_TRAY] c:\program\avg\avg9\avgtray.exe

mRun: [ZoneAlarm Client] "c:\program\zone labs\zonealarm\zlclient.exe"

mRun: [iSW] "c:\program\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [sjyxmoiq] c:\documents and settings\mag\lokala inställningar\application data\gvkdwsula\ouvwubitssd.exe

mRun: [lijyxvnd] c:\documents and settings\mag\lokala inställningar\application data\pjccwlifr\odqaawytssd.exe

mRun: [sta] rundll32 "husap.dll",,Run

mRun: [MChk] c:\windows\system32\uusap.exe

mRun: [Microsoft Driver Setup] c:\windows\cfdrive32.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

mExplorerRun: [Microsoft Driver Setup] c:\windows\cfdrive32.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\program\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mag\applic~1\mozilla\firefox\profiles\bqxpcojq.default\

FF - component: c:\program\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll

FF - component: c:\program\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\mag\application data\mozilla\firefox\profiles\bqxpcojq.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\program\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-28 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-28 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-28 243024]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-27 532224]

R2 avg9emc;AVG Free E-mail Scanner;c:\program\avg\avg9\avgemc.exe [2010-7-28 921952]

R2 avg9wd;AVG Free WatchDog;c:\program\avg\avg9\avgwdsvc.exe [2010-7-28 308136]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]

R2 SesamService;Sesam Control Service;c:\program\telenor\connection manager\sesam\bin\SecMIPService.exe [2008-5-9 1216296]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R2 wwanSvc;wwanSvc;c:\program\sony ericsson\sony ericsson md400 wireless modem\wwanSvc.exe [2008-10-14 106496]

R3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [2008-10-17 33664]

R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\drivers\wtsmpadap.sys [2008-4-29 39720]

R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\drivers\wtsmpflt.sys [2008-4-29 272424]

S3 GoogleDesktopManager-080708-050100;Google Desktop-hanteraren 5.7.808.7150;c:\program\google\google desktop search\GoogleDesktop.exe [2009-1-20 24064]

S3 GTMM Device Service;GTMM Device Service;c:\program\telenor\connection manager\GtmmDeviceService.exe [2008-11-26 106496]

S3 seu3bus;Sony Ericsson MD400g Mobile Broadband Composite Device driver (WDM);c:\windows\system32\drivers\seu3bus.sys [2008-8-13 307200]

S3 seu3card;Sony Ericsson MD400g Device Mgmt;c:\windows\system32\drivers\seu3card.sys [2008-8-13 380800]

S3 seu3mdfl;Sony Ericsson MD400g Mobile Broadband Modem Filter;c:\windows\system32\drivers\seu3mdfl.sys [2008-8-13 14976]

S3 seu3mdfl2;Sony Ericsson MD400g Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\seu3mdfl2.sys [2008-8-13 14976]

S3 seu3mdm;Sony Ericsson MD400g Mobile Broadband Modem Driver;c:\windows\system32\drivers\seu3mdm.sys [2008-8-13 389376]

S3 seu3mdm2;Sony Ericsson MD400g Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\seu3mdm2.sys [2008-8-13 434176]

S3 seu3nd5;Sony Ericsson MD400g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\seu3nd5.sys [2008-8-13 25984]

S3 seu3unic;Sony Ericsson MD400g Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\seu3unic.sys [2008-8-13 405504]

S3 Sony_EricssonWWSC;Sony Ericsson PC SC Port;c:\windows\system32\drivers\seu3scard.sys [2008-8-8 24232]

=============== Created Last 30 ================

2010-08-12 17:46:47 122880 --sh--r- c:\windows\cfdrive32.exe

2010-08-12 17:43:39 0 d-----w- c:\program\Trend Micro

2010-08-12 17:31:22 0 d-----w- c:\program\CCleaner

2010-08-10 18:14:20 0 d--h--w- C:\$AVG

2010-08-10 18:13:21 111616 --sh--r- c:\docume~1\mag\applic~1\ohydy.exe

2010-08-10 18:12:18 0 d-----w- c:\docume~1\mag\applic~1\FCD4057AB9E5D43C034BD3A2FDF29011

2010-08-06 12:45:55 0 d-----w- c:\program\AviSynth 2.5

2010-08-06 12:45:38 0 d-----w- c:\program\Red Kawa

2010-07-29 09:15:42 0 d-----w- c:\docume~1\mag\applic~1\CheckPoint

2010-07-29 09:15:17 0 d-----w- c:\program\Conduit

2010-07-29 09:15:15 0 d-----w- c:\program\ZoneAlarm

2010-07-29 09:14:57 0 d-----w- c:\program\CheckPoint

2010-07-28 12:49:24 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-28 12:49:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-28 12:49:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-28 12:48:58 0 d-----w- c:\windows\system32\drivers\Avg

2010-07-28 12:44:04 0 d-----w- c:\program\AVG

2010-07-28 12:43:33 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

==================== Find3M ====================

2010-07-29 09:14:49 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-07-22 19:18:34 84026 ----a-w- c:\windows\system32\perfc01D.dat

2010-07-22 19:18:34 444892 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-23 10:51:22 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2009-04-27 18:16:12 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012009042720090428\index.dat

============= FINISH: 21:51:32,73 ===============

August 12, 2010

Hej,

starta i FelSäkert läge med nätverk, logga in som administratör.

Installera Malwarebytes' Anti-Malware

kör en snabbskanner, följ programmets instruktioner,återkom med en logg,

hittas under fliken loggar.

Om det inte går att installera eller köra, återkom direkt.

Bifoga också filen Attach.txt från din DDS körning.

Mvh

Mats H

August 12, 2010

Hej,

starta i FelSäkert läge med nätverk, logga in som administratör.

Installera Malwarebytes' Anti-Malware

kör en snabbskanner, följ programmets instruktioner,återkom med en logg,

hittas under fliken loggar.

Om det inte går att installera eller köra, återkom direkt.

Bifoga också filen Attach.txt från din DDS körning.

Mvh

Mats H

Beklagar att mitt svar dröjt, men här kommer iaf loggen från malware

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4422

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

2010-08-12 23:14:53

mbam-log-2010-08-12 (23-14-53).txt

Scan type: Quick scan

Objects scanned: 137120

Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 8

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 11

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lijyxvnd (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sjyxmoiq (Rogue.AntivirusSuite.Gen) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Worm.Palevo) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> No action taken.

C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

Files Infected:

C:\Documents and Settings\Mag\Lokala inställningar\Application Data\pjccwlifr\odqaawytssd.exe (Trojan.FakeAlert) -> No action taken.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun. -> No action taken.

C:\Documents and Settings\Mag\Lokala inställningar\Temp\218.exe (Backdoor.Agent) -> No action taken.

C:\Documents and Settings\Mag\Lokala inställningar\Temp\311.exe (Malware.Packer.Gen) -> No action taken.

C:\Documents and Settings\Mag\Lokala inställningar\Temp\74566.exe (Backdoor.Agent) -> No action taken.

C:\Documents and Settings\Mag\Lokala inställningar\Temp\9393.exe (Malware.Packer.Gen) -> No action taken.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> No action taken.

C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> No action taken.

C:\Documents and Settings\Administratör\Application Data\ohydy.exe (Worm.Palevo) -> No action taken.

C:\Documents and Settings\Mag\Application Data\ohydy.exe (Worm.Palevo) -> No action taken.

C:\WINDOWS\cfdrive32.exe (Worm.Palevo) -> No action taken.

Jag hade möjlighet att ta bort dessa filer, ska jag göra det eller vänta?

August 12, 2010

Hej,

ja låt Malwarebytes avsluta sitt jobb!

Kör sedan en ny DDS. Utan att du behöver bifoga ny Attach.txt.

Mvh

Mats H

August 12, 2010

Hej,

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.

Se MBAM loggen, innebär att smitta förs över via USB anslutna enheter, minnen, Externa diskar, mobiler, allt som varit i kontakt med denna dator.

Om du flyttat filer till andra datorer med USB minne t.ex så måste den andra datorn också köra detta program och rensa sina USB externt anslutna enheter.

Du behöver köra detta program med: http://download.blee...Disinfector.exe

Citerar sidan, hoppas att engelska går bra, annars fråga:

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Mvh

Mats H

August 12, 2010

Hej,

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.

Se MBAM loggen, innebär att smitta förs över via USB anslutna enheter, minnen, Externa diskar, mobiler, allt som varit i kontakt med denna dator.

Om du flyttat filer till andra datorer med USB minne t.ex så måste den andra datorn också köra detta program och rensa sina USB externt anslutna enheter.

Du behöver köra detta program med: http://download.blee...Disinfector.exe

Citerar sidan, hoppas att engelska går bra, annars fråga:

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings

The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.

Wait until it has finished scanning and then exit the program.

Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Mvh

Mats H

Det där lät ju mindre kul, men nödvändigt! Har ett minne och en extern hårddisk som jag flyttat filer mellan denna laptop och jobbpcn. Blir till att köra detta program på samtliga imorgon.

här är en ny dds-logg. Efter att jag tog bort filerna så har inte datorn visat tecken på virus längre vilket är positivt:).

DDS (Ver_10-03-17.01) - NTFSx86

Run by Mag at 23:51:27,87 on 2010-08-12

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1012.360 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\AVG\AVG9\avgchsvx.exe

C:\Program\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Telenor\Connection Manager\Sesam\BIN\SecMIPService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\AVG\AVG9\avgnsx.exe

C:\Program\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\AVG\AVG9\avgemc.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\LAUNCH~1\LManager.exe

C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program\iPod\bin\iPodService.exe

C:\DOCUME~1\Mag\LOKALA~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program\CheckPoint\ZAForceField\ForceField.exe

C:\Program\Telenor\Connection Manager\GlobeTrotter Launcher.exe

C:\Program\Telenor\Connection Manager\Connection Manager.exe

C:\Program\Skype\Plugin Manager\skypePM.exe