Just nu i M3-nätverket
Gå till innehåll

Virus efter uppdatering?


Lina_S

Rekommendera Poster

Hej,

 

Jag befarar att jag har fått virus, eller nåt annat som styr datorn. Det är i alla fall något som stör internet i min dator vilket gör att jag inte kommer ut på internet. De andra datorerna som också är trådlöst anslutna fungerar bra.

 

För ett par dagar sedan klickade jag okej till en uppdatering (som såg ut som andra Microsoft-uppdateringar...). Den handlade om att ta bort skadliga filer...

 

Dagen efter det kom jag inte ut på internet. Jag gjorde då en systemåterställning till ett par dagar tidigare. Jag har nu upprepat proceduren (via guiden "Kör guiden systemåterställning") varje dag i ett par dagar, men nu funkar det inte längre...

 

Jag har hämtat hem de senaste versionerna av Hijack This och Combofix och skickar med loggar. Kanske kan någon se något som ska bort, eller kanske det syns vad som stör så att internet inte funkar.

 

Det trådlösa kortet funkar bra. Jag har teckning och är online, men internetsidorna kan inte visas. Jag scannade datorn med Kaspersky för i förrgår och inget hittades.

 

Tacksam för svar och hjälp!

Lina

 

(Imorgon (tisdag) kommer jag inte hem förrän kl. 21 och kan då skicka nya loggar, scanna mm).

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:12:56, on 2008-07-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program\Delade filer\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe

C:\D-Link\AirPlusG+\AirPlus.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L‰nkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshj‰lpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [GUI] C:\D-Link\AirPlusG+\AirPlus.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJƒNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJƒNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: D-Link AirPlus G+ Wireless Utility.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Konvertera l‰nkmÂl till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera l‰nkmÂl till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera markering till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera valda l‰nkar till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konvertera valda l‰nkar till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bonjour-tj‰nst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program\Delade filer\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 8365 bytes

[/log]

 

[log]ComboFix 08-07-14.2 - Lina 2008-07-14 22:25:06.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.240 [GMT 2:00]

Running from: C:\Documents and Settings\Lina\Skrivbord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))

.

 

2008-07-12 22:14 . 2008-07-14 22:04 <KAT> d-------- C:\Program\Bonjour

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-14 20:04 --------- d-----w C:\Program\QuickTime

2008-07-14 20:01 --------- d-----w C:\Program\SUPERAntiSpyware

2008-07-14 20:01 --------- d-----w C:\Program\Apple Software Update

2008-07-14 20:01 --------- d-----w C:\Documents and Settings\Lina\Application Data\uTorrent

2008-07-14 20:01 --------- d-----w C:\Documents and Settings\Lina\Application Data\dvdcss

2008-07-14 18:25 --------- d-----w C:\Documents and Settings\Lina\Application Data\AVG7

2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock(2)(2).dll

2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\system32\dnsapi(2)(2).dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 18:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-19 05:12 --------- d-----w C:\Documents and Settings\Lina\Application Data\AdobeUM

2008-05-18 20:28 --------- d-----w C:\Program\Delade filer\Adobe

2008-05-11 05:56 109,232 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_10_23_39_45_small.dmp.zip

2008-05-07 05:16 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2007-02-13 10:28 16,760 ----a-w C:\Documents and Settings\Lina\Application Data\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:35 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-02-10 10:27 4501504]

"GUI"="C:\D-Link\AirPlusG+\AirPlus.exe" [2005-08-24 21:01 1474560]

"AVG7_CC"="C:\Program\Grisoft\AVGFRE~1\avgcc.exe" [2008-06-28 00:59 580096]

"Zone Labs Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 00:38 968696]

"Acrobat Assistant 7.0"="C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]

"AppleSyncNotifier"="C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"nwiz"="nwiz.exe" [2003-02-10 10:27 323584 C:\WINDOWS\system32\nwiz.exe]

"PCTVOICE"="pctspk.exe" [2002-07-18 17:58 163840 C:\WINDOWS\system32\pctspk.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

"AVG7_Run"="C:\Program\Grisoft\AVGFRE~1\avgw.exe" [2007-10-30 10:26 219136]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartAdobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe [2007-12-19 07:32:32 25214]

D-Link AirPlus G+ Wireless Utility.lnk - C:\D-Link\AirPlusG+\AirPlus.exe [2006-11-14 12:28:07 1474560]

Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program\SUPERAntiSpyware\SASSEH.DLL" [2008-05-23 06:24 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 14:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2008-04-23 02:08 483328 C:\Program\Adobe\Acrobat 7.0\Distillr\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-05-12 00:12 49152 C:\Program\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]

--a------ 2005-06-01 19:35 49152 C:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Program\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Program\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 02:11 132496 C:\Program\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2008-07-12 10:39 1506544 C:\Program\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Grisoft\\AVG Free\\avginet.exe"=

"C:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe"=

"C:\\Program\\Grisoft\\AVG Free\\avgcc.exe"=

"C:\\Program\\Grisoft\\AVG Free\\avgemc.exe"=

"C:\\Program\\Delade filer\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"C:\\Program\\uTorrent\\utorrent.exe"=

"C:\\Program\\SmartFTP Client 2.0\\SmartFTP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\iTunes\\iTunes.exe"=

"C:\\Program\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25850:TCP"= 25850:TCP:utorrent

 

R0 Vvoice;W2k Vvoice;C:\WINDOWS\system32\DRIVERS\vvoice.sys [2002-11-06 16:23]

R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPLUS_XP.sys [2004-10-25 13:38]

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-07-12 20:00:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program\Apple Software Update\SoftwareUpdate.exe

"2008-07-13 10:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"

- C:\Program\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 22:28:26

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

**************************************************************************

.

Completion time: 2008-07-14 22:35:28

ComboFix-quarantined-files.txt 2008-07-14 20:34:23

 

Pre-Run: 524,943,360 byte ledigt

Post-Run: 829,849,600 byte ledigt

 

130 --- E O F --- 2008-07-14 05:02:45

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Jag ser att du har en gammal Java-version som kan innehålla säkerhetshål,

föreslår att du laddar hem och installerar uppdaterad Java http://www.java.com/sv/ Avinstallera sedan den gamla i Lägg till eller

ta bort program

 

Länk till kommentar
Dela på andra webbplatser

Jag ser att du har ZoneAlarm, det är nog där problemet ligger. Se:

//eforum.idg.se/viewmsg.asp?EntriesId=1064248#1064511

 

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...