[Ultra]

Hej,

Här kommer lite loggar som jag undrar om de ser "farliga" ut och vad jag bör göra.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Databasversion: v2012.01.23.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Tomas Stenlund :: TOMAS [administratör]

2012-01-23 12:34:14
mbam-log-2012-01-23 (14-17-32).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 191067
Förfluten tid: 6 minut(er), 9 sekund(er)

Upptäckta minnesprocesser: 1
C:\Documents and Settings\Tomas Stenlund\xxlmi91t9w.exe (Trojan.Scar) -> 3216 -> Ingen åtgärd.

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|xxlmi91t9w (Trojan.Scar) -> Data: C:\Documents and Settings\Tomas Stenlund\xxlmi91t9w.exe -> Ingen åtgärd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{95678ACD-AB74-7538-BA75-440222005237} (Trojan.Ransom.BP) -> Data: "C:\Documents and Settings\Tomas Stenlund\Application Data\Exyte\kooglo.exe" -> Ingen åtgärd.

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 2
C:\Documents and Settings\Tomas Stenlund\xxlmi91t9w.exe (Trojan.Scar) -> Ingen åtgärd.
C:\Documents and Settings\Tomas Stenlund\Application Data\Exyte\kooglo.exe (Trojan.Ransom.BP) -> Ingen åtgärd.

(klar)




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Tomas Stenlund at 15:01:14 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1424 [GMT 1:00]
.
AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\Program\Norman\Npm\Bin\elogsvc.exe
C:\Program\Norman\Ngs\Bin\Nnf.exe
C:\Program\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\Norman\Npm\Bin\Zanda.exe
C:\Program\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program\Logitech\MediaLife\MediaLifeService.exe
C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\TOPRO\TPPOLL.EXE
C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe
C:\Program\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program\Norman\Npm\Bin\ZLH.EXE
C:\Program\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
C:\Program\Norman\npf\bin\npfuser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Norman\Npm\Bin\scheduler.exe
C:\Program\Norman\Npm\Bin\Njeeves.exe
C:\Program\Norman\Nse\Bin\NSESVC.EXE
C:\Program\Norman\Nvc\Bin\nvcoas.exe
C:\Program\Norman\Nvc\Bin\Nip.exe
C:\Program\Norman\Nvc\Bin\cclaw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.leta.se/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=54ee21620000000000000013d33c9162&tlver=1.4.19.19&affID=17160
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre1.6.0_07\bin\ssv.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [Google Update] "c:\documents and settings\tomas stenlund\lokala inställningar\application data\google\update\GoogleUpdate.exe" /c
uRun: [Startw3i] c:\program\pc speed maximizer\Startw3i.exe
uRun: [WMPNSCFG] c:\program\windows media player\WMPNSCFG.exe
uRun: [1k0qd29gzp] c:\documents and settings\tomas stenlund\1k0qd29gzp.exe
uRun: [xxlmi91t9w] c:\documents and settings\tomas stenlund\xxlmi91t9w.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMAXPnP] c:\program\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program\analog devices\soundmax\Smax4.exe" /tray
mRun: [KAZAA] "c:\program\kazaa lite k++\kpp.exe" "c:\program\kazaa lite k++\KazaaLite.kpp" /SYSTRAY
mRun: [MediaLifeService] "c:\program\logitech\medialife\MediaLifeService.exe"
mRun: [MMTray] "c:\program\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [mmtask] "c:\program\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [SunJavaUpdateSched] "c:\program\java\jre1.6.0_07\bin\jusched.exe"
mRun: [TPPOLL] c:\program\topro\TPPOLL.EXE
mRun: [nmctxth] "c:\program\delade filer\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1053
mRun: [Norman ZANDA] "c:\program\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\tomass~1\start-~1\program\autost~1\allian~1.lnk - \\bokföring\c\allians\allians\data\AlliansPathfinder.exe
StartupFolder: c:\docume~1\tomass~1\start-~1\program\autost~1\flipto~1.lnk - c:\program\fliptoast\fliptoast.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\acroba~1.lnk - c:\program\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~2.lnk - c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~1.lnk - c:\program\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe
IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program\java\jre1.6.0_07\bin\ssv.dll
LSP: c:\program\norman\ngs\bin\nlf.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127129685578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{188CA1A0-EAC7-42AE-B1A6-AC3854AE4924} : DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program\delade filer\microsoft shared\web folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program\delade filer\pure networks shared\platform\puresp4.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 NGS;Norman General Security Driver;c:\program\norman\ngs\bin\ngs.sys [2010-9-23 26744]
R1 NPROSEC;Norman Security driver;c:\program\norman\ngs\bin\nprosec.sys [2010-9-23 74144]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2010-9-23 378000]
R2 BBDemon;Backbone Service;c:\program\dassault systemes\b20\intel_a\code\bin\CATSysDemon.exe [2010-1-9 36864]
R2 Ndiskio;Ndiskio;c:\program\norman\nse\bin\Ndiskio.sys [2010-9-23 22880]
R2 NNFSVC;Norman Network Filtering service;c:\program\norman\ngs\bin\nnf.exe [2010-9-23 223000]
R2 Norman ZANDA;Norman ZANDA;c:\program\norman\npm\bin\Zanda.exe [2010-5-18 428912]
R2 NPFSvc32;Norman Personal Firewall Service;c:\program\norman\npf\bin\npfsvc32.exe [2010-9-23 290472]
R2 NPROSECSVC;Norman Security service;c:\program\norman\ngs\bin\nprosec.exe [2010-9-23 90144]
R2 nregsec;Norman Registry Security driver;c:\program\norman\ngs\bin\nregsec.sys [2010-9-23 40384]
R2 NVOY;Norman Resource Provider;c:\program\norman\npm\bin\nvoy.exe [2010-9-23 100336]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-9-23 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program\norman\ngs\bin\nnetsecc.sys [2010-8-18 23040]
R3 nsesvc;Norman Scanner Engine Service;c:\program\norman\nse\bin\Nsesvc.exe [2010-9-23 288072]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-9-23 24176]
R3 nvcoas;Norman Virus Control on-access component;c:\program\norman\nvc\bin\Nvcoas.exe [2010-9-23 198168]
R3 Scheduler;Norman Scheduler Service;c:\program\norman\npm\bin\scheduler.exe [2010-9-23 99312]
S3 DCamUSBIntel;Digi-Microscope;c:\windows\system32\drivers\TP6800.SYS [2010-7-7 210924]
S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-24 16688]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-9-2 644096]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-5-3 23040]
.
=============== Created Last 30 ================
.
2023-04-03 13:06:00 135168 ----a-w- c:\windows\system32\vbSendMail.dll
2012-01-23 14:01:14 -------- d--h--w- c:\documents and settings\tomas stenlund\Skrivare
2012-01-23 14:01:14 -------- d-----w- c:\documents and settings\all users\Favoriter
2012-01-16 08:31:48 -------- d-----w- C:\dd65e93db154262c1fe7bb27ba98
2012-01-05 16:34:47 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Tuidgob
2012-01-05 16:34:47 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Exyte
2012-01-04 16:45:07 -------- d-----w- c:\windows\system32\20-20 Technologies
2012-01-03 07:22:02 103864 ----a-w- c:\program\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:54 293376 ----a-w- c:\windows\system32\SET20A.tmp
2011-11-23 14:40:46 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12:55 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22:17 354816 ----a-w- c:\windows\system32\SET204.tmp
2011-11-16 14:22:17 152064 ----a-w- c:\windows\system32\SET203.tmp
2011-11-11 08:02:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07:11 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37:14 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37:14 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:37:13 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:32:19 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49:54 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 15:01:53,71 ===============

[Cecilia]

Första steget är att du låter MBAM ta bort de skadliga filer och registerposter som det har hittat. För att få bort en del annat skadligt i datorn så är ComboFix nästa steg efter en omstart av datorn.

Spara ComboFix på Skrivbordet: http://download.blee...Bs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.
Hur? Se http://www.bleepingc...opic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.
Mer detaljerad vägledning finns på http://www.bleepingc...ix-ska-anvandas

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

[Ultra]

Hej Cecilia,

Har gjort enl. dina instruktioner och här kommer loggen. Datorn startade om av sig själv mitt i men det kanske inte gör nåt.





ComboFix 12-01-23.02 - Tomas Stenlund 2012-01-24 13:35:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1325 [GMT 1:00]
Körs från: c:\documents and settings\Tomas Stenlund\Skrivbord\ComboFix.exe
AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *Disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Tomas Stenlund\1k0qd29gzp.exe
c:\documents and settings\Tomas Stenlund\WINDOWS
c:\documents and settings\Tomas Stenlund\xxlmi91t9w.exe
C:\LOG2945.tmp
c:\windows\bwUnin-7.2.0.137-8876480SL.exe
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\dasetup.log
c:\windows\system\MFC42LOC.DLL
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA4.tmp
c:\windows\system32\SETB0.tmp
c:\windows\system32\SETB2.tmp
c:\windows\system32\SETF7.tmp
.
.
(((((((((((((((((((((((( Filer skapade från 2011-12-24 till 2012-01-24 ))))))))))))))))))))))))))))))
.
.
2023-04-03 13:06 . 2023-04-03 13:06 135168 ----a-w- c:\windows\system32\vbSendMail.dll
2012-01-23 14:01 . 2012-01-23 14:01 -------- d--h--w- c:\documents and settings\Tomas Stenlund\Skrivare
2012-01-23 14:01 . 2012-01-23 14:01 -------- d-----w- c:\documents and settings\All Users\Favoriter
2012-01-16 08:42 . 2012-01-16 08:42 -------- d-----w- c:\documents and settings\Tomas Stenlund\Lokala inställningar\Application Data\PCHealth
2012-01-16 08:31 . 2012-01-16 08:34 -------- d-----w- C:\dd65e93db154262c1fe7bb27ba98
2012-01-05 16:34 . 2012-01-23 11:35 -------- d-----w- c:\documents and settings\Tomas Stenlund\Application Data\Exyte
2012-01-05 16:34 . 2012-01-15 11:47 -------- d-----w- c:\documents and settings\Tomas Stenlund\Application Data\Tuidgob
2012-01-04 16:45 . 2012-01-04 16:45 -------- d-----w- c:\windows\system32\20-20 Technologies
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2010-04-23 12:12 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 19:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-04 19:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-04 19:00 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2004-08-04 19:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2004-08-04 19:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-11 08:02 . 2011-11-11 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07 . 2004-08-04 19:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2004-08-04 19:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2004-08-04 19:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2004-08-04 19:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2004-08-04 19:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:32 . 2004-08-04 19:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 67128]
"WMPNSCFG"="c:\program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"SoundMAXPnP"="c:\program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"MediaLifeService"="c:\program\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 110739]
"MMTray"="c:\program\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-03 135168]
"mmtask"="c:\program\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"SunJavaUpdateSched"="c:\program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TPPOLL"="c:\program\TOPRO\TPPOLL.EXE" [2007-07-31 36864]
"nmctxth"="c:\program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-15 1358384]
"Norman ZANDA"="c:\program\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomas Stenlund\Start-meny\Program\Autostart\
Alliansserver.lnk - \\Bokföring\c\Allians\Allians\Data\AlliansPathfinder.exe [2006-7-12 396288]
fliptoast.lnk - c:\program\fliptoast\fliptoast.exe [N/A]
.
c:\documents and settings\All Users\Start-meny\Program\Autostart\
Acrobat Assistant.lnk - c:\program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-4-17 49254]
Logitech Desktop Messenger.lnk - c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-13 67128]
Logitech SetPoint.lnk - c:\program\Logitech\SetPoint\SetPoint.exe [2007-1-3 450560]
Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Personal.lnk - c:\program\Personal\bin\Personal.exe [2010-5-3 939920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
R1 NGS;Norman General Security Driver;c:\program\Norman\Ngs\Bin\ngs.sys [2010-09-23 26744]
R1 NPROSEC;Norman Security driver;c:\program\Norman\Ngs\Bin\nprosec.sys [2010-09-23 74144]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2010-09-23 378000]
R2 BBDemon;Backbone Service;c:\program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2010-01-09 36864]
R2 Ndiskio;Ndiskio;c:\program\Norman\Nse\Bin\Ndiskio.sys [2010-09-23 22880]
R2 NNFSVC;Norman Network Filtering service;c:\program\Norman\Ngs\Bin\nnf.exe [2010-09-23 223000]
R2 NPFSvc32;Norman Personal Firewall Service;c:\program\Norman\npf\bin\npfsvc32.exe [2010-09-23 290472]
R2 NPROSECSVC;Norman Security service;c:\program\Norman\Ngs\Bin\nprosec.exe [2010-09-23 90144]
R2 nregsec;Norman Registry Security driver;c:\program\Norman\Ngs\Bin\nregsec.sys [2010-09-23 40384]
R2 NVOY;Norman Resource Provider;c:\program\Norman\Npm\Bin\nvoy.exe [2010-09-23 100336]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-09-23 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program\Norman\Ngs\Bin\nnetsecc.sys [2010-08-18 23040]
R3 nsesvc;Norman Scanner Engine Service;c:\program\Norman\Nse\Bin\Nsesvc.exe [2010-09-23 288072]
R3 Scheduler;Norman Scheduler Service;c:\program\Norman\Npm\Bin\scheduler.exe [2010-09-23 99312]
S3 DCamUSBIntel;Digi-Microscope;c:\windows\system32\drivers\TP6800.SYS [2010-07-07 210924]
S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-09-23 24176]
S3 nvcoas;Norman Virus Control on-access component;c:\program\Norman\Nvc\Bin\Nvcoas.exe [2010-09-23 198168]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-05-03 23040]
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-01-24 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-05-21 14:50]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.leta.se/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program\Norman\ngs\bin\nlf.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
HKCU-Run-Startw3i - c:\program\PC Speed Maximizer\Startw3i.exe
HKCU-Run-1k0qd29gzp - c:\documents and settings\Tomas Stenlund\1k0qd29gzp.exe
HKCU-Run-xxlmi91t9w - c:\documents and settings\Tomas Stenlund\xxlmi91t9w.exe
HKLM-Run-KAZAA - c:\program\Kazaa Lite K++\kpp.exe
AddRemove-Download-Manager - c:\program\Download Manager\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'explorer.exe'(2292)
c:\program\Norman\nvc\bin\Niphk.dll
c:\program\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappcfg.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program\Norman\Npm\Bin\elogsvc.exe
c:\program\Norman\Npm\Bin\Zanda.exe
c:\windows\System32\SCardSvr.exe
c:\program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program\Bonjour\mDNSResponder.exe
c:\program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\RUNDLL32.EXE
c:\program\Windows Media Player\WMPNetwk.exe
c:\program\Norman\npf\bin\npfuser.exe
c:\program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
c:\program\iPod\bin\iPodService.exe
c:\program\Norman\Npm\Bin\Njeeves.exe
c:\\Bokföring\c\Allians\Allians\Data\AlliansPathfinder.exe
c:\program\Norman\Nvc\Bin\Nip.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Sluttid: 2012-01-24 13:50:04 - datorn startades om.
ComboFix-quarantined-files.txt 2012-01-24 12:50
.
Före genomsökningen: 30 893 686 784 byte ledigt
Efter genomsökningen: 30 905 864 192 byte ledigt
.
WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C8D04EA0AE7592F296587E31E6933689

[Cecilia]

Kopiera alla rader i rutan:

Killall::
ClearJavaCache::
Folder::
c:\documents and settings\Tomas Stenlund\Application Data\Exyte
c:\documents and settings\Tomas Stenlund\Application Data\Tuidgob

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.
Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.
Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut och nya DDS-loggar (båda två, tack) för genomgång av vad som kvarstår.
Berätta också hur datorn beter sig nu.

[Brynäsarn]

Jag ser i DDS-loggen att du har väldigt gamla java-versioner som har säkehetshål,
avinstallera dessa versioner:

Java 6 TM Update 6
Java 6 TM Update 7

Ladda sedan hem och installera senaste http://www.java.com/sv/ när din dator
är rensad.

Brynäsarn

Inlägget är redigerat av Brynäsarn: 24 jan 2012, 23:56.

[Ultra]

Lite sent men här kommer loggarna:

Datorn har fungerat betydligt bättre redan efter den första "rensningen".


ComboFix 12-01-26.01 - Tomas Stenlund 2012-01-26 14:23:16.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1298 [GMT 1:00]
Körs från: c:\documents and settings\Tomas Stenlund\Skrivbord\ComboFix.exe
Kommandoväxlar som använts :: c:\documents and settings\Tomas Stenlund\Skrivbord\CFScript.txt
AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *Disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tomas Stenlund\Application Data\Exyte
c:\documents and settings\Tomas Stenlund\Application Data\Tuidgob
c:\documents and settings\Tomas Stenlund\Application Data\Tuidgob\ekguce.peb
c:\documents and settings\Tomas Stenlund\Application Data\Tuidgob\ekguce.tmp
.
.
(((((((((((((((((((((((( Filer skapade från 2011-12-26 till 2012-01-26 ))))))))))))))))))))))))))))))
.
.
2023-04-03 13:06 . 2023-04-03 13:06 135168 ----a-w- c:\windows\system32\vbSendMail.dll
2012-01-23 14:01 . 2012-01-23 14:01 -------- d--h--w- c:\documents and settings\Tomas Stenlund\Skrivare
2012-01-23 14:01 . 2012-01-23 14:01 -------- d-----w- c:\documents and settings\All Users\Favoriter
2012-01-16 08:42 . 2012-01-16 08:42 -------- d-----w- c:\documents and settings\Tomas Stenlund\Lokala inställningar\Application Data\PCHealth
2012-01-16 08:31 . 2012-01-16 08:34 -------- d-----w- C:\dd65e93db154262c1fe7bb27ba98
2012-01-04 16:45 . 2012-01-04 16:45 -------- d-----w- c:\windows\system32\20-20 Technologies
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2010-04-23 12:12 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 19:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-04 19:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-04 19:00 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2004-08-04 19:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2004-08-04 19:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-11 08:02 . 2011-11-11 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:29 . 2004-08-04 19:00 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-04 19:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 19:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2004-08-04 19:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2004-08-04 19:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2004-08-04 19:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2004-08-04 19:00 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-24_12.44.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-03 15:29 . 2011-11-03 15:29 386560 c:\windows\system32\dllcache\qdvd.dll
+ 2008-05-07 05:12 . 2011-11-03 15:29 1294336 c:\windows\system32\dllcache\quartz.dll
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 67128]
"WMPNSCFG"="c:\program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"SoundMAXPnP"="c:\program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"MediaLifeService"="c:\program\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 110739]
"MMTray"="c:\program\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-03 135168]
"mmtask"="c:\program\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"SunJavaUpdateSched"="c:\program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TPPOLL"="c:\program\TOPRO\TPPOLL.EXE" [2007-07-31 36864]
"nmctxth"="c:\program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-15 1358384]
"Norman ZANDA"="c:\program\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomas Stenlund\Start-meny\Program\Autostart\
Alliansserver.lnk - \\Bokföring\c\Allians\Allians\Data\AlliansPathfinder.exe [2006-7-12 396288]
fliptoast.lnk - c:\program\fliptoast\fliptoast.exe [N/A]
.
c:\documents and settings\All Users\Start-meny\Program\Autostart\
Acrobat Assistant.lnk - c:\program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-4-17 49254]
Logitech Desktop Messenger.lnk - c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-13 67128]
Logitech SetPoint.lnk - c:\program\Logitech\SetPoint\SetPoint.exe [2007-1-3 450560]
Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Personal.lnk - c:\program\Personal\bin\Personal.exe [2010-5-3 939920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
R1 NGS;Norman General Security Driver;c:\program\Norman\Ngs\Bin\ngs.sys [2010-09-23 26744]
R1 NPROSEC;Norman Security driver;c:\program\Norman\Ngs\Bin\nprosec.sys [2010-09-23 74144]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2010-09-23 378000]
R2 BBDemon;Backbone Service;c:\program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2010-01-09 36864]
R2 Ndiskio;Ndiskio;c:\program\Norman\Nse\Bin\Ndiskio.sys [2010-09-23 22880]
R2 NNFSVC;Norman Network Filtering service;c:\program\Norman\Ngs\Bin\nnf.exe [2010-09-23 223000]
R2 NPFSvc32;Norman Personal Firewall Service;c:\program\Norman\npf\bin\npfsvc32.exe [2010-09-23 290472]
R2 NPROSECSVC;Norman Security service;c:\program\Norman\Ngs\Bin\nprosec.exe [2010-09-23 90144]
R2 nregsec;Norman Registry Security driver;c:\program\Norman\Ngs\Bin\nregsec.sys [2010-09-23 40384]
R2 NVOY;Norman Resource Provider;c:\program\Norman\Npm\Bin\nvoy.exe [2010-09-23 100336]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-09-23 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program\Norman\Ngs\Bin\nnetsecc.sys [2010-08-18 23040]
R3 nsesvc;Norman Scanner Engine Service;c:\program\Norman\Nse\Bin\Nsesvc.exe [2010-09-23 288072]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-09-23 24176]
R3 nvcoas;Norman Virus Control on-access component;c:\program\Norman\Nvc\Bin\Nvcoas.exe [2010-09-23 198168]
R3 Scheduler;Norman Scheduler Service;c:\program\Norman\Npm\Bin\scheduler.exe [2010-09-23 99312]
S3 DCamUSBIntel;Digi-Microscope;c:\windows\system32\drivers\TP6800.SYS [2010-07-07 210924]
S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-05-03 23040]
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-01-26 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-05-21 14:50]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.leta.se/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program\Norman\ngs\bin\nlf.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-26 14:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'explorer.exe'(2748)
c:\program\Norman\nvc\bin\Niphk.dll
c:\program\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappcfg.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program\Norman\Npm\Bin\elogsvc.exe
c:\program\Norman\Npm\Bin\Zanda.exe
c:\windows\System32\SCardSvr.exe
c:\program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program\Bonjour\mDNSResponder.exe
c:\program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program\Analog Devices\SoundMAX\SMAgent.exe
c:\program\Windows Media Player\WMPNetwk.exe
c:\windows\system32\RUNDLL32.EXE
c:\program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
c:\program\iPod\bin\iPodService.exe
c:\program\Norman\Npm\Bin\Njeeves.exe
c:\program\Norman\Nvc\Bin\Nip.exe
c:\program\Norman\Nvc\Bin\cclaw.exe
c:\\Bokföring\c\Allians\Allians\Data\AlliansPathfinder.exe
.
**************************************************************************
.
Sluttid: 2012-01-26 14:41:20 - datorn startades om.
ComboFix-quarantined-files.txt 2012-01-26 13:41
ComboFix2.txt 2012-01-26 13:07
ComboFix3.txt 2012-01-24 12:50
.
Före genomsökningen: 31 636 238 336 byte ledigt
Efter genomsökningen: 31 618 924 544 byte ledigt
.
- - End Of File - - BA1E38DAC9B2DACC4C86590120E3B1D9

Inlägget är redigerat av Ultra: 26 jan 2012, 14:52.

[Ultra]

Här är resten:



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Tomas Stenlund at 14:47:46 on 2012-01-26
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1434 [GMT 1:00]
.
AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\Program\Norman\Npm\Bin\elogsvc.exe
C:\Program\Norman\Ngs\Bin\Nnf.exe
C:\Program\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\Norman\Npm\Bin\Zanda.exe
C:\Program\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program\Logitech\MediaLife\MediaLifeService.exe
C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\TOPRO\TPPOLL.EXE
C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe
C:\Program\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program\Norman\Npm\Bin\ZLH.EXE
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Norman\Npm\Bin\scheduler.exe
C:\Program\Norman\Npm\Bin\Njeeves.exe
C:\Program\Norman\Nse\Bin\NSESVC.EXE
C:\Program\Norman\Nvc\Bin\nvcoas.exe
C:\Program\Norman\Nvc\Bin\Nip.exe
C:\Program\Norman\Nvc\Bin\cclaw.exe
\\Bokföring\c\Allians\Allians\Data\AlliansPathfinder.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.leta.se/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre1.6.0_07\bin\ssv.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [LDM] c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [WMPNSCFG] c:\program\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMAXPnP] c:\program\analog devices\soundmax\SMax4PNP.exe
mRun: [MediaLifeService] "c:\program\logitech\medialife\MediaLifeService.exe"
mRun: [MMTray] "c:\program\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [mmtask] "c:\program\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [SunJavaUpdateSched] "c:\program\java\jre1.6.0_07\bin\jusched.exe"
mRun: [TPPOLL] c:\program\topro\TPPOLL.EXE
mRun: [nmctxth] "c:\program\delade filer\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1053
mRun: [Norman ZANDA] "c:\program\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\tomass~1\start-~1\program\autost~1\allian~1.lnk - \\bokföring\c\allians\allians\data\AlliansPathfinder.exe
StartupFolder: c:\docume~1\tomass~1\start-~1\program\autost~1\flipto~1.lnk - c:\program\fliptoast\fliptoast.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\acroba~1.lnk - c:\program\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~2.lnk - c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~1.lnk - c:\program\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe
IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program\java\jre1.6.0_07\bin\ssv.dll
LSP: c:\program\norman\ngs\bin\nlf.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127129685578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{188CA1A0-EAC7-42AE-B1A6-AC3854AE4924} : DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program\delade filer\microsoft shared\web folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program\delade filer\pure networks shared\platform\puresp4.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 NGS;Norman General Security Driver;c:\program\norman\ngs\bin\ngs.sys [2010-9-23 26744]
R1 NPROSEC;Norman Security driver;c:\program\norman\ngs\bin\nprosec.sys [2010-9-23 74144]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2010-9-23 378000]
R2 BBDemon;Backbone Service;c:\program\dassault systemes\b20\intel_a\code\bin\CATSysDemon.exe [2010-1-9 36864]
R2 Ndiskio;Ndiskio;c:\program\norman\nse\bin\Ndiskio.sys [2010-9-23 22880]
R2 NNFSVC;Norman Network Filtering service;c:\program\norman\ngs\bin\nnf.exe [2010-9-23 223000]
R2 Norman ZANDA;Norman ZANDA;c:\program\norman\npm\bin\Zanda.exe [2010-5-18 428912]
R2 NPFSvc32;Norman Personal Firewall Service;c:\program\norman\npf\bin\npfsvc32.exe [2010-9-23 290472]
R2 NPROSECSVC;Norman Security service;c:\program\norman\ngs\bin\nprosec.exe [2010-9-23 90144]
R2 nregsec;Norman Registry Security driver;c:\program\norman\ngs\bin\nregsec.sys [2010-9-23 40384]
R2 NVOY;Norman Resource Provider;c:\program\norman\npm\bin\nvoy.exe [2010-9-23 100336]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-9-23 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program\norman\ngs\bin\nnetsecc.sys [2010-8-18 23040]
R3 nsesvc;Norman Scanner Engine Service;c:\program\norman\nse\bin\Nsesvc.exe [2010-9-23 288072]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-9-23 24176]
R3 nvcoas;Norman Virus Control on-access component;c:\program\norman\nvc\bin\Nvcoas.exe [2010-9-23 198168]
R3 Scheduler;Norman Scheduler Service;c:\program\norman\npm\bin\scheduler.exe [2010-9-23 99312]
S3 DCamUSBIntel;Digi-Microscope;c:\windows\system32\drivers\TP6800.SYS [2010-7-7 210924]
S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-24 16688]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-9-2 644096]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-5-3 23040]
.
=============== Created Last 30 ================
.
2023-04-03 13:06:00 135168 ----a-w- c:\windows\system32\vbSendMail.dll
2012-01-24 12:30:35 -------- d-sha-r- C:\cmdcons
2012-01-24 12:28:30 98816 ----a-w- c:\windows\sed.exe
2012-01-24 12:28:30 518144 ----a-w- c:\windows\SWREG.exe
2012-01-24 12:28:30 256000 ----a-w- c:\windows\PEV.exe
2012-01-24 12:28:30 208896 ----a-w- c:\windows\MBR.exe
2012-01-23 14:01:14 -------- d--h--w- c:\documents and settings\tomas stenlund\Skrivare
2012-01-23 14:01:14 -------- d-----w- c:\documents and settings\all users\Favoriter
2012-01-16 08:42:35 -------- d-----w- c:\documents and settings\tomas stenlund\lokala inställningar\application data\PCHealth
2012-01-16 08:31:48 -------- d-----w- C:\dd65e93db154262c1fe7bb27ba98
2012-01-04 16:45:07 -------- d-----w- c:\windows\system32\20-20 Technologies
2012-01-03 07:22:02 103864 ----a-w- c:\program\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:54 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40:46 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12:55 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22:17 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22:17 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-11 08:02:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:29:15 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29:15 1294336 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:11 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37:14 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37:14 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:37:13 17408 ----a-w- c:\windows\system32\corpol.dll
.
============= FINISH: 14:48:10,01 ===============

Bifogade filer

•  attach.txt (18,26Kb)
  Antal nedladdningar: 2

[Cecilia]

Skanna datorn online på http://www.eset.com/onlinescan/ innan det är dags för slutstädningen.
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet Remove found threats
Bocka för Scan Archives

Klicka på Advanced Settings
Bocka för:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Klicka på Scan

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

[Ultra]

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=078f50ecbee3e14dae1610092d4e342e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-31 11:50:31
# local_time=2012-01-31 12:50:31 (+0100, Västeuropa, normaltid)
# country="Sweden"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5378 16777189 100 93 4818 103233099 0 0
# compatibility_mode=8192 67108863 100 0 3731 3731 0 0
# scanned=436332
# found=2
# cleaned=0
# scan_time=12672
C:\System Volume Information\_restore{592A3F05-6A58-4395-BDE2-24F5FE0238D7}\RP1933\A0264463.exe a variant of Win32/Kryptik.YVV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{592A3F05-6A58-4395-BDE2-24F5FE0238D7}\RP1937\A0266554.exe Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I

[Cecilia]

Bra!
De där två försvinner under städningen nedan.

Nu återstår bara en sista städomgång:

1.
Tryck Windows-tangenten + R
Kopiera och klistra in denna rad:
ComboFix /Uninstall

Observera att det är ett mellanrum före /
Klicka på OK.

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.
http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och ComboFix m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.
http://mnin.blogspot...iggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/
Din version av Norman verkar rätt gammal. Har du möjlighet att uppgradera den till en nyare? Varje ny version innehåller nya funktioner för att bekämpa mer moderna typer av skadliga program.

[Ultra]

Hej och tack för all hjälp, som vanligt

Behöver jag köra nåt mer efter dina senaste instruktioner så du ser att det ser OK ut?

Jag har även uppdaterat Norman.

[Cecilia]

Alltid trevligt att hjälpa den som uppskattar det

Har du använt Secunias program för att hitta gamla programversioner med säkerhetshål?
Där kan ju finnas fler än de gamla Java-versionerna som Brynäsarn påpekade.

[Ultra]

Nej, jag har inte använt Secunias.

[Cecilia]

Då föreslår jag att du gör det så att du kan fixa nya versioner eller avinstallationer så att det inte är så lätt att infektera datorn. Fråga om det är något som är oklart vid körningen.