Antimalware Doctor samt Trojan som Norton inte får bort

Sida 1 av 1

Du kan inte starta en ny tråd
Du kan inte svara i tråden

#1
fanny_

Nykomling

Grupp: Medlemmar
Inlägg: 5
Gick med: 2010-08-29

Skrivet 30 aug 2010, 19:31

Hej,

Jag fick ner Antimalware Doctor i lördags kväll och verkar nu äntligen ha fått bort den m.hj.a. bleepings guide. Hade problem med internet explorer först, men har åtgärdat det också genom att ändra proxy-inställningarna enligt en guide på malwarebytes hemsida.

När jag körde mbam igårkväll hittade den inget, däremot hittade Norton idag en trojan som den inte kan åtgärda.

Vad jag undrar är om datorn är helt fri från Antimalware Doctor samt hur jag ska få bort den här trojanen?

Skulle verkligen uppskatta hjälp med det här, tack så hemskt mycket på förhand!

#2
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 558
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 30 aug 2010, 21:54

Själva Antimalware Doctor är väl borta men samtidigt som det installeras brukar det installeras andra skadliga filer som BleepingComputers guide inte tar bort. Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.
http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.
Tryck Yes/Ja om frågan om Optional Scan dyker upp.
I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Det vore också väldigt bra om du kunde få fram information (logg, resultat) från Norton där det framgår vilken fil den anser vara skadlig, i vilken mapp filen finns samt vad för sorts skadlighet som finns i filen.

#3
fanny_

Nykomling

Grupp: Medlemmar
Inlägg: 5
Gick med: 2010-08-29

Skrivet 31 aug 2010, 16:09

Tusen tack för att du tar dig tid Cecilia, jag uppskattar det verkligen.

Här är loggen från DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by Fanny at 16:49:52,13 on 2010-08-31
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.46.1053.18.3069.1566 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Spotify\spotify.exe
C:\Users\Fanny\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cnnb
uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
mURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Verktygsfalt Sök - c:\programdata\aol\ietoolbar\resources\sv-se\local\search.html
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: La&dda ner allt med BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Ladda ner alla &videor med BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: Ladda ner med &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll/206
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\fanny\appdata\roaming\mozilla\firefox\profiles\8vfwcfar.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2008-7-21 15416]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-8-30 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-8-30 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-10 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-8-30 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100827.001\IDSvix86.sys [2010-8-29 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-8-30 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys [2010-8-30 339504]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f691e717\AEstSrv.exe [2008-7-21 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-8-30 126392]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-3-26 90112]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-7 341328]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-23 52736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-30 102448]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-1 81296]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-7 193840]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2010-3-26 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2010-3-26 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2010-3-26 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2010-3-26 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2010-3-26 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2010-3-26 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2010-3-26 116904]

=============== Created Last 30 ================

2010-08-29 22:14:13 0 d-----w- c:\program files\Secunia
2010-08-29 17:33:02 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-29 17:33:02 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-29 17:33:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-29 17:33:00 0 d-----w- c:\program files\Symantec
2010-08-29 17:30:41 0 d-----w- c:\windows\system32\drivers\NIS
2010-08-29 17:30:35 0 d-----w- c:\program files\Norton Internet Security
2010-08-29 17:21:20 0 d-----w- c:\program files\NortonInstaller
2010-08-29 16:54:08 0 d-----w- c:\program files\ESET
2010-08-29 12:33:11 0 d-----w- c:\users\fanny\appdata\roaming\Malwarebytes
2010-08-29 12:32:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 12:32:34 0 d-----w- c:\programdata\Malwarebytes
2010-08-29 12:32:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 12:32:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-28 21:29:17 0 d-----w- c:\programdata\PCSettings
2010-08-28 21:26:56 0 d-----w- c:\programdata\NortonInstaller
2010-08-28 20:40:40 0 d-----w- c:\users\fanny\appdata\roaming\D105D5B7B51DFA27E7C5E71E44711C22
2010-08-11 15:47:56 274432 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 15:47:46 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 15:47:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 15:47:38 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:47:37 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 15:47:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 15:47:27 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:47:27 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:47:23 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys

==================== Find3M ====================

2010-08-30 15:20:42 80612 ----a-w- c:\windows\system32\perfc00B.dat
2010-08-30 15:20:42 77100 ----a-w- c:\windows\system32\perfc006.dat
2010-08-30 15:20:42 76390 ----a-w- c:\windows\system32\perfc014.dat
2010-08-30 15:20:42 597836 ----a-w- c:\windows\system32\perfh01D.dat
2010-08-30 15:20:42 454842 ----a-w- c:\windows\system32\perfh006.dat
2010-08-30 15:20:42 443832 ----a-w- c:\windows\system32\perfh014.dat
2010-08-30 15:20:42 427118 ----a-w- c:\windows\system32\perfh00B.dat
2010-08-30 15:20:42 117416 ----a-w- c:\windows\system32\perfc01D.dat
2010-08-28 21:31:21 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-28 21:31:21 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-28 21:31:21 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-28 16:17:26 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-15 16:10:01 18006 ----a-w- c:\windows\DIIUnin.dat
2010-06-15 00:19:03 249856 ------w- c:\windows\Setup1.exe
2010-06-15 00:18:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-06-14 23:07:26 94208 ----a-w- c:\windows\DIIUnin.exe
2010-06-14 23:07:26 2829 ----a-w- c:\windows\DIIUnin.pif
2010-06-14 21:00:10 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-06-14 21:00:10 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-06-14 21:00:10 12067 ----atw- c:\windows\system32\SIntf16.dll
2008-10-06 21:17:59 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-07 01:56:33 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2008-06-07 01:56:33 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2008-06-07 01:56:33 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2008-06-07 01:56:33 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2008-06-07 01:48:25 35166 ----a-w- c:\windows\inf\perflib\0414\perfd.dat
2008-06-07 01:48:25 35166 ----a-w- c:\windows\inf\perflib\0414\perfc.dat
2008-06-07 01:48:25 294254 ----a-w- c:\windows\inf\perflib\0414\perfi.dat
2008-06-07 01:48:25 294254 ----a-w- c:\windows\inf\perflib\0414\perfh.dat
2008-06-07 01:40:43 36790 ----a-w- c:\windows\inf\perflib\040b\perfd.dat
2008-06-07 01:40:43 36790 ----a-w- c:\windows\inf\perflib\040b\perfc.dat
2008-06-07 01:40:43 274158 ----a-w- c:\windows\inf\perflib\040b\perfi.dat
2008-06-07 01:40:43 274158 ----a-w- c:\windows\inf\perflib\040b\perfh.dat
2008-06-07 01:33:03 36364 ----a-w- c:\windows\inf\perflib\0406\perfd.dat
2008-06-07 01:33:03 36364 ----a-w- c:\windows\inf\perflib\0406\perfc.dat
2008-06-07 01:33:03 300302 ----a-w- c:\windows\inf\perflib\0406\perfi.dat
2008-06-07 01:33:03 300302 ----a-w- c:\windows\inf\perflib\0406\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-16 17:59:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041620100417\index.dat

============= FINISH: 16:53:08,10 ===============

Det här är vad jag hittade i Nortons historik:

c:\users\fanny\downloads\age of empires 2 & the conquerors expansion - full game - [sotegihe].rar
____________________________
____________________________
På datorer per den
2010-04-10 på 00:36:34
Senast använd:
2010-08-29 på 02:12:07
Startfil: Nej
Startad: Nej
____________________________
____________________________
Många användare
Tusentals användare i Norton Community har använt den här filen.
____________________________
Hög
Den här filrisken är hög.
____________________________
Information om hot
Program som smittar andra program, filer eller sektorer i datorn genom att infoga eller bifoga sig självt till det mediet.
____________________________
Ursprung

Nedladdad från Ej tillgängligt.
____________________________
Webbadressen är inte tillgänglig
EJ TESTAD

Källa
age of empires 2 & the conquerors expansion - full game - [sotegihe].rar
____________________________
Filåtgärder
mythxpak.exe
[Finns i] c:\users\fanny\downloads\age of empires 2 & the conquerors expansion - full game - [sotegihe].rar
Smittade
____________________________
Filens fingeravtryck:
48d319adeee7efe5b512faf7caae52ca4677c6711a495f95c287513a66287f00
____________________________

Bifogade filer

Attach.txt (7,31Kb)
Antal nedladdningar: 22

#4
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 558
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 31 aug 2010, 17:41

Spara ComboFix på Skrivbordet:
http://download.blee...Bs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.
Hur? Se http://www.bleepingc...opic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

-------------------

c:\users\fanny\downloads\age of empires 2 & the conquerors expansion - full game - [sotegihe].rar
Ser ut som något crackat spel. Det är nog bara att ta bort filen med Datorn/Utforskaren.

Det är gamla Java-versioner med säkerhetshål i datorn. Installera en ny från http://www.java.com/sv/ och därefter avinstallera följande när inga webbläsare är igång:
Java™ 6 Update 5
VLC är en gammal version med säkerhetshål också.

Avinstallera Softonic_English Toolbar pga http://www.systemloo...tbSof1_dll.html

2010-08-29 16:54:08 0 d-----w- c:\program files\ESET
Har Eset/Nod32 funnits i datorn förut men har nu avinstallerats? I så fall kan du ta bort mappen.

#5
fanny_

Nykomling

Grupp: Medlemmar
Inlägg: 5
Gick med: 2010-08-29

Skrivet 02 sep 2010, 17:45

Ursäkta att det tagit tid att svara, jag har inte haft tid att ta tag i det förrän idag. Har tagit bort det crackade spelet och Eset, samt installerat ny java. Körde sen en systemsökning med Norton och den hittade ingenting, är det fortfarande nödvändigt att köra ComboFix?

Har inaktiverat Softonic men hittade inte var jag skulle avinstallera det?

#6
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 558
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 02 sep 2010, 21:15

Jag vet förstås inte hur det är i din dator, men i andra datorer där man tagit bort själva Antimalware Doctor med MBAM och antivirusprogrammet inte hittar något så har det ändå gått att se skadliga filer i ComboFix-loggen.

Vad finns det i mappen
2010-08-28 20:40:40 0 d-----w- c:\users\fanny\appdata\roaming\D105D5B7B51DFA27E7C5E71E44711C22 ?

Softonic_English Toolbar borde gå att avinstallera på vanligt sätt i Program och funktioner.

#7
fanny_

Nykomling

Grupp: Medlemmar
Inlägg: 5
Gick med: 2010-08-29

Skrivet 02 sep 2010, 21:52

Okej, då ska jag köra ComboFix. Hittar dock inte hur jag avaktiverar Norton, i länken du skickade fanns bara guide till Norton Internet Security 2008, jag har 2010 och det ser inte likadant ut. Hittar iaf inte det det står i guiden. Om man högerklickar på ikonen kan man avaktivera 'Antivirus Auto-Protect', räcker det?

I mappen 2010-08-28 20:40:40 0 d-----w- c:\users\fanny\appdata\roaming\D105D5B7B51DFA27E7C5E71E44711C22 finns ett textdokument som heter enemies-names samt 2 konfigurationsinställningsfiler, en heter local och en lsrslt. Jag vet inte vad det är för något, står att det är senast ändrat samtidigt som jag fick viruset i lördags.

#8
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 558
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 02 sep 2010, 22:11

Citat

Om man högerklickar på ikonen kan man avaktivera 'Antivirus Auto-Protect', räcker det?

Ja, det borde räcka.

Det där är filer som hör ihop med infektionen. ComboFix tar troligen bort dem.

#9
fanny_

Nykomling

Grupp: Medlemmar
Inlägg: 5
Gick med: 2010-08-29

Skrivet 05 sep 2010, 12:18

Tack så mycket Cecilia, här är loggen från ComboFix:

ComboFix 10-08-31.01 - Fanny 2010-09-05 12:38:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.46.1053.18.3069.1639 [GMT 2:00]
Körs från: c:\users\Fanny\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Skapade en ny återställningspunkt
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpeB40C.dll
c:\users\Fanny\AppData\Local\Windows Server
c:\users\Fanny\AppData\Local\Windows Server\server.dat
c:\users\Fanny\AppData\Roaming\D105D5B7B51DFA27E7C5E71E44711C22
c:\users\Fanny\AppData\Roaming\D105D5B7B51DFA27E7C5E71E44711C22\enemies-names.txt
c:\users\Fanny\AppData\Roaming\D105D5B7B51DFA27E7C5E71E44711C22\local.ini
c:\users\Fanny\AppData\Roaming\D105D5B7B51DFA27E7C5E71E44711C22\lsrslt.ini
c:\users\Fanny\bitcomet_setup.exe

.
(((((((((((((((((((((((( Filer Skapade från 2010-08-05 till 2010-09-05 ))))))))))))))))))))))))))))))
.

2010-09-05 10:59 . 2010-09-05 11:01 -------- d-----w- c:\users\Fanny\AppData\Local\temp
2010-09-05 10:59 . 2010-09-05 10:59 -------- d-----w- c:\users\Others\AppData\Local\temp
2010-09-05 10:59 . 2010-09-05 10:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-02 19:55 . 2010-09-04 19:46 -------- d-----w- c:\users\Fanny\AppData\Local\Apple Computer
2010-09-01 15:19 . 2010-09-01 15:19 -------- d-----w- c:\users\Fanny\AppData\Local\Apple
2010-09-01 13:49 . 2010-09-01 13:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-30 15:17 . 2010-08-30 15:17 -------- d-----w- c:\users\Public\CyberLink
2010-08-29 22:14 . 2010-08-29 22:14 -------- d-----w- c:\program files\Secunia
2010-08-29 17:33 . 2010-08-29 17:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-29 17:33 . 2010-08-29 17:33 -------- d-----w- c:\program files\Symantec
2010-08-29 17:30 . 2010-08-30 17:30 -------- d-----w- c:\windows\system32\drivers\NIS
2010-08-29 17:30 . 2010-08-29 17:30 -------- d-----w- c:\program files\Norton Internet Security
2010-08-29 17:21 . 2010-08-29 17:52 -------- d-----w- c:\program files\NortonInstaller
2010-08-29 16:54 . 2010-08-29 16:54 -------- d-----w- c:\program files\ESET
2010-08-29 12:33 . 2010-08-29 12:33 -------- d-----w- c:\users\Fanny\AppData\Roaming\Malwarebytes
2010-08-29 12:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 12:32 . 2010-08-29 12:32 -------- d-----w- c:\programdata\Malwarebytes
2010-08-29 12:32 . 2010-08-29 12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 12:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-28 21:29 . 2010-08-28 21:29 -------- d-----w- c:\programdata\PCSettings
2010-08-28 21:26 . 2010-08-29 17:07 -------- d-----w- c:\programdata\NortonInstaller
2010-08-28 20:41 . 2010-08-29 09:52 -------- d-----w- c:\users\Fanny\AppData\Local\swjjhfujy
2010-08-28 20:41 . 2010-08-29 16:30 -------- d-----w- c:\users\Fanny\AppData\Local\Windows
2010-08-21 10:00 . 2010-08-21 10:00 -------- d-----w- c:\users\Others\AppData\Local\Mozilla
2010-08-11 15:47 . 2010-06-11 15:31 274432 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 15:47 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 15:47 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 15:47 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:47 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 15:47 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 15:47 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:47 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:47 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-09 17:09 . 2010-08-09 17:09 -------- d-----w- c:\users\Fanny\AppData\Local\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 10:28 . 2009-03-15 12:17 -------- d-----w- c:\users\Fanny\AppData\Roaming\Spotify
2010-09-03 12:42 . 2010-03-03 18:14 -------- d-----w- c:\users\Fanny\AppData\Roaming\BitComet
2010-09-01 13:50 . 2008-06-07 04:54 -------- d-----w- c:\program files\Common Files\Java
2010-09-01 13:48 . 2008-06-07 04:54 -------- d-----w- c:\program files\Java
2010-08-30 15:20 . 2008-06-07 01:57 597836 ----a-w- c:\windows\system32\perfh01D.dat
2010-08-30 15:20 . 2008-06-07 01:57 117416 ----a-w- c:\windows\system32\perfc01D.dat
2010-08-30 15:20 . 2008-06-07 01:49 76390 ----a-w- c:\windows\system32\perfc014.dat
2010-08-30 15:20 . 2008-06-07 01:49 443832 ----a-w- c:\windows\system32\perfh014.dat
2010-08-30 15:20 . 2008-06-07 01:41 80612 ----a-w- c:\windows\system32\perfc00B.dat
2010-08-30 15:20 . 2008-06-07 01:41 427118 ----a-w- c:\windows\system32\perfh00B.dat
2010-08-30 15:20 . 2008-06-07 01:33 77100 ----a-w- c:\windows\system32\perfc006.dat
2010-08-30 15:20 . 2008-06-07 01:33 454842 ----a-w- c:\windows\system32\perfh006.dat
2010-08-29 22:08 . 2008-06-07 03:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-29 17:33 . 2010-08-29 17:33 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-29 17:33 . 2010-08-29 17:33 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-29 17:30 . 2009-12-14 23:35 -------- d-----w- c:\programdata\Norton
2010-08-28 21:42 . 2008-06-07 03:25 -------- d-----w- c:\programdata\Symantec
2010-08-28 19:11 . 2008-12-02 15:14 680 ----a-w- c:\users\Fanny\AppData\Local\d3d9caps.dat
2010-08-27 20:31 . 2008-10-09 19:39 -------- d-----w- c:\users\Fanny\AppData\Roaming\Skype
2010-08-27 14:16 . 2008-10-09 19:42 -------- d-----w- c:\users\Fanny\AppData\Roaming\skypePM
2010-08-26 10:21 . 2008-12-25 01:57 -------- d-----w- c:\program files\Tibia
2010-08-20 22:18 . 2010-03-18 12:52 -------- d-----w- c:\users\Fanny\AppData\Roaming\dvdcss
2010-08-12 01:14 . 2008-10-04 21:15 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 01:04 . 2008-11-23 17:15 -------- d-----w- c:\programdata\Microsoft Help
2010-08-12 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-28 16:17 . 2010-08-11 15:48 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-11 15:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-15 16:10 . 2010-06-14 23:07 18006 ----a-w- c:\windows\DIIUnin.dat
2010-06-15 00:19 . 2010-06-15 00:19 249856 ------w- c:\windows\Setup1.exe
2010-06-15 00:18 . 2010-06-15 00:18 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-06-14 23:07 . 2010-06-14 23:07 94208 ----a-w- c:\windows\DIIUnin.exe
2010-06-14 23:07 . 2010-06-14 23:07 2829 ----a-w- c:\windows\DIIUnin.pif
2010-06-14 21:00 . 2010-04-09 18:40 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-06-14 21:00 . 2010-04-09 18:40 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-06-14 21:00 . 2010-04-09 18:40 12067 ----atw- c:\windows\system32\SIntf16.dll
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"BrowserChoice"="c:\windows\System32\browserchoice.exe" [2010-02-12 293376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 01:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-11-20 14:44 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-10-01 16:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 21:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 12:06 485208 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-02 01:42 554288 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-05-15 05:56 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-03-27 09:53 21898024 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 09:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 11:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-01-17 19:31 1033512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-04-16 18:52 442433 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-04-01 21:38 319792 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [2010-08-09 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100903.003\IDSvix86.sys [2010-06-17 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-29 102448]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-08-30 c:\windows\Tasks\Norton Internet Security - Kör fullständig systemsökning - Fanny.job
- c:\program files\Norton Internet Security\Engine\17.7.0.12\navw32.exe [2010-08-29 05:34]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cnnb
IE: &AOL Verktygsfalt Sök - c:\programdata\AOL\ieToolbar\resources\sv-SE\local\search.html
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: La&dda ner allt med BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Ladda ner alla &videor med BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Ladda ner med &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Fanny\AppData\Roaming\Mozilla\Firefox\Profiles\8vfwcfar.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICY ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 13:01
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Sluttid: 2010-09-05 13:12:44
ComboFix-quarantined-files.txt 2010-09-05 11:12

Före genomsökningen: 66 496 286 720 byte ledigt
Efter genomsökningen: 63 308 816 384 byte ledigt

- - End Of File - - 8A21ED24777CFFE24DE9B4F33692F1EA

#10
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 558
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 05 sep 2010, 12:49

Och där försvann lite till.

Vad finns i dessa mappar?
2010-08-28 20:41 . 2010-08-29 09:52 -------- d-----w- c:\users\Fanny\AppData\Local\swjjhfujy
2010-08-28 20:41 . 2010-08-29 16:30 -------- d-----w- c:\users\Fanny\AppData\Local\Windows

Sida 1 av 1

Du kan inte starta en ny tråd
Du kan inte svara i tråden