Just nu i M3-nätverket
Gå till innehåll

lasseboy

Medlem
  • Antal inlägg

    17
  • Gick med

  • Senaste besök

Om lasseboy

  • Medlemstitel
    Användare
  • Födelsedag 1983-04-17

Kontaktinformation

  • Hemsida
    http://www.brudklanningar.nu/webshop

Profil

  • Ort
    borås
  1. Har en platta på jobbet som helt plötsligt inte kommer år internet, vi har 29 st som fungerar utan problem. Jag har fabriksåterställt den och senaste uppdateringarna är gjorda men den fungerar inte på jobbet. Har tagit hem och provat och då fungerar den som vanligt. Har kollat alla blockade enheter i vårt när och den finns inte med. Den får ip adress osv ... Nån som har en ide!? status: ansluten signalstyrka: bra länkhastighet: 15mbit/s frekvens: 2.4Ghz
  2. Tack! Vet du hur det är att jobba mot Den? Tex skriva i en word fil, måste jag dra ner den till skrivbordet eller går det öppna den online och jobba sen bara tycka på spara och vips så är den sparad online
  3. Letar efter en nas som ska fungera som typ dropbox. En moln tjänst där kollegor kan ha sina dokument och komma åt dem vart de än är och jobbar. Gärna så att man även kan ha lösenord på vissa av mapparna som bara visa har tillträde till. Har kollat på WD my cloud 4, men hitta inte mycket info om mjukvaran i den. Tips mottages gärna, samt lite info om just den ni tipsar och vad som är bra med den.
  4. Här kommer loggen när IR stoppar laddning av en enkel pdf fil.: Loggnamn: Application Källa: Application Error Datum: 2012-10-03 16:21:30 Händelse-ID: 1000 Aktivitetskategori:(100) Nivå: Fel Nyckelord: Klassiskt Användare: Saknas Dator: nina-Dator Beskrivning: Felet uppstod i programmet med namn: iexplore.exe, version 9.0.8112.16450, tidsstämpel 0x503723f6 , felet uppstod i modulen med namn: iertutil.dll, version 9.0.8112.16450, tidsstämpel 0x503722ca Undantagskod: 0xc0000005 Felförskjutning: 0x0018921a Process-ID: 0x9b4 Programmets starttid: 0x01cda1725f60b642 Sökväg till program: C:\Program Files (x86)\Internet Explorer\iexplore.exe Sökväg till modul: C:\Windows\syswow64\iertutil.dll Rapport-ID: 9fc89100-0d65-11e2-872c-902b34360bfe Händelsens XML-data: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-10-03T14:21:30.000000000Z" /> <EventRecordID>1520</EventRecordID> <Channel>Application</Channel> <Computer>nina-Dator</Computer> <Security /> </System> <EventData> <Data>iexplore.exe</Data> <Data>9.0.8112.16450</Data> <Data>503723f6</Data> <Data>iertutil.dll</Data> <Data>9.0.8112.16450</Data> <Data>503722ca</Data> <Data>c0000005</Data> <Data>0018921a</Data> <Data>9b4</Data> <Data>01cda1725f60b642</Data> <Data>C:\Program Files (x86)\Internet Explorer\iexplore.exe</Data> <Data>C:\Windows\syswow64\iertutil.dll</Data> <Data>9fc89100-0d65-11e2-872c-902b34360bfe</Data> </EventData> </Event> Inga tool bars enda hon har är babylon men kan inte tänka mig att den skulle stoppa!
  5. Kör med avg free. emn den har jag även på burken brevid och den ska nog inte krånglar, trodde det var routern som stoppade ner laddningen men har nu uteslutiti den med. Ska kolla loggen när jag kommer hem!
  6. Har moderkortets egna program som ska uppdatera, har kört den men den hittar inget nytt, har även hämtat alla uppdateringar för win 7 64 bit.
  7. Plockade ihop en ny dator till frugan, win 7 64 bit. Allt funkar kanon utan ett litet problem som dök upp när jag skulle börja ladda ner div program. I alla webläsare chrome ie 9 och firefox sannar laddning efter nån sek och allt hänger sig. Ctrl del så kan jag stänga av web läsaren. Trodde det hade att göra med att nic går in i vilo läge, men hjälpte inte, hämtade senaste driver hjälper inte. Har läst på nätet om likande problem men inte till nån hjälp. Nån som har tips på vad mer det kan va , vill ej köra en ominstallation av allt då allt funkar prima annars!
  8. Det ser ut som att allt skulle va borta redan hittar inget som startar eller beteer sig konstigt. virustotalen har jag lagt ner för hittar inte de filer längre eller mappar alls, så kan inte öppna dem när jag inte hittar!
  9. TYvärr så blir det ingen logg och det finns inte nån tdsskiller i c. Enda som finns är den mappen jag packat upp. NU hittade jag ett text doc i c : 2011/08/25 12:34:53.0921 0960 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57 2011/08/25 12:34:54.0312 0960 ================================================================================ 2011/08/25 12:34:54.0312 0960 SystemInfo: 2011/08/25 12:34:54.0312 0960 2011/08/25 12:34:54.0312 0960 OS Version: 5.1.2600 ServicePack: 3.0 2011/08/25 12:34:54.0312 0960 Product type: Workstation 2011/08/25 12:34:54.0312 0960 ComputerName: LASSEBOY 2011/08/25 12:34:54.0312 0960 UserName: Administratör 2011/08/25 12:34:54.0312 0960 Windows directory: C:\WINDOWS 2011/08/25 12:34:54.0312 0960 System windows directory: C:\WINDOWS 2011/08/25 12:34:54.0312 0960 Processor architecture: Intel x86 2011/08/25 12:34:54.0312 0960 Number of processors: 1 2011/08/25 12:34:54.0312 0960 Page size: 0x1000 2011/08/25 12:34:54.0312 0960 Boot type: Normal boot 2011/08/25 12:34:54.0312 0960 ================================================================================ 2011/08/25 12:34:55.0812 0960 Initialize success 2011/08/25 12:34:59.0578 3960 ================================================================================ 2011/08/25 12:34:59.0578 3960 Scan started 2011/08/25 12:34:59.0578 3960 Mode: Manual; 2011/08/25 12:34:59.0578 3960 ================================================================================ 2011/08/25 12:35:02.0468 3960 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/08/25 12:35:02.0859 3960 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/08/25 12:35:03.0171 3960 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/08/25 12:35:03.0625 3960 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/08/25 12:35:03.0828 3960 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/08/25 12:35:04.0218 3960 ALCXWDM (9a8aa4df3999bd7c60b90a4e799b1cd0) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/08/25 12:35:04.0750 3960 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys 2011/08/25 12:35:04.0906 3960 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/08/25 12:35:05.0109 3960 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/08/25 12:35:05.0265 3960 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/08/25 12:35:05.0421 3960 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys 2011/08/25 12:35:05.0578 3960 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/08/25 12:35:05.0750 3960 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/08/25 12:35:05.0906 3960 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/08/25 12:35:06.0125 3960 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/08/25 12:35:06.0265 3960 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/08/25 12:35:06.0421 3960 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/08/25 12:35:06.0640 3960 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/08/25 12:35:06.0859 3960 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/08/25 12:35:07.0062 3960 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/08/25 12:35:07.0218 3960 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/08/25 12:35:07.0406 3960 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/08/25 12:35:07.0906 3960 DgiVecp (1ec27a51a2f9df052bc2b4c8376c8fea) C:\WINDOWS\system32\Drivers\DgiVecp.sys 2011/08/25 12:35:08.0062 3960 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/08/25 12:35:08.0265 3960 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys 2011/08/25 12:35:08.0453 3960 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys 2011/08/25 12:35:08.0640 3960 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/08/25 12:35:08.0812 3960 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/08/25 12:35:09.0078 3960 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/08/25 12:35:09.0234 3960 dtscsi (6461e57bb51a848aae26f52427b7cf9e) C:\WINDOWS\System32\Drivers\dtscsi.sys 2011/08/25 12:35:09.0250 3960 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 6461e57bb51a848aae26f52427b7cf9e 2011/08/25 12:35:09.0250 3960 dtscsi - detected LockedFile.Multi.Generic (1) 2011/08/25 12:35:09.0437 3960 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/08/25 12:35:09.0609 3960 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/08/25 12:35:09.0781 3960 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys 2011/08/25 12:35:09.0937 3960 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/08/25 12:35:10.0093 3960 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/08/25 12:35:10.0281 3960 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 2011/08/25 12:35:10.0421 3960 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/08/25 12:35:10.0593 3960 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/08/25 12:35:10.0781 3960 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 2011/08/25 12:35:10.0937 3960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/08/25 12:35:11.0109 3960 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 2011/08/25 12:35:11.0281 3960 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/08/25 12:35:11.0437 3960 hamachi (2deb17cfff838cd3091753269959687b) C:\WINDOWS\system32\DRIVERS\hamachi.sys 2011/08/25 12:35:11.0625 3960 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/08/25 12:35:11.0937 3960 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/08/25 12:35:12.0093 3960 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/08/25 12:35:12.0265 3960 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/08/25 12:35:12.0437 3960 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/08/25 12:35:12.0812 3960 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/08/25 12:35:13.0000 3960 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/08/25 12:35:13.0312 3960 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/08/25 12:35:13.0468 3960 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/08/25 12:35:13.0625 3960 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/08/25 12:35:13.0812 3960 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/08/25 12:35:13.0984 3960 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/08/25 12:35:14.0125 3960 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/08/25 12:35:14.0296 3960 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/08/25 12:35:14.0468 3960 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/08/25 12:35:14.0625 3960 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/08/25 12:35:14.0796 3960 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/08/25 12:35:15.0156 3960 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program\Lavasoft\Ad-Aware\KernExplorer.sys 2011/08/25 12:35:15.0312 3960 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/08/25 12:35:15.0640 3960 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program\LogMeIn\x86\RaInfo.sys 2011/08/25 12:35:15.0812 3960 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys 2011/08/25 12:35:15.0968 3960 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys 2011/08/25 12:35:16.0125 3960 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/08/25 12:35:16.0312 3960 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys 2011/08/25 12:35:16.0468 3960 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/08/25 12:35:16.0625 3960 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/08/25 12:35:16.0765 3960 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys 2011/08/25 12:35:16.0968 3960 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/08/25 12:35:17.0156 3960 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/08/25 12:35:17.0359 3960 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/08/25 12:35:17.0531 3960 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/08/25 12:35:17.0625 3960 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/08/25 12:35:17.0781 3960 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/08/25 12:35:17.0921 3960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/08/25 12:35:18.0078 3960 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/08/25 12:35:18.0250 3960 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/08/25 12:35:18.0390 3960 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/08/25 12:35:18.0593 3960 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/08/25 12:35:18.0781 3960 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/08/25 12:35:18.0953 3960 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/08/25 12:35:19.0093 3960 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/08/25 12:35:19.0250 3960 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/08/25 12:35:19.0406 3960 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/08/25 12:35:19.0625 3960 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/08/25 12:35:19.0812 3960 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/08/25 12:35:20.0015 3960 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/08/25 12:35:20.0218 3960 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/08/25 12:35:20.0421 3960 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/08/25 12:35:20.0578 3960 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/08/25 12:35:20.0750 3960 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/08/25 12:35:20.0937 3960 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/08/25 12:35:21.0093 3960 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/08/25 12:35:21.0265 3960 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/08/25 12:35:21.0421 3960 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/08/25 12:35:21.0578 3960 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/08/25 12:35:21.0843 3960 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/08/25 12:35:21.0984 3960 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/08/25 12:35:22.0515 3960 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/08/25 12:35:22.0671 3960 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/08/25 12:35:22.0828 3960 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/08/25 12:35:22.0937 3960 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/08/25 12:35:23.0437 3960 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/08/25 12:35:23.0625 3960 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/08/25 12:35:23.0812 3960 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/08/25 12:35:23.0968 3960 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/08/25 12:35:24.0125 3960 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/08/25 12:35:24.0328 3960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/08/25 12:35:24.0515 3960 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/08/25 12:35:24.0703 3960 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/08/25 12:35:24.0875 3960 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/08/25 12:35:25.0046 3960 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/08/25 12:35:25.0234 3960 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/08/25 12:35:25.0421 3960 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/08/25 12:35:25.0609 3960 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/08/25 12:35:25.0796 3960 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/08/25 12:35:26.0015 3960 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/08/25 12:35:26.0265 3960 speedfan (d703f972d23867dfd4ee9a9ef9cb767e) C:\WINDOWS\system32\speedfan.sys 2011/08/25 12:35:26.0453 3960 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/08/25 12:35:26.0734 3960 sptd (3820de1c517f1e242aede0e56d8de915) C:\WINDOWS\system32\Drivers\sptd.sys 2011/08/25 12:35:26.0734 3960 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 3820de1c517f1e242aede0e56d8de915 2011/08/25 12:35:26.0750 3960 sptd - detected LockedFile.Multi.Generic (1) 2011/08/25 12:35:26.0921 3960 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/08/25 12:35:27.0109 3960 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/08/25 12:35:27.0312 3960 SSLDrv (dc5014f190776b72a0cb5696184ba864) C:\WINDOWS\system32\DRIVERS\SSLDrv.sys 2011/08/25 12:35:27.0453 3960 StillCam (13a9efc5793bc54563cc149f979d980a) C:\WINDOWS\system32\DRIVERS\serscan.sys 2011/08/25 12:35:27.0687 3960 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/08/25 12:35:27.0843 3960 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/08/25 12:35:28.0000 3960 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/08/25 12:35:28.0421 3960 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/08/25 12:35:28.0562 3960 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/08/25 12:35:28.0765 3960 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/08/25 12:35:28.0937 3960 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/08/25 12:35:29.0093 3960 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/08/25 12:35:29.0468 3960 U6000ALL (8d05125fe197ce6e2440e82e433da4cc) C:\WINDOWS\system32\DRIVERS\U6000ALL.sys 2011/08/25 12:35:29.0625 3960 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/08/25 12:35:29.0937 3960 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/08/25 12:35:30.0171 3960 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/08/25 12:35:30.0328 3960 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/08/25 12:35:30.0500 3960 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/08/25 12:35:30.0687 3960 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/08/25 12:35:30.0875 3960 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/08/25 12:35:31.0031 3960 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/08/25 12:35:31.0250 3960 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/08/25 12:35:31.0437 3960 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/08/25 12:35:31.0609 3960 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/08/25 12:35:31.0765 3960 viagfx (714afec22cc68ce79398b0937925f25a) C:\WINDOWS\system32\DRIVERS\vtmini.sys 2011/08/25 12:35:31.0921 3960 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/08/25 12:35:32.0031 3960 VirtualDK (1ff6617b4887d384741bf856581aa19d) C:\Komku\usb_prep8\vdk.sys 2011/08/25 12:35:32.0234 3960 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/08/25 12:35:32.0421 3960 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/08/25 12:35:32.0640 3960 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/08/25 12:35:32.0906 3960 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/08/25 12:35:33.0156 3960 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/08/25 12:35:33.0312 3960 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/08/25 12:35:33.0531 3960 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/08/25 12:35:33.0734 3960 xmasbus (ddd8286b88fe764ad2a8bd171e7b569a) C:\WINDOWS\system32\DRIVERS\xmasbus.sys 2011/08/25 12:35:33.0906 3960 xmasscsi (2222677f06fb7fbe44b04316437585d2) C:\WINDOWS\system32\Drivers\xmasscsi.sys 2011/08/25 12:35:34.0078 3960 ZD1211U(Acer) (08d3fd0bfcbe97e62afd09e0819cf836) C:\WINDOWS\system32\DRIVERS\zd1211u.sys 2011/08/25 12:35:34.0171 3960 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS 2011/08/25 12:35:34.0218 3960 MBR (0x1B8) (c8919ae61419c5625f9ef0aef12523a8) \Device\Harddisk0\DR0 2011/08/25 12:35:34.0375 3960 Boot (0x1200) (907e0f3de79e1624b755f6ef2ebb2cbe) \Device\Harddisk0\DR0\Partition0 2011/08/25 12:35:34.0375 3960 ================================================================================ 2011/08/25 12:35:34.0375 3960 Scan finished 2011/08/25 12:35:34.0375 3960 ================================================================================ 2011/08/25 12:35:34.0390 1692 Detected object count: 2 2011/08/25 12:35:34.0390 1692 Actual detected object count: 2 2011/08/25 12:35:53.0375 1692 LockedFile.Multi.Generic(dtscsi) - User select action: Skip 2011/08/25 12:35:53.0375 1692 LockedFile.Multi.Generic(sptd) - User select action: Skip 2011/08/25 12:35:58.0750 1256 Deinitialize success
  10. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Administratör at 11:48:17 on 2011-08-25 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1215.475 [GMT 2:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Norman Virus Control ver. 5.90 *Enabled/Outdated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program\Delade filer\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hpb2ksrv.exe C:\WINDOWS\system32\hpbhksrv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\LogMeIn\x86\LMIGuardianSvc.exe C:\Program\LogMeIn\x86\RaMaint.exe C:\Program\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\system32\VTTimer.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Delade filer\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program\LogMeIn\x86\LogMeInSystray.exe C:\Program\Microsoft Office\Office10\WINWORD.EXE C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program\ALWILS~1\Avast5\avastUI.exe C:\Program\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.aftonbladet.se/ mStart Page = hxxp://www.startsearcher.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program\micros~2\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [MsnMsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background uRun: [bitTorrent DNA] "c:\program\dna\btdna.exe" uRun: [VerControl] c:\docume~1\admini~1\lokala~1\tempimg\VerControl.exe uRun: [nds] c:\docume~1\admini~1\lokala~1\tempnd\nds.exe uRun: [gcs] c:\docume~1\admini~1\lokala~1\tempnd\gcs.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [VTTimer] VTTimer.exe mRun: [VTTrayp] VTtrayp.exe mRun: [OpwareSE2] "c:\program\scansoft\omnipagese2.0\OpwareSE2.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [LogMeIn GUI] "c:\program\logmein\x86\LogMeInSystray.exe" mRun: [DAEMON Tools] "c:\program\daemon tools\daemon.exe" -lang 1033 mRun: [Acrobat Assistant 7.0] "c:\program\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [avast5] c:\program\alwils~1\avast5\avastUI.exe /nogui mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime mRun: [ArcSoft Connection Service] c:\program\delade filer\arcsoft\connection service\bin\ACDaemon.exe mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1.win\start-~1\program\autost~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1.win\start-~1\program\autost~1\device~1.lnk - c:\program\arcsoft\mediaconverter 3\Monitor.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://download.akamaitools.com.edgesuite.net/dlmanager/test/site/test2/proxy-test-12141.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://sslvpn.demo.sonicwall.com/XTSAC.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.7.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212501082109 DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://sslvpn.demo.sonicwall.com/NELX.cab DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://sslvpn.demo.sonicwall.com/msrdp.cab DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} - hxxps://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://sslvpn.demo.sonicwall.com/MLWebCacheCleaner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} - hxxp://support.f-secure.com/ols/fscax.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553524000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 192.168.13.2 TCP: Interfaces\{83DC0973-588F-4237-96CD-60C21082183D} : DhcpNameServer = 192.168.13.2 Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\program\wifd1f~1\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administratör\application data\mozilla\firefox\profiles\tggzuf91.default\ FF - prefs.js: browser.startup.homepage - hxxp://sv-SE.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sv-SE:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: TurnTool Viewer: turntoolviewer@turntool.com - %profile%\extensions\turntoolviewer@turntool.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-23 64512] R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2008-10-15 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2008-10-15 5504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-29 294608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-29 17744] R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-6-30 40384] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-4 54752] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program\logmein\x86\rainfo.sys [2008-8-11 12856] R2 WinDefend;Windows Defender;c:\program\windows defender\MsMpEng.exe [2006-11-3 13592] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640] S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 kwwalpgr;kwwalpgr;\??\c:\docume~1\admini~1\lokala~1\temp\kwwalpgr.sys --> c:\docume~1\admini~1\lokala~1\temp\kwwalpgr.sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program\lavasoft\ad-aware\kernexplorer.sys [2011-7-21 15232] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys --> c:\windows\system32\drivers\netaapl.sys [?] S3 osppsvc;Office Software Protection Platform;c:\program\delade filer\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2007-10-24 19376] S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2011-1-20 230784] S3 VirtualDK;VirtualDK;c:\komku\usb_prep8\vdk.sys [2010-10-20 16283] S3 ZD1211U(Acer);Acer WLAN 11g USB adapter(Acer);c:\windows\system32\drivers\ZD1211U.sys [2007-1-15 210944] S4 Nvisubrv;Nvisubrv; [x] . =============== Created Last 30 ================ . 2011-08-24 13:20:13 -------- d-sha-r- C:\cmdcons 2011-08-24 13:15:06 98816 ----a-w- c:\windows\sed.exe 2011-08-24 13:15:06 518144 ----a-w- c:\windows\SWREG.exe 2011-08-24 13:15:06 256000 ----a-w- c:\windows\PEV.exe 2011-08-24 13:15:06 208896 ----a-w- c:\windows\MBR.exe 2011-08-24 13:15:00 -------- d-----w- C:\ComboFix 2011-08-23 20:48:14 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-08-23 13:01:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-08-23 13:01:25 -------- d-----w- c:\program\Lavasoft 2011-08-23 11:53:26 7152464 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\windows defender\definition updates\{56d43e34-2b6e-4977-b0bb-13de27439021}\mpengine.dll 2011-08-13 01:58:09 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-12 12:44:21 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . ==================== Find3M ==================== . 2011-08-23 12:38:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-15 11:08:13 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-07-15 11:08:13 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-01 11:28:16 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:30:56 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:30:56 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:30:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:34 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:44 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35:28 1858944 ----a-w- c:\windows\system32\win32k.sys 2007-03-26 09:50:02 3887104 ----a-w- c:\program\Koin6.exe 2007-03-21 07:06:11 69632 -c--a-w- c:\program\PostImp6.exe 2007-03-21 07:06:11 24576 -c--a-w- c:\program\Almanacka.exe 2007-03-02 16:05:00 290816 -c--a-w- c:\program\Reminder.exe 2007-03-02 09:44:52 237568 ----a-w- c:\program\Convert.dll 2007-02-09 09:48:34 315392 ----a-w- c:\program\Statistik.dll 2006-12-07 09:47:38 49152 ----a-w- c:\program\Kod.dll 2006-12-07 09:46:42 184320 ----a-w- c:\program\ImportK6.dll 2006-11-27 12:34:24 139264 ----a-w- c:\program\vbSendMail.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST380011A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe >>UNKNOWN [0x8978E5D0]<< _asm { MOV EAX, 0x8978e4f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x897910d4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8972EAB8] \Driver\Disk[0x897C6910] -> IRP_MJ_CREATE -> 0x8978E5D0 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\Disk -> 0x8978e5d0 \Driver\atapi -> 0x896417e8 user & kernel MBR OK Warning: possible MBR rootkit infection ! . ============= FINISH: 11:49:24,78 ===============
  11. Har Norman har jag inte haft på 2 år, fattar inte hur den kan hitta den måste bara va en nyckel . har tom sökt efter exe filen för norman men hittar inget. Här kommer log för combo: ComboFix 11-08-24.02 - Administratör 2011-08-24 15:22:09.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1215.686 [GMT 2:00] Körs från: c:\documents and settings\Administratör\Skrivbord\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Norman Virus Control ver. 5.90 *Enabled/Outdated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administratör\GCK.exe c:\documents and settings\Administratör\NDKF.exe c:\documents and settings\All Users.WINDOWS\Application Data\page c:\documents and settings\All Users.WINDOWS\Application Data\page\page.ico c:\documents and settings\All Users.WINDOWS\Application Data\page\page.URL c:\program\FunWebProducts c:\program\MyWebSearch c:\program\MyWebSearch\bar\History\search3 c:\program\MyWebSearch\bar\Settings\s_pid.dat c:\windows\system32\SV c:\windows\system32\SV\microsoft.managementconsole.resources.dll c:\windows\system32\SV\mmcex.resources.dll c:\windows\system32\SV\mmcfxcommon.resources.dll . . ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_IPFW -------\Legacy_IP_FW -------\Service_ip_fw -------\Service_ipfw . . (((((((((((((((((((((((( Filer skapade från 2011-07-24 till 2011-08-24 )))))))))))))))))))))))))))))) . . 2011-08-23 20:48 . 2011-08-23 13:14 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-08-23 13:01 . 2011-07-21 12:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-08-23 13:01 . 2011-08-23 13:01 -------- d-----w- c:\program\Lavasoft 2011-08-23 11:53 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Definition Updates\{56D43E34-2B6E-4977-B0BB-13DE27439021}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-23 12:38 . 2011-05-19 09:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-12 02:44 . 2008-09-29 10:31 7152464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-15 11:08 . 2005-11-18 10:25 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2011-07-15 11:08 . 2005-11-18 10:25 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-01 11:28 . 2011-04-26 11:26 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-24 14:10 . 2005-10-28 10:20 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:30 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:30 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:30 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2007-03-26 09:50 . 2007-03-26 09:50 3887104 ----a-w- c:\program\Koin6.exe 2007-03-21 07:06 . 2007-03-21 07:06 69632 -c--a-w- c:\program\PostImp6.exe 2007-03-21 07:06 . 2007-03-21 07:06 24576 -c--a-w- c:\program\Almanacka.exe 2007-03-02 16:05 . 2007-03-02 16:05 290816 -c--a-w- c:\program\Reminder.exe 2007-03-02 09:44 . 2007-03-02 09:44 237568 ----a-w- c:\program\Convert.dll 2007-02-09 09:48 . 2007-02-09 09:48 315392 ----a-w- c:\program\Statistik.dll 2006-12-07 09:47 . 2006-12-07 09:47 49152 ----a-w- c:\program\Kod.dll 2006-12-07 09:46 . 2006-12-07 09:46 184320 ----a-w- c:\program\ImportK6.dll 2006-11-27 12:34 . 2006-11-27 12:34 139264 ----a-w- c:\program\vbSendMail.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "BitTorrent DNA"="c:\program\DNA\btdna.exe" [2009-11-13 323392] "VerControl"="c:\docume~1\ADMINI~1\LOKALA~1\TempImg\VerControl.exe" [2010-10-04 339968] "nds"="c:\docume~1\ADMINI~1\LOKALA~1\TempNd\nds.exe" [2011-07-10 243520] "gcs"="c:\docume~1\ADMINI~1\LOKALA~1\TempNd\gcs.exe" [2011-07-12 243569] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824] "VTTimer"="VTTimer.exe" [2005-03-08 53248] "VTTrayp"="VTtrayp.exe" [2005-03-11 147456] "OpwareSE2"="c:\program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "LogMeIn GUI"="c:\program\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] "DAEMON Tools"="c:\program\DAEMON Tools\daemon.exe" [2005-11-08 128920] "Acrobat Assistant 7.0"="c:\program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "avast5"="c:\program\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624] "QuickTime Task"="c:\program\QuickTime\qttask.exe" [2010-11-29 421888] "ArcSoft Connection Service"="c:\program\Delade filer\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2011-04-14 421160] "SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users.WINDOWS\Start-meny\Program\Autostart\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2006-3-27 25214] Device Monitor.lnk - c:\program\ArcSoft\MediaConverter 3\Monitor.exe [2011-1-31 139264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-07-15 11:08 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\BitTorrent\\bittorrent.exe"= "c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program\\DNA\\btdna.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-08-23 64512] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-03-27 664064] R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2008-10-15 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2008-10-15 5504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-05-29 294608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-29 17744] R2 BBUpdate;BBUpdate;c:\program\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-30 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program\LogMeIn\x86\rainfo.sys [2008-08-11 12856] R2 WinDefend;Windows Defender;c:\program\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 BBSvc;Bing Bar Update Service;c:\program\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336] S3 kwwalpgr;kwwalpgr;\??\c:\docume~1\ADMINI~1\LOKALA~1\Temp\kwwalpgr.sys --> c:\docume~1\ADMINI~1\LOKALA~1\Temp\kwwalpgr.sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program\Lavasoft\Ad-Aware\kernexplorer.sys [2011-07-21 15232] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys --> c:\windows\system32\DRIVERS\netaapl.sys [?] S3 osppsvc;Office Software Protection Platform;c:\program\Delade filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2007-10-24 19376] S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2011-01-20 230784] S3 ZD1211U(Acer);Acer WLAN 11g USB adapter(Acer);c:\windows\system32\drivers\ZD1211U.sys [2007-01-15 210944] S4 Nvisubrv;Nvisubrv; [x] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Innehåll i mappen 'Schemalagda aktiviteter': . 2011-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 12:59] . 2011-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-08-24 c:\windows\Tasks\MP Scheduled Scan.job - c:\program\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . 2011-08-24 c:\windows\Tasks\User_Feed_Synchronization-{1F28E72B-719E-4AFA-B55C-AB5F16DCCF42}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.aftonbladet.se/ mStart Page = hxxp://www.startsearcher.com uInternet Settings,ProxyOverride = *.local DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://sslvpn.demo.sonicwall.com/MLWebCacheCleaner.cab FF - ProfilePath - c:\documents and settings\Administratör\Application Data\Mozilla\Firefox\Profiles\tggzuf91.default\ FF - prefs.js: browser.startup.homepage - hxxp://sv-SE.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sv-SE:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: TurnTool Viewer: turntoolviewer@turntool.com - %profile%\extensions\turntoolviewer@turntool.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\Java\jre6\lib\deploy\jqs\ff FF - user.js: yahoo.homepage.dontask - true . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-InternetCalls - c:\program\InternetCalls.com\InternetCalls\InternetCalls.exe HKCU-Run-UdubuUpdater - c:\program\FriendsChecker\Updater\Updater.exe HKLM-Run-ISUSPM - c:\program\Delade filer\InstallShield\UpdateService\ISUSPM.exe AddRemove-MessageViewer Pro - c:\program\Encryptomatic . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-24 15:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_USERS\S-1-5-21-1844237615-515967899-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,ba,df,3f,df,20,2d,43,bf,fb,6e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,25,b9,21,78,61,8e,4d,b2,f0,b1,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,ba,df,3f,df,20,2d,43,bf,fb,6e,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "D140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "D140910900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "D140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLL'er som "laddats" under processer som körs --------------------- . - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\LMIinit.dll . - - - - - - - > 'explorer.exe'(520) c:\program\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andra processer som körs ------------------------ . c:\program\Alwil Software\Avast5\AvastSvc.exe c:\program\Delade filer\ArcSoft\Connection Service\Bin\ACService.exe c:\program\Bonjour\mDNSResponder.exe c:\windows\system32\hpb2ksrv.exe c:\windows\system32\hpbhksrv.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program\Java\jre6\bin\jqs.exe c:\program\LogMeIn\x86\RaMaint.exe c:\program\LogMeIn\x86\LogMeIn.exe c:\program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe c:\program\Delade filer\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\wbem\unsecapp.exe c:\program\Lavasoft\Ad-Aware\AAWTray.exe c:\windows\SOUNDMAN.EXE c:\windows\system32\VTTimer.exe c:\windows\system32\VTtrayp.exe c:\program\Delade filer\ArcSoft\Connection Service\Bin\ArcCon.ac c:\program\iPod\bin\iPodService.exe c:\docume~1\ADMINI~1\LOKALA~1\TempNd\ndc.exe c:\docume~1\ADMINI~1\LOKALA~1\TempGgc\ggc.exe . ************************************************************************** . Sluttid: 2011-08-24 15:59:50 - datorn startades om. ComboFix-quarantined-files.txt 2011-08-24 13:59 . Före genomsökningen: 24 138 727 424 byte ledigt Efter genomsökningen: 24 880 156 672 byte ledigt . WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 9A60847FB03B93FDA96AD2BE1388FA43
  12. Tack för detta , men Avast ska kunna plocka bort dessa trojaner, När jag söker efter dem så hittar den dem och tar bort dem , sen startar jag om och de är tillbaks , lägger sig som dolda bilder på skriv bordet, i aktivitetshateraren är det app manger som är i gång men söker man vidare leder dessa till de exe filer. Har skickat den automatiska rapporten för misslyckande, men det kan ju ta hur lång tid som helst innan de hittar vad som är fel när de inte går bort. Tror kanppast jag är den först som har dessa för det finns rätt mycket text om hur de arbetar i datan och vilken skada de gör! Logg: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Administratör at 13:46:00 on 2011-08-24 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1215.396 [GMT 2:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Norman Virus Control ver. 5.90 *Enabled/Outdated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program\Lavasoft\Ad-Aware\AAWService.exe C:\Program\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program\Delade filer\ArcSoft\Connection Service\Bin\ACService.exe C:\Program\Microsoft\BingBar\SeaPort.EXE C:\WINDOWS\Explorer.EXE C:\Program\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\hpb2ksrv.exe C:\WINDOWS\system32\hpbhksrv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\LogMeIn\x86\LMIGuardianSvc.exe C:\Program\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\system32\VTTimer.exe C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program\LogMeIn\x86\LogMeInSystray.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program\Windows Defender\MSASCui.exe C:\Program\Delade filer\Nero\Nero BackItUp 4\NBService.exe C:\Program\ALWILS~1\Avast5\avastUI.exe C:\Program\Delade filer\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Delade filer\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program\DNA\btdna.exe C:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\vcheck.exe C:\DOCUME~1\ADMINI~1\LOKALA~1\TempImg\VerControl.exe C:\DOCUME~1\ADMINI~1\LOKALA~1\TempNd\nds.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\ADMINI~1\LOKALA~1\TempNd\gcs.exe C:\Program\iPod\bin\iPodService.exe C:\Program\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\Administratör\Skrivbord\dds.scr . ============== Pseudo HJT Report =============== . uSearch Page = uStart Page = hxxp://www.aftonbladet.se/ uSearch Bar = mStart Page = hxxp://www.startsearcher.com uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://start.facemoods.com/?a=mse&s={searchTerms}&f=4 uURLSearchHooks: H - No File mURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No File BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program\micros~2\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program\microsoft\bingbar\BingExt.dll" TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [MsnMsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bitTorrent DNA] "c:\program\dna\btdna.exe" uRun: [internetCalls] "c:\program\internetcalls.com\internetcalls\InternetCalls.exe" -nosplash -minimized uRun: [Google Update] "c:\documents and settings\administratör\lokala inställningar\application data\google\update\GoogleUpdate.exe" /c uRun: [vcheck] c:\docume~1\admini~1\lokala~1\temp\vcheck.exe uRun: [VerControl] c:\docume~1\admini~1\lokala~1\tempimg\VerControl.exe uRun: [udubuUpdater] c:\program\friendschecker\updater\Updater.exe uRun: [nds] c:\docume~1\admini~1\lokala~1\tempnd\nds.exe uRun: [gcs] c:\docume~1\admini~1\lokala~1\tempnd\gcs.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [VTTimer] VTTimer.exe mRun: [VTTrayp] VTtrayp.exe mRun: [OpwareSE2] "c:\program\scansoft\omnipagese2.0\OpwareSE2.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [LogMeIn GUI] "c:\program\logmein\x86\LogMeInSystray.exe" mRun: [DAEMON Tools] "c:\program\daemon tools\daemon.exe" -lang 1033 mRun: [Acrobat Assistant 7.0] "c:\program\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [<NO NAME>] mRun: [Windows Defender] "c:\program\windows defender\MSASCui.exe" -hide mRun: [iSUSPM] "c:\program\delade filer\installshield\updateservice\ISUSPM.exe" -scheduler mRun: [avast5] c:\program\alwils~1\avast5\avastUI.exe /nogui mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime mRun: [ArcSoft Connection Service] c:\program\delade filer\arcsoft\connection service\bin\ACDaemon.exe mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1.win\start-~1\program\autost~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1.win\start-~1\program\autost~1\device~1.lnk - c:\program\arcsoft\mediaconverter 3\Monitor.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://download.akamaitools.com.edgesuite.net/dlmanager/test/site/test2/proxy-test-12141.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://sslvpn.demo.sonicwall.com/XTSAC.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.7.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212501082109 DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://sslvpn.demo.sonicwall.com/NELX.cab DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://sslvpn.demo.sonicwall.com/msrdp.cab DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} - hxxps://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://sslvpn.demo.sonicwall.com/MLWebCacheCleaner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} - hxxp://support.f-secure.com/ols/fscax.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553524000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 192.168.13.2 TCP: Interfaces\{83DC0973-588F-4237-96CD-60C21082183D} : DhcpNameServer = 192.168.13.2 Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\program\wifd1f~1\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administratör\application data\mozilla\firefox\profiles\tggzuf91.default\ . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-23 64512] R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2008-10-15 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2008-10-15 5504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-29 294608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-29 17744] R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-6-30 40384] R2 BBUpdate;BBUpdate;c:\program\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-4 54752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program\logmein\x86\rainfo.sys [2008-8-11 12856] R2 WinDefend;Windows Defender;c:\program\windows defender\MsMpEng.exe [2006-11-3 13592] S2 ipfw;ipfw_helper;c:\windows\system32\2104.exe --> c:\windows\system32\2104.exe [?] S3 BBSvc;Bing Bar Update Service;c:\program\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336] S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 ip_fw;ipfw kernel-mode driver;\??\c:\windows\system32\drivers\ip_fw.sys --> c:\windows\system32\drivers\ip_fw.sys [?] S3 kwwalpgr;kwwalpgr;c:\docume~1\admini~1\lokala~1\temp\kwwalpgr.sys [2004-5-6 31232] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program\lavasoft\ad-aware\kernexplorer.sys [2011-7-21 15232] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys --> c:\windows\system32\drivers\netaapl.sys [?] S3 osppsvc;Office Software Protection Platform;c:\program\delade filer\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2007-10-24 19376] S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2011-1-20 230784] S3 VirtualDK;VirtualDK;c:\komku\usb_prep8\vdk.sys [2010-10-20 16283] S3 ZD1211U(Acer);Acer WLAN 11g USB adapter(Acer);c:\windows\system32\drivers\ZD1211U.sys [2007-1-15 210944] S4 Nvisubrv;Nvisubrv; [x] . =============== Created Last 30 ================ . 2011-08-23 20:48:14 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-08-23 13:01:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-08-23 13:01:25 -------- d-----w- c:\program\Lavasoft 2011-08-23 11:53:26 7152464 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\windows defender\definition updates\{56d43e34-2b6e-4977-b0bb-13de27439021}\mpengine.dll 2011-08-13 01:58:09 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-12 12:44:21 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . ==================== Find3M ==================== . 2011-08-23 12:38:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-15 11:08:13 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-07-15 11:08:13 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2011-07-15 10:54:22 640670 ----a-w- c:\documents and settings\administratör\NDKF.exe 2011-07-14 12:24:14 771794 ----a-w- c:\documents and settings\administratör\GCK.exe 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-01 11:28:16 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:30:56 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:30:56 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:30:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:34 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:44 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35:28 1858944 ----a-w- c:\windows\system32\win32k.sys 2007-03-26 09:50:02 3887104 ----a-w- c:\program\Koin6.exe 2007-03-21 07:06:11 69632 -c--a-w- c:\program\PostImp6.exe 2007-03-21 07:06:11 24576 -c--a-w- c:\program\Almanacka.exe 2007-03-02 16:05:00 290816 -c--a-w- c:\program\Reminder.exe 2007-03-02 09:44:52 237568 ----a-w- c:\program\Convert.dll 2007-02-09 09:48:34 315392 ----a-w- c:\program\Statistik.dll 2006-12-07 09:47:38 49152 ----a-w- c:\program\Kod.dll 2006-12-07 09:46:42 184320 ----a-w- c:\program\ImportK6.dll 2006-11-27 12:34:24 139264 ----a-w- c:\program\vbSendMail.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST380011A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe >>UNKNOWN [0x8978E5D0]<< _asm { MOV EAX, 0x8978e4f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x897910d4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8972EAB8] \Driver\Disk[0x897C6910] -> IRP_MJ_CREATE -> 0x8978E5D0 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\Disk -> 0x8978e5d0 \Driver\atapi -> 0x895d6008 user & kernel MBR OK Warning: possible MBR rootkit infection ! . ============= FINISH: 13:48:01,78 ===============
  13. Har otroliga problem med att få bort dessa NDC.EXE och GGC.exe (app manager) Nån som har tips på hur jag ska kunna få bort skiten. Avast klar ej och inte ad aware heller.
  14. Har du avaktiverat uc i vista?
×
×
  • Skapa nytt...