Just nu i M3-nätverket
Gå till innehåll

Norton Security Scan


Jiger

Rekommendera Poster

Hej igen,

 

MBAM är självklart uppdaterad.

Här kommer Combofix.txt:

 

[log]ComboFix 09-02-11.03 - Jan G Romander 2009-02-12 15:11:46.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1982.1597 [GMT 1:00]

Körs från: d:\installationsfiler\ComboFix.exe

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)

FW: ZoneAlarm Security Suite Firewall *enabled*

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\mdm.exe

c:\windows\system32\tmp.reg

H:\Autorun.inf

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-01-12 till 2009-02-12 ))))))))))))))))))))))))))))))

.

 

2009-02-12 13:58 . 2009-02-12 13:58 311,840 a c:\windows\eFaxView.exe

2009-02-12 11:45 . 2009-02-12 01:51 15,688 a c:\windows\system32\lsdelete.exe

2009-02-11 22:05 . 2009-02-12 12:59 12,875 a c:\windows\system32\oodbs.lor

2009-02-11 20:47 . 2009-02-11 20:47 <KAT> d c:\program\MSECache

2009-02-11 20:29 . 2009-02-11 20:29 <KAT> d c:\program\OO Software

2009-02-11 20:13 . 2009-02-11 20:17 <KAT> d c:\program\FileZilla FTP Client

2009-02-11 19:29 . 2009-02-12 01:47 <KAT> dh-c- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-02-11 19:19 . 2009-02-12 01:39 <KAT> dc- c:\windows\system32\DRVSTORE

2009-02-11 18:09 . 2009-02-11 20:17 <KAT> d c:\documents and settings\Jan G Romander\Application Data\FileZilla

2009-02-11 18:09 . 2009-02-11 18:09 <KAT> d C:\Celest

2009-01-16 21:31 . 2009-01-16 21:31 3,594,752 a c:\windows\system32\SET208.tmp

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-12 14:16 60,101,920 sha-w c:\windows\system32\drivers\fidbox.dat

2009-02-12 13:54 - d-w c:\documents and settings\Jan G Romander\Application Data\MailWasherPro

2009-02-12 13:51 - d-w c:\documents and settings\Jan G Romander\Application Data\GetRight

2009-02-12 12:01 - d-a-w c:\documents and settings\All Users\Application Data\TEMP

2009-02-12 10:24 812,132 sha-w c:\windows\system32\drivers\fidbox.idx

2009-02-12 09:25 - d-w c:\program\Delade filer\Symantec Shared

2009-02-12 00:47 - d-w c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-12 00:33 - d-w c:\program\Malwarebytes' Anti-Malware

2009-02-11 23:38 - d-w c:\documents and settings\All Users\Application Data\WinZip

2009-02-11 18:14 - d-w c:\program\Delade filer\Wise Installation Wizard

2009-02-11 17:49 - d-w c:\documents and settings\Jan G Romander\Application Data\Azureus

2009-02-11 09:19 38,496 a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 15,504 a-w c:\windows\system32\drivers\mbam.sys

2009-01-19 18:25 5,328,946 a-w c:\windows\Internet Logs\tvDebug.zip

2008-12-29 10:57 - d-w c:\program\Shield

2008-12-28 16:52 88,103,542 a-w C:\BackupRegistry(20081228).reg

2008-12-27 15:58 - d-w c:\documents and settings\Jan G Romander\Application Data\Malwarebytes

2008-12-27 15:58 - d-w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-27 15:53 - d-w c:\documents and settings\Jan G Romander\Application Data\ByteCrusher

2008-12-27 12:49 - d-w c:\program\Java

2008-12-26 12:32 - d-w c:\program\Delade filer\Adobe AIR

2008-12-26 09:17 - d-w c:\documents and settings\Jan G Romander\Application Data\Skinux

2008-12-22 15:21 - d-w c:\documents and settings\Jan G Romander\Application Data\iolo

2008-12-22 11:41 262,144 a-w C:\ntuser.dat

2008-12-22 10:31 - d-w c:\documents and settings\Jan G Romander\Application Data\Canneverbe_Limited

2008-12-22 09:53 - d-w c:\documents and settings\All Users\Application Data\FLEXnet

2008-12-22 09:46 - d-w c:\program\Adobe Media Player

2008-12-22 09:45 - d-w c:\program\Delade filer\Adobe

2008-12-22 09:39 - d-w c:\program\Delade filer\Macrovision Shared

2008-12-19 14:37 - d-w c:\documents and settings\Jan G Romander\Application Data\Ashampoo

2008-12-19 14:37 - d-w c:\documents and settings\All Users\Application Data\ashampoo

2008-12-17 19:28 - d-w c:\program\Zone Labs

2008-12-11 00:33 86,016 a-w c:\windows\system32\dpl100.dll

2008-12-11 00:33 200,704 a-w c:\windows\system32\dtu100.dll

2008-12-09 02:28 593,920 a-w c:\windows\system32\dpuGUI11.dll

2008-12-09 02:28 57,344 a-w c:\windows\system32\dpv11.dll

2008-12-09 02:28 344,064 a-w c:\windows\system32\dpus11.dll

2008-12-09 02:28 294,912 a-w c:\windows\system32\dpu11.dll

2008-12-04 15:44 935,776 a-w c:\windows\system32\Incinerator.dll

2008-11-18 10:51 8,192 a-w c:\windows\system32\smrgdf.exe

2008-07-16 18:15 60,744 a-w c:\documents and settings\Jan G Romander\g2mdlhlpx.exe

1999-03-12 00:44 99,840 a-w c:\program\Delade filer\IRAABOUT.DLL

1998-12-09 07:53 70,144 a-w c:\program\Delade filer\IRAMDMTR.DLL

1998-12-09 07:53 48,640 a-w c:\program\Delade filer\IRALPTTR.DLL

1998-12-09 07:53 31,744 a-w c:\program\Delade filer\IRAWEBTR.DLL

1998-12-09 07:53 186,368 a-w c:\program\Delade filer\IRAREG.DLL

1998-12-09 07:53 17,920 a-w c:\program\Delade filer\IRASRIAL.DLL

2006-11-03 06:48 108 sha-r c:\windows\neoqaz2.dll

2008-07-03 15:03 952 sha-w c:\windows\system32\KGyGaAvL.sys

2008-06-19 12:29 32,768 sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008061920080620\index.dat

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF]

@="{3E57A8B6-849B-476E-A3E9-CFCE49E3662A}"

[HKEY_CLASSES_ROOT\CLSID\{3E57A8B6-849B-476E-A3E9-CFCE49E3662A}]

2005-11-14 20:18 2465792 a d:\program\PixVue.Com\PixVue\bin\PixVue.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & IPTC]

@="{E3F36090-0540-418f-8136-074D5B255B59}"

[HKEY_CLASSES_ROOT\CLSID\{E3F36090-0540-418f-8136-074D5B255B59}]

2005-11-14 20:18 2465792 a d:\program\PixVue.Com\PixVue\bin\PixVue.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP]

@="{E1C1BE26-35A8-4999-A3A6-235CB7BD558B}"

[HKEY_CLASSES_ROOT\CLSID\{E1C1BE26-35A8-4999-A3A6-235CB7BD558B}]

2005-11-14 20:18 2465792 a d:\program\PixVue.Com\PixVue\bin\PixVue.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP & IPTC]

@="{2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51}"

[HKEY_CLASSES_ROOT\CLSID\{2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51}]

2005-11-14 20:18 2465792 a d:\program\PixVue.Com\PixVue\bin\PixVue.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue IPTC]

@="{BCA5FB3A-9FC1-4465-ACE3-8C2072449164}"

[HKEY_CLASSES_ROOT\CLSID\{BCA5FB3A-9FC1-4465-ACE3-8C2072449164}]

2005-11-14 20:18 2465792 a d:\program\PixVue.Com\PixVue\bin\PixVue.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP]

@="{F0C13C81-FB8D-464e-873F-F8FF999E3EEC}"

[HKEY_CLASSES_ROOT\CLSID\{F0C13C81-FB8D-464e-873F-F8FF999E3EEC}]

2005-11-14 20:18 2465792 a d:\program\PixVue.Com\PixVue\bin\PixVue.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP & IPTC]

@="{0117FFFB-91FD-414E-AC34-A00531032006}"

[HKEY_CLASSES_ROOT\CLSID\{0117FFFB-91FD-414E-AC34-A00531032006}]

2005-11-14 20:18 2465792 a d:\program\PixVue.Com\PixVue\bin\PixVue.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Creative Detector"="d:\program\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"Norton Protection Status"="d:\program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" [2005-11-03 95832]

"Shield Tray"="c:\program\Shield\shieldtray.exe" [2008-02-21 3391488]

"AntiTracks"="d:\program\Anti Tracks\AntiTracks.exe" [2007-10-18 1298432]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Net iD"="c:\windows\system32\iid.exe" [2008-02-22 74992]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-20 196608]

"Dimension4"="d:\program\D4\D4.exe" [2004-02-04 200704]

"ZoneAlarm Client"="c:\program\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

"'Ashampoo AntiSpyWare 2 Guard'"="d:\program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2009-01-14 2347352]

"AdobeCS4ServiceManager"="c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]

"shield"="c:\program\Shield\shieldtray.exe" [2008-02-21 3391488]

"WinPatrol"="d:\program\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]

"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]

"Ad-Watch"="d:\program\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-12 509784]

"VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe]

"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]

"Tweak UI"="TWEAKUI.CPL" [1996-09-28 c:\windows\system32\TWEAKUI.CPL]

"SoundMan"="SOUNDMAN.EXE" [2005-09-22 c:\windows\soundman.exe]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Jan G Romander\Start-meny\Program\AutostartAtomTime Pro.lnk - d:\program\AtomTime Pro\AtomTime.EXE [2006-11-29 396316]

Filhanteraren.lnk - d:\program\zabkat\xplorer2\xplorer2_UC.exe [2009-01-10 842752]

MailWasherPro.lnk - d:\program\MailWasher Pro\MailWasher.exe [2006-11-29 18120904]

Norton System Doctor.LNK - d:\program\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [2005-11-03 83632]

Outlook Express.lnk - c:\program\Outlook Express\msimn.exe [2008-03-13 60416]

Outlook.lnk - c:\windows\Installer\{0000041D-78E1-11D2-B60F-006097C998E7}\outicon.exe [2008-03-17 104960]

Personal.lnk - c:\program\Personal\bin\Personal.exe [2008-06-20 894504]

Sk„rmsl„ckarkontroll.lnk - d:\program\Sk„rmsl„ckarkontroll\SSSwitch.exe [2006-11-29 126464]

Timed Backups Manager StartUp.lnk - d:\program\Backup Plus\BackTime.exe [2006-11-29 638976]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartMicrosoft Office.lnk - d:\program\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

Port f”r Symantec Fax Starter Edition.lnk - d:\program\Microsoft Office\Office\1053\OLFSNT40.EXE [1999-03-12 46080]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PixVue]

2005-09-22 22:07 45056 d:\program\PixVue.Com\PixVue\bin\WinLogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program\\Microsoft Office\\Office\\1053\\WFXMSRVR.EXE"=

"d:\\Program\\D4\\D4.exe"=

"c:\\Program\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-06-20 39472]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-07-04 28544]

R0 shdbus;shdbus;c:\windows\system32\drivers\SHDBUS.sys [2007-11-05 7360]

R0 Shield;Shield;c:\windows\system32\drivers\Shield.sys [2008-12-28 105024]

R0 Shieldf;Shieldf;c:\windows\system32\drivers\Shieldf.sys [2008-12-28 22976]

R0 shieldm;shieldm;c:\windows\system32\drivers\Shieldm.sys [2008-12-28 30528]

R1 cloverm;cloverm;c:\windows\system32\drivers\cloverm.sys [2008-12-28 477568]

S2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;d:\program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-07-19 749400]

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program\iolo\Common\Lib\ioloServiceManager.exe [2008-08-20 596328]

S2 ioloSystemService;iolo System Service;c:\program\iolo\Common\Lib\ioloServiceManager.exe [2008-08-20 596328]

S3 CachemanXPService;CachemanXP;d:\program\Cacheman\CachemanXP.exe [2006-11-29 242688]

S3 CLRSERV;CLRSERV;c:\program\Shield\Drive image\CLRSERV.exe [2008-12-28 81920]

 

- Övriga tjänster/drivrutiner i minnet -

 

*NewlyCreated* - ERASERUTILDRVI7

*Deregistered* - EraserUtilDrvI7

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - mchInjDrv

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - NMSAccessU

*Deregistered* - NProtectService

*Deregistered* - NSCService

*Deregistered* - O&O Defrag

*Deregistered* - PixVue

*Deregistered* - PolicyAgent

*Deregistered* - ProtectedStorage

*Deregistered* - RasMan

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - SCardSvr

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - SHDSERV

*Deregistered* - ShellHWDetection

*Deregistered* - ShieldClientService

*Deregistered* - Speed Disk service

*Deregistered* - Spooler

*Deregistered* - srservice

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - Symantec Core LC

*Deregistered* - TapiSrv

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - vsmon

*Deregistered* - wuauserv

*Deregistered* - WudfSvc

*Deregistered* - WZCSVC

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-02-11 c:\windows\Tasks\1-Click Disk Clean.job

- d:\program\YOURUN~1\URUNIN~1.EXE [2008-12-18 11:32]

 

2009-02-11 c:\windows\Tasks\1-ClickCleaner.job

- d:\program\Yamicsoft\WinXP Manager\1-ClickCleaner.exe [2006-11-19 17:24]

 

2009-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- d:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-12 01:51]

 

2008-07-17 c:\windows\Tasks\EasyShare Registration Task.job

- c:\docume~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.30.2.sxt _RegistrationOffer@16 []

 

2009-02-12 c:\windows\Tasks\Norton Security Scan for Jan G Romander.job

- d:\program\Norton SystemWorks\Norton Security Scan\Nss.exe [2008-09-19 04:18]

 

2009-01-23 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job

- d:\program\Norton SystemWorks\OBC.exe [2006-08-02 20:05]

 

2009-02-12 c:\windows\Tasks\RegCure Program Check.job

- d:\program\RegCure\RegCure.exe [2007-08-02 17:20]

 

2009-02-10 c:\windows\Tasks\RegCure.job

- d:\program\RegCure\RegCure.exe [2007-08-02 17:20]

 

2008-08-21 c:\windows\Tasks\Registry Washer.job

- d:\program\REGIST~2\REGIST~1.EXE [2007-10-19 17:56]

 

2009-02-12 c:\windows\Tasks\Symantec Drmc.job

- c:\program\Delade filer\Symantec Shared\SymDrmc.exe [2005-10-26 19:48]

 

2009-02-12 c:\windows\Tasks\Symantec NetDetect.job

- c:\program\Symantec\LiveUpdate\NDETECT.EXE [2005-09-09 14:21]

 

2009-01-23 c:\windows\Tasks\Timed Backups Manager.job

- d:\program\BACKUP~1\BackTime.exe [2005-09-01 07:23]

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKLM-RunOnce-SMRequiresRestart - (no file)

HKLM-RunOnce-<NO NAME> - (no file)

Notify-avldr - (no file)

SafeBoot-Lavasoft Ad-Aware Service

 

 

.

- Extra genomsökning -

.

uStart Page = hxxp://www.leta.se/

IE: Download with GetRight - c:\program\GetRight\GRdownload.htm

IE: Open with GetRight Browser - c:\program\GetRight\GRbrowse.htm

Trusted Zone: handelsbanken.se

FF - ProfilePath - c:\documents and settings\Jan G Romander\Application Data\Mozilla\Firefox\Profiles\b8llhfxg.defaultFF - plugin: c:\program\Personal\bin\np_prsnl.dll

FF - plugin: d:\program\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: d:\program\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: d:\program\DivX\DivX Web Player\npdivx32.dll

FF - plugin: d:\program\Mozilla Firefox\plugins\NPGetRt.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin7.dll

 

FIREFOX POLICY

d:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

.

- Filassociationer -

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-12 15:16:31

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

.

- LÅSTA REGISTERNYCKLAR -

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="844F61C6B2999D71EE7F1617B9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C5D575E7D6A3B98089DB7CE019D40AA5C9758E172C2F6A2D8146E8EE14FA03F4FB55DAB1F5F7A5E83143ECE51546A3995EA0C6E44B0C34EB0674418D4CA2DB0FDC109ED74D08EB9B1ADE4F4B5A09A7D1B930C3AE8E95A14CF1EBE3ECC2454B05F182D3A4C4D3D8D1D97792ECE093A9FF0793940917C352444AF98EF9C843BF4725EFD95BBBCF33456C3C9B113D1A0C158FC1C8EB527B2851E08B2B15A4A6788B82BD3189938015DEF9745CE39F106D617ED5B480B5F1510F4058D19DF074548B98A296E008E9A8B826A82643D1487A57514462391CC036F62FA52D2CB7F2366FE7C1E58CE4357952A0B38686019284BBE28CE69094D07A503AEC99DFE2E3668987678A9280CB52505BAC5E5A6144B3745D88B78F6F00F87795DE4CB21BF94A7195F9D4CF353153B372C2A7857CCBAAD5CC835C3247C6E3C6BB435451B16B8D116139ABA5E38B928E88A8B517EBEA4C4DD8CAA519E665A43015971879CC504E92B62A006558C4C9446F1B236ED189AEAA52F6C3BB6DD6D6BE8E0759E179A39C4769002518B57D7F87D740C01B73E115D942FA2AF0243A7D9D456BFAEBF107F0C9955B5D77952CEA7C316281D36C86231107D95F159296987FAB97370125962BE3E5E5A625AED0640504FBC0E04814ACDFE0032D65A597AC1937CD6AD4BDA51AC8C4A2ED3ABCAB3BADD0F22E701E86CEECE910D49E45184A8DD8755C66E2E1FFC332D151F31C075622CB355D3D2B24D25F100DAC7203F15301A357D2E402005A9E58F97CDF358CA5501947710E0C655535A8EF4E47489A0A20F54046B4C341C005B6DDFF9BC531907A07A4D6D56BF53B103EF59450EC7FC1C86A73C19DF1E64214DB641569BA029BCD8A140D0256DF7CB66D1AAA4DD47638DCCE5A3E70E48C283F9CFAC2563E92692793B5C330054D88086CF2E511C08733CB3BB591AAC50FCF0A610BA40AB87A1F656EBD3A2602A6F06677CCD2DBD3EAE3F12C69E0755073F8796C3A713CF880EACC54E7940815B98E113DE982F04D2FB05411ADB9A667218B897AA531DEE30C64B236D48C1638796F014EFBEE0ECE2A5CE1EBD9AD302CC7C49767942F4EAF305BBCF4BDA6F4A820EE2FC9E96DF3E3ED92E8B2C0B450F82C25585D79AC0EC00EBBE2F5DF4A6BE530ABBE04B9BDF82E92B106E537F97363525C89C61AA3E5EB0FEE5A70BF95A8D3575D259CD6926061D912F30986E84673BC5E516275FBC6F9AA5182634F10E4598A2538270C30E5946649B3ED073DCD39DA642CFACCF219382AD8F19A68B5B3BA0C8BDFD6E8F04D285E4BA0BC7CD827119AE47AD69316201E4465DF4A996EE87A4FDE5EE7C560D"

"OODEFRAG11.00.00.01WORKSTATION"="A57EDB3C61594BFA673FED5918F30D9520663C888DF862123C5D75F428953CB29D0100EF63F80E8E364E7A71584F6F9A75950C2695BC963D83CC070EBB7425F15263562C7656B90972B0BF42C3A9DC6447F175A182D6B8517F49F2865ABF21F1E065338CEE9DEAB1E624A92868F71949AF4D9936BFA5CD583561B2996B5E1B8BDC71046E515C93525386B842861239263A23AEE4EB6A33DE9E474F4A8D1A551CCD0F4673D50679BA6DDB02721733AADAE78DFBF2DCC81875A94F66DC8FA16485AEEF1003EBF337BD5BCD2CE044FD2ACA2E50E166184B01B0B9742B5A76FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74C70E09DF5476CF4E3E7E1C9A171AC2CC4830C51079D2B6915C712C9DD30096102F09EAEC13F62A4A72A8EB6261EAD027CE9F63C27746EF20550823228ED359D55971229BBEE6DDE661BBD6B64E4036B3D67979D9D1BCEFDDB5B47763AAAD716895DEF8811EEE3C3E11DE995F697580C41644E7311BBECCE717D4809E809A64FB29E444DE07DADB80E74E5E36C2DEA47FAB1CF3F9C267A6AD4ADBED97D53680F1D9BEDF9C3F848E5104C520DC5BE0D468D8025074ECD3E1B4547B7DFB2F3FBE1C5791E97BEE74636C531A8487A8A247751E62B54AA4716EFBB0B961838FACE9560BE5EAFD1F2CA5B3D14B4D2F2F12C8B545E13B4A8CEEFB95E9A0F7D329CE73E53598654ECE790473B4A16EC8D7CB3F6D5C7E0B832C44E8E0D7DAC95B9B15DB3381A47177436E5B4B60E3F5C9CD15A73CAE3ECF8272949CA5721CC665AB35B0F5EB32390C2F32A9E5AFBF8E866C0D8FDDADA658B59250C8904D2A07A934424304940EF5DA35853C40616E05FA43BF8D764344A919082D5300C462EDF5AA60A3BAD3BD99BD842E9AACE41E39005581807766070A888B079E11E14CF2916C3F7977684DEEE97318D1A7A4846502BCF29D2D6B001FAF0C2DF0A9B36B26DA2A5E66F43E15101884B6C1F8456A1782B8132C8FB5C78AEE96E0257970DD848D07EE8B064FA597AC8D8CD099E7DDF648F6D4E3C147E27F28C1070BADEDB96D6E321A191E3DC700E68468A6CA935417657BB2BBE001332F8E326CD6C6C49983D1404CA07F876656D6E251022BED35A92F3B48AAD527F9277EE5353E3F361DA200EC5AECB939DDCCF522ADEC429199220CAC543A1D5871526205E4AE0D993AF2CF0A4AEE1560ACAF2822E8CB468A4250EB682BF000657D9C45E321265B6B23C8ED084BE881858FB155E2E44172FFD22CA859FFD6B92FC571384DD9EB859F6F9FA37ECE7C961880FF9BBCAC054660DEC4CF8F7114DE16AD358E29577E243FAB8281D8B4570F280F4E863495317A81F3E8AC6881D538AF4EDDD"

.

Sluttid: 2009-02-12 15:18:21

ComboFix-quarantined-files.txt 2009-02-12 14:18:18

 

Före genomsökningen: 281 620 496 384 byte ledigt

Efter genomsökningen: 281,474,842,624 byte ledigt

 

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

316 - E O F - 2009-02-11 21:09:48[/log]

 

Lagt till LOG-taggar

När du har klistrat in en logg så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup: i inläggsfönstret.

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2009-02-12 15:43:57 av Cecilia]

Länk till kommentar
Dela på andra webbplatser

  • Svars 78
  • Skapad
  • Senaste svar

Så bra att du tycker att det är självklart att uppdatera MBAM, tyvärr så är det inte alla som gör det.

 

Vad finns på H:?

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

c:\windows\system32\SET208.tmp

c:\windows\system32\amvo.exe

 

2008-12-27 15:53 - d-w c:\documents and settings\Jan G Romander\Application Data\ByteCrusher

Är det något som du har betalat för? Gratis så verkar man bara få en 15-dagars testperiod och den har ju gått ut.

http://www.download.com/WindowZones/3000-2239_4-10624801.html

 

 

 

Länk till kommentar
Dela på andra webbplatser

H: är en extern USB-ansluten hårddisk som i princip endast rymmer ljudböcker etc, någon film samt musik.

 

ByteCrusher är/var en mapp som var tom och som nu är borttagen.

 

Det skulle vara intressant att ta del av dina reflektioner ikring att NSS inte hade några problem i felsäkert läge men endast i normalläge.

 

Här kommer logg: (amvo.exe finns ju inte på datorn, så jag la till ordet AMVO före sista raden)

 

[log]Antivirus Version Senaste Uppdatering Resultat

a-squared 4.0.0.93 2009.02.12 -

AhnLab-V3 5.0.0.2 2009.02.12 -

AntiVir 7.9.0.76 2009.02.12 -

Authentium 5.1.0.4 2009.02.12 -

Avast 4.8.1335.0 2009.02.12 -

AVG 8.0.0.229 2009.02.12 -

BitDefender 7.2 2009.02.12 -

CAT-QuickHeal 10.00 2009.02.11 -

ClamAV 0.94.1 2009.02.12 -

Comodo 975 2009.02.12 -

DrWeb 4.44.0.09170 2009.02.12 -

eSafe 7.0.17.0 2009.02.12 -

eTrust-Vet 31.6.6353 2009.02.12 -

F-Prot 4.4.4.56 2009.02.11 -

F-Secure 8.0.14470.0 2009.02.12 -

Fortinet 3.117.0.0 2009.02.12 -

GData 19 2009.02.12 -

Ikarus T3.1.1.45.0 2009.02.12 -

K7AntiVirus 7.10.628 2009.02.12 -

Kaspersky 7.0.0.125 2009.02.12 -

McAfee 5523 2009.02.11 -

McAfee+Artemis 5523 2009.02.11 -

Microsoft 1.4306 2009.02.12 -

NOD32 3848 2009.02.12 -

Norman 6.00.02 2009.02.11 -

nProtect 2009.1.8.0 2009.02.12 -

Panda 10.0.0.10 2009.02.12 -

PCTools 4.4.2.0 2009.02.12 -

Prevx1 V2 2009.02.12 -

Rising 21.16.32.00 2009.02.12 -

SecureWeb-Gateway 6.7.6 2009.02.12 -

Sophos 4.38.0 2009.02.12 -

Sunbelt 3.2.1851.2 2009.02.12 -

Symantec 10 2009.02.12 -

TheHacker 6.3.1.9.254 2009.02.12 -

TrendMicro 8.700.0.1004 2009.02.12 -

VBA32 3.12.8.12 2009.02.11 -

ViRobot 2009.2.12.1603 2009.02.12 -

VirusBuster 4.5.11.0 2009.02.12 -

Övrig information

File size: 3594752 bytes

MD5...: 9e7bb7fadde9c959bacf0c73e0258e13

SHA1..: 92f40ec49cfe14f38e02b9356aab475532a5fee6

SHA256: 24c8b071e238b63dfadfd06d57f7ed9bcd0d0b40c1cad4ab7a57ae4d7d850285

SHA512: cbb33d09be03aa31c09b24ac23cd6b06ce43d45518b2779a87d312a8b993fe4d

67175b9766a8035be0ded43d2e9a8e558604ac0154c0a9b8ceb59626626ed7cd

 

ssdeep: 49152:xx/AoOSFXKpQS+ifnz5Sc630VzoxxXOQutVnBnJR3LgEfl4OGjqPZDW7PU

wFPdxc:soG2SNAc630Vzw9QBJBLp0kiUwFJXps

 

PEiD..: -

TrID..: File type identification

Windows OCX File (55.7%)

Win64 Executable Generic (38.6%)

Win32 Executable Generic (3.8%)

Generic Win/DOS Executable (0.9%)

DOS Executable Generic (0.9%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x96799

timedatestamp.....: 0x4970af4a (Fri Jan 16 16:01:14 2009)

machinetype.......: 0x14c (I386)

 

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x3066eb 0x306800 6.59 bd5008c285133be603c757046eb71fa3

.data 0x308000 0xe41c 0xb600 2.52 b769856f83a2bb06c00ae7bd2c5105ea

.rsrc 0x317000 0x39048 0x39200 7.03 75df5bc1beaca250f1f2795f4ff6ab77

.reloc 0x351000 0x22514 0x22600 6.43 693cdb50dee1ca2d02f4fc9bd123cce5

 

( 12 imports )

> msvcrt.dll: _wtoi, _wcsicmp, _ultoa, wcstok, strrchr, strtol, floor, wcsspn, ceil, _CIsin, _CIcos, _CIatan2, _CIsqrt, _ltow, _itow, _initterm, _amsg_exit, _adjust_fdiv, wcsncmp, _wcsrev, free, malloc, _XcptFilter, _onexit, _lock, __dllonexit, _unlock, atoi, _purecall, memmove, bsearch, qsort, wcsstr, _ultow, _wcsnicmp, wcstol, _vsnwprintf, wcschr, _wtol, memcpy, _errno, wcsrchr, _vsnprintf, memset

> ntdll.dll: RtlUnwind

> GDI32.dll: GetGlyphOutlineW, TranslateCharsetInfo, GetTextFaceW, GetCharWidthW, PtInRegion, GetBkColor, GetFontUnicodeRanges, GetTextCharsetInfo, EnumObjects, GetNearestPaletteIndex, CreateDIBSection, SetDIBColorTable, GetEnhMetaFilePaletteEntries, SetEnhMetaFileBits, SetMetaFileBitsEx, SetDIBitsToDevice, CreateICW, CreateEnhMetaFileW, GetEnhMetaFileW, CreatePolygonRgn, GetDIBColorTable, GetCharWidth32W, GetTextColor, GetNearestColor, GetCharWidthA, Escape, ExtTextOutA, SetBkMode, IntersectClipRect, ExcludeClipRect, SetDIBits, Rectangle, GetCharABCWidthsW, PlayEnhMetaFile, SetBrushOrgEx, StretchDIBits, DeleteObject, OffsetRgn, GetViewportOrgEx, SetViewportOrgEx, EqualRgn, GetRgnBox, CreateRectRgnIndirect, ExtEscape, GetDeviceCaps, RestoreDC, SaveDC, SelectPalette, GetStockObject, SelectClipRgn, GetObjectType, CombineRgn, RealizePalette, CreatePalette, GetRegionData, GetRandomRgn, GetClipBox, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, CreateSolidBrush, SelectObject, GdiFlush, CreateRectRgn, CreatePen, ExtCreatePen, UnrealizeObject, DeleteMetaFile, GetTextCharset, CreateFontIndirectW, EnumFontFamiliesExW, EnumFontsW, SetBkColor, SetTextColor, CreateDCW, ExtTextOutW, CloseMetaFile, SetWindowExtEx, SetWindowOrgEx, SetMapMode, CreateMetaFileA, DeleteEnhMetaFile, CloseEnhMetaFile, LPtoDP, GetWindowExtEx, GetWindowOrgEx, PlayMetaFile, SetViewportExtEx, GetTextExtentPoint32W, GetTextMetricsW, GetObjectW, SetROP2, CreatePatternBrush, CreateBitmap, BitBlt, GetDIBits, GetPaletteEntries, GetOutlineTextMetricsW, SetStretchBltMode, GetClipRgn, CreateEllipticRgn, OffsetViewportOrgEx, GetEnhMetaFileHeader, CreateHatchBrush, GetTextAlign, SetTextAlign, GetCurrentObject, PatBlt, ExtCreateRegion, ExtSelectClipRgn, Polygon, MoveToEx, LineTo, Polyline, Ellipse, GetCurrentPositionEx, MaskBlt, StretchBlt

> KERNEL32.dll: CreateFileA, CreateDirectoryA, CreateMutexA, LCMapStringA, GetExitCodeThread, SwitchToFiber, ConvertThreadToFiber, DeleteFiber, CreateFiber, FreeLibraryAndExitThread, TerminateThread, RaiseException, IsProcessorFeaturePresent, ExpandEnvironmentStringsA, InitializeCriticalSectionAndSpinCount, SetLastError, CompareFileTime, GetFileAttributesExW, GetLongPathNameW, FindResourceExW, CreateFileMappingW, GetSystemDefaultUILanguage, SearchPathW, CreateFileMappingA, GetModuleFileNameW, GetVersionExW, GetCurrentThreadId, FreeLibrary, LeaveCriticalSection, EnterCriticalSection, TlsGetValue, GetModuleHandleW, TlsSetValue, InitializeCriticalSection, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, CloseHandle, UnmapViewOfFile, TlsFree, LocalFree, LocalAlloc, MapViewOfFile, OpenFileMappingA, GetCurrentProcessId, TlsAlloc, MulDiv, GetTickCount, GlobalFree, GlobalUnlock, GlobalAlloc, GlobalLock, MultiByteToWideChar, GetLastError, GetSystemDirectoryW, WideCharToMultiByte, LoadLibraryW, InterlockedExchange, FindAtomW, GetCurrentProcess, GetModuleFileNameA, GetProfileIntA, lstrlenW, WriteFile, SetFilePointer, ReadFile, GlobalSize, GetProcAddress, LoadLibraryExW, CreateFileW, GetTempFileNameW, GetTempPathW, DeleteFileW, GetFileSize, ExpandEnvironmentStringsW, GetShortPathNameW, GetCPInfo, GetSystemInfo, GetSystemDefaultLCID, GetUserDefaultLCID, GetFullPathNameW, OpenMutexA, OpenProcess, CopyFileW, CreateDirectoryW, GetFileAttributesW, SystemTimeToFileTime, GetSystemTime, FindClose, FindFirstFileW, lstrlenA, IsDBCSLeadByteEx, GetFileType, SetEvent, WaitForSingleObject, ResumeThread, CreateThread, CreateEventW, GetCommandLineW, GlobalDeleteAtom, GlobalAddAtomW, GlobalFindAtomW, GetLocalTime, GetLocaleInfoA, GetACP, GetVersion, GetProcessHeap, CompareStringW, OutputDebugStringA, Sleep, InterlockedCompareExchange, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetSystemTimeAsFileTime, LoadLibraryExA, SearchPathA, GetFullPathNameA, LoadLibraryA, GetUserDefaultUILanguage, EnumUILanguagesW, GetLocaleInfoW, IsValidCodePage, FileTimeToSystemTime, FileTimeToLocalFileTime, HeapSize, HeapAlloc, HeapFree, HeapReAlloc, SizeofResource, VirtualQuery, LockResource, LoadResource, FindResourceW, ActivateActCtx, DeactivateActCtx, ReleaseActCtx, CreateActCtxW, GetSystemWindowsDirectoryW, SetErrorMode, GetUserDefaultLangID, FormatMessageW, SetEndOfFile, GetStringTypeW, _lread, GlobalFlags, FlushViewOfFile, ReleaseMutex

> USER32.dll: SystemParametersInfoW, WindowFromPoint, GetAsyncKeyState, DispatchMessageW, GetMessageW, GetAncestor, EnableWindow, AllowSetForegroundWindow, SetDlgItemTextW, GetDlgItemTextW, WinHelpW, IsChild, SetForegroundWindow, ShowWindow, IsIconic, IsWinEventHookInstalled, PeekMessageW, SetParent, OffsetRect, CopyRect, MessageBoxW, DestroyMenu, SetCursor, GetSubMenu, LoadMenuW, LoadCursorW, DeleteMenu, InsertMenuW, GetMenuState, ReleaseCapture, GetCapture, IsCharAlphaNumericW, IsWindowUnicode, GetWindowThreadProcessId, GetDlgItem, InflateRect, CreateAcceleratorTableW, CreateWindowExW, GetDC, SetCapture, FillRect, GetUpdateRect, GetWindowDC, EqualRect, ValidateRgn, LockWindowUpdate, ChildWindowFromPointEx, PostQuitMessage, SetWindowTextW, GetMonitorInfoW, MonitorFromWindow, MoveWindow, BringWindowToTop, RemoveMenu, GetSystemMenu, AdjustWindowRectEx, MonitorFromPoint, GetCaretBlinkTime, PostThreadMessageW, GetWindowTextW, GetLastActivePopup, FindWindowW, RegisterClassW, IsWindowVisible, CheckMenuRadioItem, GetMenuStringW, CreatePopupMenu, AppendMenuW, CharUpperW, IsCharAlphaW, AttachThreadInput, CharNextW, GetKeyboardLayoutList, UnregisterClassW, RegisterClassExW, GetClassInfoExW, ShowCaret, HideCaret, RegisterClipboardFormatA, LoadBitmapW, TrackPopupMenu, ShowCursor, GetCursor, LoadCursorA, DestroyCursor, MessageBeep, GetClassInfoW, SetRect, GetWindowInfo, GetSysColorBrush, GetDoubleClickTime, SetCursorPos, WaitMessage, FrameRect, DrawEdge, DrawFocusRect, DrawFrameControl, DrawTextW, SetCaretPos, CreateCaret, CharLowerBuffW, SetRectEmpty, IsCharLowerW, MonitorFromRect, SendMessageA, GetComboBoxInfo, CallWindowProcW, MsgWaitForMultipleObjects, SubtractRect, MessageBoxA, InSendMessage, TrackMouseEvent, CreateWindowExA, AppendMenuA, GetActiveWindow, GetMenuItemCount, GetMenuItemID, CheckMenuItem, SendMessageW, VkKeyScanW, LoadAcceleratorsW, CopyAcceleratorTableW, PtInRect, CharLowerW, GetMessageTime, GetMessagePos, GetKeyboardState, GetKeyboardLayout, MapVirtualKeyExW, ToAsciiEx, WindowFromDC, InvalidateRgn, MapWindowPoints, BeginPaint, EndPaint, IsRectEmpty, UpdateWindow, RedrawWindow, GetSysColor, CharToOemW, GetForegroundWindow, RegisterClipboardFormatW, RegisterWindowMessageW, TranslateMessage, KillTimer, DestroyWindow, DialogBoxParamW, ClientToScreen, GetKeyState, NotifyWinEvent, DestroyCaret, SetFocus, GetClassNameW, EndDialog, GetWindowLongW, LoadStringW, GetCursorPos, GetClientRect, GetDesktopWindow, EnumChildWindows, GetFocus, SetTimer, GetParent, SetActiveWindow, GetDCEx, GetUpdateRgn, ValidateRect, ScrollDC, ReleaseDC, GetSystemMetrics, SetWindowPos, BeginDeferWindowPos, IsWindow, DeferWindowPos, EndDeferWindowPos, GetWindowRgn, SetWindowRgn, InvalidateRect, RemovePropW, SetWindowsHookExW, CallNextHookEx, GetPropW, SetPropW, GetWindowRect, ScreenToClient, IntersectRect, UnionRect, GetWindow, DefWindowProcW, SetWindowLongW, PostMessageW, UnhookWindowsHookEx, SendDlgItemMessageW, LoadIconW, LoadImageW, EnableMenuItem

> ADVAPI32.dll: GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegQueryInfoKeyW, RegOpenKeyExA, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegSetValueExW, RegCreateKeyExW, RegQueryValueExA, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegQueryValueW, RegEnumKeyW, RegEnumKeyExW, RegOpenKeyW, RegOpenKeyA, TraceEvent, RegOpenKeyExW, RegQueryValueExW

> ole32.dll: CoCreateInstance, CoTaskMemFree, CoUninitialize, CoInitialize, CoFreeUnusedLibraries, CoGetMarshalSizeMax, CoMarshalInterface, CoUnmarshalInterface, CLSIDFromProgID, StringFromCLSID, ReleaseStgMedium, CoTaskMemAlloc, CreateStreamOnHGlobal, OleGetClipboard, CreateBindCtx, OleUninitialize, OleInitialize, CoRegisterMessageFilter, RegisterDragDrop, CreateOleAdviseHolder, OleGetIconOfClass, RevokeDragDrop, OleTranslateAccelerator, WriteClassStm, CreateDataAdviseHolder, WriteFmtUserTypeStg, WriteClassStg, StgCreateDocfile, CreateDataCache, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoRevokeClassObject, CoRegisterClassObject, CLSIDFromString, GetHGlobalFromStream, CoCreateGuid, OleFlushClipboard, OleSetClipboard, OleIsCurrentClipboard, ProgIDFromCLSID, StringFromGUID2, OleQueryLinkFromData, OleQueryCreateFromData, DoDragDrop, CoFileTimeNow, OleRegGetUserType, OleCreateFromData, IIDFromString, CoGetTreatAsClass, StgOpenStorage, OleRun, CoGetClassObject, CoInitializeEx, MkParseDisplayName, OleSaveToStream

> iertutil.dll: -, -, -, -, -, -, -, -, -, -, -, -

> SHLWAPI.dll: PathQuoteSpacesW, PathAddBackslashW, -, -, -, -, -, -, -, PathFindFileNameW, StrStrW, UrlIsW, UrlCreateFromPathW, StrStrIW, SHSetValueW, PathFileExistsW, -, PathUndecorateW, UrlGetLocationW, -, PathIsFileSpecW, UrlCompareW, UrlCanonicalizeW, StrCmpW, PathStripPathW, StrCmpNW, AssocQueryKeyW, UrlUnescapeW, PathGetCharTypeW, PathCanonicalizeW, StrTrimW, UrlApplySchemeW, ChrCmpIW, -, PathAppendW, -, -, PathUnquoteSpacesW, PathRemoveBlanksW, PathRemoveArgsW, PathFindExtensionW, SHStrDupW, PathIsRelativeW, -, AssocQueryStringW, StrCmpNIW, PathGetDriveNumberW, PathIsUNCW, HashData, SHGetInverseCMAP, SHCreateShellPalette, UrlGetPartW, AssocGetPerceivedType, PathFileExistsA, PathAppendA, AssocIsDangerous, wnsprintfW, UrlIsOpaqueW, SHQueryValueExW, AssocQueryStringA, SHRegGetValueW, StrToIntExW, -, -, -, -, -, -, -, -, StrToIntW, -, -, StrCmpIW, SHGetValueW, StrStrIA, SHEnumValueW, PathCreateFromUrlW, -, -, StrChrW

> msls31.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

> PSAPI.DLL: GetModuleBaseNameW

> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

 

( 13 exports )

ClearPhishingFilterData, ConvertAndEscapePostData, CreateHTMLPropertyPage, DllCanUnloadNow, DllEnumClassObjects, DllGetClassObject, MatchExactGetIDsOfNames, PrintHTML, RunHTMLApplication, ShowHTMLDialog, ShowHTMLDialogEx, ShowModalDialog, ShowModelessHTMLDialog

 

AMVO: 0 bytes size received / Se ha recibido un archivo vacio[/log]

 

Länk till kommentar
Dela på andra webbplatser

Att du inte ser en fil med Den här datorn eller Utforskaren behöver inte betyda att filen inte finns. Jag vet inte om Norton visar filnamnet först och sedan kollar filen eller om den visar filnamnet först när filen är avklarad. I det sistnämnda fallet så är det ju inte casino1.ico som är problemet utan filen efter den.

 

H: är en extern USB-ansluten hårddisk som i princip endast rymmer ljudböcker etc, någon film samt musik.
ComboFix tog bort en autorun.inf-fil från den. Autorun.inf gör att något program startar automatiskt när man ansluter den, men det är en säkerhetsrisk.

 

Det skulle vara intressant att ta del av dina reflektioner ikring att NSS inte hade några problem i felsäkert läge men endast i normalläge.
det skulle kunna betyda att det i normalt läge finns något program igång som stör Norton.

 

[log]Ladda ner och kör detta program:

http://www2.gmer.net/mbr/mbr.exe

Klistra in innehållet i mbr.log som skapas i samma mapp som där mbr.exe ligger (t ex på Skrivbordet om mbr.exe finns på Skrivbordet).

 

Obs! Dra ur internetanslutningen och inaktivera/stäng av antivirus- och andra säkerhetsprogram innan du kör mbr.exe. [/log]

 

[log]Ladda ner Gmer till Skrivbordet från en av dessa sidor:

http://www.gmer.net/files.php välj Gmer application

http://www.majorgeeks.com/GMER_d5198.html

Packa upp filen till Skrivbordet.

Stäng alla program.

Starta programmet gmer.exe.

Välj fliken rootkit, kontrollera att allt är förbockat till höger utom Show All. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.

Tryck på Copy och klistra sedan in resultatet i ditt svar.[/log]

 

Länk till kommentar
Dela på andra webbplatser

Här kommer logg:

 

[log]Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net'>http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

copy of MBR has been found in sector 22 !

copy of MBR has been found in sector 23 !

copy of MBR has been found in sector 62 !

 

 

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-02-12 18:03:37

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.14 ----

 

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xB89CA040]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xB89C6930]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xB89D1A80]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xB89CA510]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xB89D0870]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xB89D0AA0]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xB89D3FD0]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xB89CA600]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xB89C6F20]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xB89D26E0]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xB89D2440]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xB89D0580]

SSDT splf.sys ZwEnumerateKey [0xBA6C6CA2]

SSDT splf.sys ZwEnumerateValueKey [0xBA6C7030]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadDriver [0xB89C43F0]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xB89D28B0]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwMapViewOfSection [0xB89D4270]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xB89C6D70]

SSDT splf.sys ZwOpenKey [0xBA6A80C0]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xB89D0350]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xB89D0150]

SSDT splf.sys ZwQueryKey [0xBA6C7108]

SSDT splf.sys ZwQueryValueKey [0xBA6C6F88]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xB89D3250]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xB89D2CB0]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xB89C9C00]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xB89D3080]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xB89CA220]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xB89C7120]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetSystemInformation [0xB89C41C0]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xB89D2140]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xB89D0CD0]

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwUnloadDriver [0xB89C45F0]

 

INT 0x20 srescan.sys BA4B7C90

INT 0x62 ? 89D71BF8

INT 0x73 ? 89D74BF8

INT 0x82 ? 89D71BF8

INT 0x83 ? 8979EBF8

INT 0x83 ? 8979EBF8

INT 0x83 ? 8979EBF8

INT 0x83 ? 8979EBF8

INT 0x83 ? 8979EBF8

 

---- Kernel code sections - GMER 1.0.14 ----

 

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [ 10, A5, 9C, B8, 70, 08, 9D, ... ]

? splf.sys Det går inte att hitta filen. !

? srescan.sys Det går inte att hitta filen. !

.text USBPORT.SYS!DllUnload BA1968AC 5 Bytes JMP 8979E1D8

.text a098618n.SYS B9D94386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]

.text a098618n.SYS B9D943AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]

.text a098618n.SYS B9D943C4 3 Bytes [ 00, 70, 02 ]

.text a098618n.SYS B9D943C9 1 Byte [ 2E ]

.text a098618n.SYS B9D943CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]

.text ...

? C:\Program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys Det går inte att hitta filen. !

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Det går inte att hitta filen. !

 

---- User code sections - GMER 1.0.14 ----

 

.text C:\WINDOWS\system32\ctfmon.exe[280] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6C, 84 ]

.text C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe[480] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C2, 84 ]

.text C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe[568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 70, 84 ]

.text C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe[664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, EF, 84 ]

.text C:\WINDOWS\system32\csrss.exe[844] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, FA, 84 ]

.text ...

.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1656] ntdll.dll!KiFastSystemCall + 2 7C90E4F2 2 Bytes [ CD, 20 ]

.text C:\WINDOWS\Explorer.EXE[1856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 51, 84 ]

.text D:\Program\NORTON~1\NORTON~1\NPROTECT.EXE[2036] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 22, 85 ]

.text C:\Zipwork\gmer.exe[2068] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]

.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 79, 84 ]

.text C:\Program\Shield\shieldclnt.exe[2432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5E, 84 ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2712] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]

.text C:\WINDOWS\System32\SCardSvr.exe[3340] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2A, 84 ]

.text C:\WINDOWS\system32\wscntfy.exe[3740] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]

.text D:\Program\zabkat\xplorer2\xplorer2_UC.exe[3816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 48, 84 ]

.text D:\Program\zabkat\xplorer2\xplorer2_UC.exe[3816] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]

.text C:\Program\Shield\shieldtray.exe[4016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 83, 85 ]

 

---- Kernel IAT/EAT - GMER 1.0.14 ----

 

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [bA6A9040] splf.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [bA6A913C] splf.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [bA6A90BE] splf.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [bA6A97FC] splf.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [bA6A96D2] splf.sys

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!KeGetCurrentIrql] 57B80974

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!KfRaiseIrql] 8B000000

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!KfLowerIrql] 56C35DE5

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!HalGetInterruptVector] 8D08758B

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455

IAT \SystemRoot\System32\Drivers\a098618n.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856

IAT \SystemRoot\System32\Drivers\a098618n.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520

IAT \SystemRoot\System32\Drivers\a098618n.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [bA6B9048] splf.sys

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [b89CECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [b89CF1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [b89CF320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [b89CEE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [b89CEE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [b89CECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [b89CF1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [b89CF320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [b89CECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [b89CEE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [b89CF320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [b89CF1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [b89CF320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [b89CF1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [b89CECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [b89CEE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [b89CECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [b89CF1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [b89CF320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [b89CF320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [b89CF1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [b89CEE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [b89CECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [b89CECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [b89CEE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [b89CF320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [b89CF1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

 

---- Devices - GMER 1.0.14 ----

 

Device \FileSystem\Ntfs \Ntfs 89DE01F8

 

AttachedDevice \FileSystem\Ntfs \Ntfs Shieldf.sys

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

 

Device \FileSystem\Fastfat \FatCdrom 88E5F1F8

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

Device \Driver\usbuhci \Device\USBPDO-0 8979D500

Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DE21F8

Device \Driver\dmio \Device\DmControl\DmConfig 89DE21F8

Device \Driver\dmio \Device\DmControl\DmPnP 89DE21F8

Device \Driver\dmio \Device\DmControl\DmInfo 89DE21F8

Device \Driver\usbuhci \Device\USBPDO-1 8979D500

Device \Driver\usbuhci \Device\USBPDO-2 8979D500

Device \Driver\usbuhci \Device\USBPDO-3 8979D500

Device \Driver\usbehci \Device\USBPDO-4 8957F1F8

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

Device \Driver\NetBT \Device\NetBT_Tcpip_{A2117E79-EAAB-4087-A550-7B717ECF7DB6} 89217500

Device \Driver\PCI_PNP3992 \Device\00000057 splf.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 89D721F8

 

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

 

Device \Driver\Ftdisk \Device\HarddiskVolume2 89D721F8

 

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

 

Device \Driver\Cdrom \Device\CdRom0 8979F500

Device \Driver\Cdrom \Device\CdRom1 8979F500

Device \Driver\Ftdisk \Device\HarddiskVolume3 89D721F8

 

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

 

Device \Driver\Ftdisk \Device\HarddiskVolume4 89D721F8

 

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

 

Device \Driver\Cdrom \Device\CdRom2 8979F500

Device \Driver\USBSTOR \Device\00000080 890C21F8

Device \Driver\USBSTOR \Device\00000081 890C21F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 89217500

Device \Driver\NetBT \Device\NetbiosSmb 89217500

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

Device \Driver\sptd \Device\256755242 splf.sys

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

Device \Driver\usbuhci \Device\USBFDO-0 8979D500

Device \Driver\usbuhci \Device\USBFDO-1 8979D500

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890691F8

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

Device \Driver\usbuhci \Device\USBFDO-2 8979D500

Device \FileSystem\MRxSmb \Device\LanmanRedirector 890691F8

Device \Driver\usbuhci \Device\USBFDO-3 8979D500

Device \Driver\usbehci \Device\USBFDO-4 8957F1F8

Device \Driver\Ftdisk \Device\FtControl 89D721F8

Device \Driver\a098618n \Device\Scsi\a098618n1Port3Path0Target0Lun0 89806500

Device \Driver\viamraid \Device\Scsi\viamraid1 89DE11F8

Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target0Lun0 89DE11F8

Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target2Lun0 89DE11F8

Device \Driver\a098618n \Device\Scsi\a098618n1 89806500

Device \FileSystem\Fastfat \Fat 88E5F1F8

 

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat Shieldf.sys

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

 

Device \FileSystem\Cdfs \Cdfs 890371F8

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0x09 0x29 0x8A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program\DAEMON Tools LiteReg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4A 0xAC 0x5C 0x12 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x27 0x12 0x25 0x03 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program\DAEMON ToolsReg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE3 0xEC 0x81 0x8F ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0xE6 0x53 0x56 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x22 0x5D 0x3C 0x46 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0x09 0x29 0x8A ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program\DAEMON Tools LiteReg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4A 0xAC 0x5C 0x12 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x27 0x12 0x25 0x03 ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 844F61C6B2999D71EE7F1617B9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C5D575E7D6A3B98089DB7CE019D40AA5C9758E172C2F6A2D8146E8EE14FA03F4FB55DAB1F5F7A5E83143ECE51546A3995EA0C6E44B0C34EB0674418D4CA2DB0FDC109ED74D08EB9B1ADE4F4B5A09A7D1B930C3AE8E95A14CF1EBE3ECC2454B05F182D3A4C4D3D8D1D97792ECE093A9FF0793940917C352444AF98EF9C843BF4725EFD95BBBCF33456C3C9B113D1A0C158FC1C8EB527B2851E08B2B15A4A6788B82BD3189938015DEF9745CE39F106D617ED5B480B5F1510F4058D19DF074548B98A296E008E9A8B826A82643D1487A57514462391CC036F62FA52D2CB7F2366FE7C1E58CE4357952A0B38686019284BBE28CE69094D07A503AEC99DFE2E3668987678A9280CB52505BAC5E5A6144B3745D88B78F6F00F87795DE4CB21BF94A7195F9D4CF353153B372C2A7857CCBAAD5CC835C3247C6E3C6BB435451B16B8D116139ABA5E38B928E88A8B517EBEA4C4DD8CAA519E665A43015971879CC504E92B62A006558C4C9446F1B236ED189AEAA52F6C3BB6DD6D6BE8E0759E179A39C4769002518B57D7F87D740C01B73E115D942FA2AF0243A7D9D456BFAEBF107F0C9955B5D77952CEA7C316281D36C86231107D95F

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION A57EDB3C61594BFA673FED5918F30D9520663C888DF862123C5D75F428953CB29D0100EF63F80E8E364E7A71584F6F9A75950C2695BC963D83CC070EBB7425F15263562C7656B90972B0BF42C3A9DC6447F175A182D6B8517F49F2865ABF21F1E065338CEE9DEAB1E624A92868F71949AF4D9936BFA5CD583561B2996B5E1B8BDC71046E515C93525386B842861239263A23AEE4EB6A33DE9E474F4A8D1A551CCD0F4673D50679BA6DDB02721733AADAE78DFBF2DCC81875A94F66DC8FA16485AEEF1003EBF337BD5BCD2CE044FD2ACA2E50E166184B01B0B9742B5A76FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74C70E09DF5476CF4E3E7E1C9A171AC2CC4830C51079D2B6915C712C9DD30096102F09EAEC13F62A4A72A8EB6261EAD027CE9F63C27746EF20550823228ED359D55971229BBEE6DDE661BBD6B64E4036B3D67979D9D1BCEFDDB5B47763AAAD716895DEF8811EEE3C3E11DE995F697580C41644E7311BBECCE717D4809E809A64FB29E444DE07DADB80E74E5E36C2DEA47FAB1CF3F9C267A6AD4ADBED97D53680F1D9BEDF9C3F848E5104C520DC5BE0D468D8025074ECD3E1B4547B7DFB2F3FBE1C5791E97BEE74636C531A8487A8A247751E62B5

 

---- Disk sectors - GMER 1.0.14 ----

 

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; <-- ROOTKIT !!!

Disk \Device\Harddisk0\DR0 sector 22: copy of MBR

Disk \Device\Harddisk0\DR0 sector 23: copy of MBR

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

 

---- EOF - GMER 1.0.14 ----[/log]

 

 

Länk till kommentar
Dela på andra webbplatser

Starta Kommandotolken och skriv:

mbr - f

 

eller om det blir ett felmeddelande:

skrivbord\mbr -f

 

om det kommer något meddelande så skriv i ditt svar exakt vad det står.

 

 

[inlägget ändrat 2009-02-12 19:58:13 av Cecilia]

Länk till kommentar
Dela på andra webbplatser

Kommer här:

 

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

copy of MBR has been found in sector 22 !

copy of MBR has been found in sector 23 !

copy of MBR has been found in sector 62 !

 

 

Länk till kommentar
Dela på andra webbplatser

Det ser inte ut som att du har fått med -f, vilket kan bero på att jag råkade få in ett extra mellanrum i mitt första kommando. Det ska vara

mbr -f

med ett mellanrum innan -, men inget mellanrum mellan - och f

Ledsen :(

 

[inlägget ändrat 2009-02-12 22:05:27 av Cecilia]

Länk till kommentar
Dela på andra webbplatser

Det hjälper tyvärr knappast - du ser ju på förra bilden att jag är i c:\zipwork, där jag har mbr.exe. Kanske ska man se det så att det inte blev något svar. Du antydde ju tidigare att OM det kommer något meddelande etc skriv in exakt..

 

[bild bifogad 2009-02-12 23:40:55 av Jiger]

1122529_thumb.jpg

Länk till kommentar
Dela på andra webbplatser

Du var ju inte i zipwork-mappen utan i roten i förra bilden.

Jag har för mig när mbr uppfattar parametern -f så blir det ingen utskrift alls.

 

Länk till kommentar
Dela på andra webbplatser

Men...så vitt jag förstår är det uppenbart att jag befinner i c:\zipwork om det står (se översta raden i första bilden) c:\>zipwork\mbr -f.

Varför det där >tecknet finns med före zipwork vet inte jag..

Jag föreslår att vi sover på saken...

 

Länk till kommentar
Dela på andra webbplatser

> har betydelse

c:\> betyder att du befinner dig i c:\

zipwork\mbr betyder att du från det ställe där du befinner dig vill köra programmet mbr som finns i mappen zipwork

 

Länk till kommentar
Dela på andra webbplatser

OK, jag förstår. Jag tror inte att det ändrar något dock. Se bilden.

Det kokar ner till att det blir samma budskap som i den ursprungliga loggen. Vad göra nu??

 

[bild bifogad 2009-02-13 02:15:56 av Jiger]

1122546_thumb.jpg

Länk till kommentar
Dela på andra webbplatser

Du försökte det i december men då vägrade datorn att starta efteråt.

 

Du har en hel del ovanliga skyddsprogram så jag vet inte om det är de programmen som har ändrat om så att det blir konstiga resultat.

"Shield Tray"="c:\program\Shield\shieldtray.exe" [2008-02-21 3391488]

"AntiTracks"="d:\program\Anti Tracks\AntiTracks.exe" [2007-10-18 1298432]

"'Ashampoo AntiSpyWare 2 Guard'"="d:\program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2009-01-14 2347352]

"WinPatrol"="d:\program\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]

 

 

Länk till kommentar
Dela på andra webbplatser

OK, Jag gör ett nytt försök med SDFix. Under tiden vill jag fråga dej om en ny mapp jag har fått in som heter C:\cmdcons, jag tror den är relaterad till installationen av Combofix. Kan jag ta bort den?

 

Länk till kommentar
Dela på andra webbplatser

Nej, ta inte bort mappen cmdcons rakt av nu. Jag antar att du har observerat att du har fått en skärmbild som syns i två sekunder under uppstarten av datorn, där finns nu ett val om återställningskonsol. Återställningskonsolen är bra att ha om något går snett i datorn, antingen under rensningar av skadliga program eller vid annat tillfälle, för därifrån kan man göra en systemåterställning. Återställningskonsolen använder mappen cmdcons.

 

Länk till kommentar
Dela på andra webbplatser

OK, Tack för denna info.

 

Denna gång gick det spikrakt att köra SDFix, jag bifogar logg.

Observera att jag körde SDFix inloggad som administratör och ändå kommer påpekandet att:

 

"please note that you need administrator rights to perform deep scan"

 

 

[log]SDFix: Version 1.240

Run by Administrat”r on 2009-02-13 at 16:29

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

C:\WINDOWS

: 108

Total size: 108 bytes.

WINDOWS: Åtkomst nekad.

 

Checking for remaining Streams

 

C:\WINDOWS

: 108

Total size: 108 bytes.

 

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-13 16:37:49

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

disk error: C:\WINDOWS\system32\config\system, 0

scanning hidden registry entries ...

 

disk error: C:\WINDOWS\system32\config\software, 0

disk error: C:\Documents and Settings\Administratör\ntuser.dat, 0

scanning hidden files ...

 

disk error: C:\WINDOWS\

 

please note that you need administrator rights to perform deep scan

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\\Program\\Microsoft Office\\Office\\1053\\WFXMSRVR.EXE"="D:\\Program\\Microsoft Office\\Office\\1053\\WFXMSRVR.EXE:*:Enabled:WFXMSRVR"

"D:\\Program\\D4\\D4.exe"="D:\\Program\\D4\\D4.exe:*:Enabled:Dimension 4"

"C:\\Program\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"

"C:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Fri 3 Nov 2006 108 A.SHR --- "C:\WINDOWS\neoqaz2.dll"

Thu 3 Jul 2008 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

 

Finished![/log]

 

 

Länk till kommentar
Dela på andra webbplatser

Jo, det felmeddelandet förekom vid en del infektioner kring jul-nyår, och då brukade mbr-programmet hitta något, men det gjorde den inte i din dator däremot så ansåg gmer-programmet att det var något olämpligt med MBR på hårddisken.

 

Du har ett program som heter Shield. Är det det här programmet?

http://www.eazsolution.com/en/baselineshield.php

 

 

Länk till kommentar
Dela på andra webbplatser

Nej, shield relaterar till programmet RollBack från Horizon DataSys, som räddade mig strax före årsskiftet efter det att jag kört SDFix den gången. Programmet tar ett snapshot vid speciella tillfällen t ex vid uppstart varje nytt dygn (jag använder endast denna option här på landet) samt vid andra valda tillfällen eller manuellt, alltså en sorts möjlighet till systemåterställning, där man kan gå hur långt tillbaka som helst, bara man inte raderat alltför många snapshots. Jag ser programmet som oundgängligt...

 

Om ett problem uppstår kan man istället för att analysera och lösa problemet traditionellt, backa tillbaka till senaste snapshot och dessutom ta fram de filer som ändrats sedan snapshottet togs.

Rollback ändrar MBR liksom t ex Norton GoBack.

 

Jag tror knappast att vi har något casino1.ico där..

 

Länk till kommentar
Dela på andra webbplatser

OK, Kaspersky hittar ju allt möjligt t ex ofarliga musikfiler etc, jag nöjer mig med, om det går, att skanna c-disken..

Annars är ankommande natt designad varje vecka för full skanning av ZoneAlarm antivirus och antispyware samt Ashampoo antispyware..

Jag återkommer med logg för Kaspersky, kanske först imorgon. Åker till stan på måndag..

 

 

Länk till kommentar
Dela på andra webbplatser

Ungefär som jag trodde...

 

Min dator (jag körde hela datorn) är infekterad av min Outlook-fil

outlook.pst, som f ö finns backuppad på d:, där det uppenbarligen inte var något problem...

 

Jag bigogar inte filen, eftersom det endast var outlook.pst som var problemet (!)

 

Om det händelsevis i min Outlook.pst fanns hänvisningar till knepiga casinoprogram, borde något av all de program vi och jag kört, haft en synpunkt på det. Jag har faktiskt aldrig varit på någon casinosajt med den här datorn..

 

Börjar vi "run out of ideas" NSS har en överkänslighetsbugg?

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...