Trojan/virus som gör att det inte går att starta Internet explorer?

[Rob..]

Är din mail korrekt? Får hela tiden fel men jag kanske gör ngt fel.

 

 

[Cecilia]

Ja, det står rätt men det går kanske inte att kopiera utan du får skriva av.

 

[Rob..]

Aha. Tror jag lyckades nu, jag tar bort filerna och skickar en ny logg när jag vet att du har fått filerna

 

[Cecilia]

Jag har fått ner filerna nu.

 

[Rob..]

Har tagit bort filerna nu bifogar ny logg.

 

 

[log]

ComboFix 09-01-10.01 - HP_Ägaren 2009-01-10 21:05:04.6 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1437 [GMT 1:00]

Körs från: c:\documents and settings\HP_Ägaren\Skrivbord\ComboFix.exe

* Skapade en ny återställningspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\java2.sys c:\windows\system32\snjava.dll

c:\windows\system32\msrdo20.dll

c:\windows\system32\rdocurs.dll

 

.

((((((((((((((((((((( Filer Skapade från 2008-12-10 till 2009-01-10 ))))))))))))))))))))))))))))))))))))

.

 

2009-01-08 23:24 . 2009-01-09 18:30 <KAT> d-------- c:\windows\system32\zipmapp

2009-01-08 23:20 . 2009-01-08 23:34 <KAT> d-------- c:\documents and settings\All Users\Application Data\WinZip

2009-01-07 21:30 . 2006-12-29 00:31 19,569 --a------ c:\windows\000001_.tmp

2009-01-07 19:31 . 2008-12-12 04:28 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys

2009-01-07 17:51 . 2009-01-07 17:51 <KAT> dr------- c:\program\Norton Support

2009-01-07 17:30 . 2009-01-07 17:30 <KAT> d-------- c:\documents and settings\All Users\Application Data\Symantec

2009-01-07 17:29 . 2009-01-07 17:29 <KAT> d-------- c:\program\Symantec

2009-01-07 17:29 . 2009-01-07 17:29 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-07 17:29 . 2009-01-07 17:29 60,808 --a------ c:\windows\system32\S32EVNT1.DLL

2009-01-07 17:27 . 2009-01-07 21:45 <KAT> d-------- c:\windows\system32\drivers\NIS

2009-01-07 17:27 . 2009-01-07 17:27 <KAT> d-------- c:\program\Windows Sidebar

2009-01-07 17:27 . 2009-01-07 17:27 <KAT> d-------- c:\program\Norton Internet Security

2009-01-07 17:15 . 2009-01-07 17:15 <KAT> d-------- c:\program\NortonInstaller

2009-01-07 17:15 . 2009-01-07 17:15 <KAT> d-------- c:\documents and settings\All Users\Application Data\PCSettings

2009-01-07 17:15 . 2009-01-07 17:15 <KAT> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-01-07 17:15 . 2009-01-07 17:30 <KAT> d-------- c:\documents and settings\All Users\Application Data\Norton

2009-01-07 17:14 . 2009-01-07 17:14 <KAT> d-------- c:\documents and settings\All Users\Symantec Temporary Files

2009-01-06 18:53 . 2009-01-06 18:53 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-06 18:53 . 2009-01-06 18:53 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-06 18:42 . 2009-01-06 18:42 <KAT> d-------- c:\program\Delade filer\Java

2009-01-06 17:13 . 2009-01-06 17:13 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-01-06 17:13 . 2009-01-06 17:13 <KAT> d-------- c:\documents and settings\HP_Ägaren\Application Data\Malwarebytes

2009-01-06 17:13 . 2009-01-06 17:13 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-06 17:13 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-06 17:13 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-05 14:25 . 2009-01-05 14:25 44,308 --ah----- c:\windows\system32\mlfcache.dat

2009-01-05 14:05 . 2009-01-05 14:05 <KAT> d--hs---- c:\windows\ftpcache

2009-01-05 14:05 . 2009-01-05 14:05 917,504 --a------ c:\windows\system32\FLASH.OCX

2009-01-02 21:27 . 2009-01-02 21:27 <KAT> d-------- c:\documents and settings\All Users\Application Data\Sandlot Games

2009-01-02 21:27 . 2009-01-02 21:27 4,096 --a------ c:\windows\d3dx.dat

2009-01-02 21:25 . 2009-01-02 21:25 172,032 --a------ c:\windows\system32\xwr20356.dll

2009-01-02 21:25 . 2009-01-02 21:25 172,032 --a------ c:\windows\system32\wr20356.dll

2009-01-02 10:30 . 2009-01-10 20:05 <KAT> d-------- c:\documents and settings\All Users\Application Data\Google Updater

2008-12-31 16:34 . 2008-12-31 16:34 400,404 --------- c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

2008-12-31 16:32 . 2008-12-31 16:32 400,404 --a------ c:\documents and settings\HP_Ägaren\Application Data\cwdsiwvk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-08 16:18 --------- d-----w c:\program\SUPERAntiSpyware

2009-01-07 16:56 --------- d-----w c:\program\Google

2009-01-07 16:43 --------- d-----w c:\program\Delade filer\Symantec Shared

2009-01-07 16:29 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-07 16:29 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-06 17:53 --------- d-----w c:\program\Java

2009-01-05 12:26 --------- d-----w c:\documents and settings\HP_Ägaren\Application Data\HP

2009-01-02 23:18 --------- d-----w c:\documents and settings\HP_Ägaren\Application Data\uTorrent

2008-12-21 10:18 --------- d-----w c:\documents and settings\All Users\Application Data\Creative

2008-12-20 19:37 47,579 ----a-w c:\windows\system32\usootjpmfcuqdzm.exe

2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-11-14 23:00 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant

2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 12:43 286,720 ------w c:\windows\system32\dllcache\gdi32.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe

2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2006-08-13 20:19 22 --sha-w c:\windows\SMINST\HPCD.sys

.

 

------- Sigcheck -------

 

2005-10-21 04:40 662016 d3b9f978b4927b4a674546896bf981ef c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

2007-10-11 00:42 825344 bde874a25c35a9b2648b1bf510595f12 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2007-12-07 02:59 825344 520880d2467f57dd5325790f0c799b3e c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 13:49 827392 893312e4b19721a4de83411c4babab61 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2008-04-23 05:21 827392 21fc0ae15f561edc35d82c8de85c2851 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

2008-06-23 16:42 827904 763148c042469c197933ac956e566226 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

2008-08-26 10:12 827904 27431705f27b772f4f7903e4bf96efb2 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

2008-10-16 20:50 827904 e54a023eeb7dcf92add34940679078e2 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

2004-08-04 05:00 656896 9f721bd834534e75661d8f9bd1efdcd7 c:\windows\$NtUninstallKB905915$\wininet.dll

2005-10-21 04:42 658944 86bf3664b86c59c669d8ff99b150f105 c:\windows\$NtUninstallKB916281$\wininet.dll

2006-05-10 06:27 664064 193ebb237b05182975ee44bda3405af1 c:\windows\$NtUninstallKB918899$\wininet.dll

2006-06-23 12:26 665088 466146844c05dd41e7da573e2f52634a c:\windows\$NtUninstallKB922760$\wininet.dll

2006-09-14 09:37 665088 124b5b1d140b7a5dc8f23172b5125c81 c:\windows\$NtUninstallKB925454$\wininet.dll

2006-10-23 16:35 665088 43cd9445a02b0efc6c08cb86443a16ae c:\windows\$NtUninstallKB928090$\wininet.dll

2007-01-04 15:05 665600 67cc810f4f24bbe33eda3cc2689a28e1 c:\windows\$NtUninstallKB931768$\wininet.dll

2007-02-19 16:23 666112 b0e69d997838a34e68d880e67d114bc7 c:\windows\$NtUninstallKB933566$\wininet.dll

2007-04-18 13:46 666112 d6b8e18f5f73fdeb568bed5852864ef9 c:\windows\$NtUninstallKB937143$\wininet.dll

2007-06-26 15:53 666112 c2743463d86deb7eb0e224a2b769ece1 c:\windows\$NtUninstallKB939653$\wininet.dll

2007-08-22 13:58 666112 5290463c69ddc6813fdc96aeffef14fe c:\windows\$NtUninstallKB942615$\wininet.dll

2007-10-11 07:10 666624 35b50083b6158d1d92454da40d8166a2 c:\windows\ie7\wininet.dll

2007-10-11 00:53 824832 41669fad846f6c003c1ffd8b747c6fa4 c:\windows\ie7updates\KB944533-IE7\wininet.dll

2008-03-01 14:02 826368 f51a84f3b4109769f91e6348d01e2ac1 c:\windows\ie7updates\KB950759-IE7\wininet.dll

2008-06-23 17:42 826368 ce365a16790ec5c5dddc78820949c02e c:\windows\ie7updates\KB956390-IE7\wininet.dll

2008-08-26 09:27 826368 91a76d98b206723d21612aecbc1d65ce c:\windows\ie7updates\KB958215-IE7\wininet.dll

2008-04-14 17:04 666624 b8d98f0cdf9b1429cd95497ad9995078 c:\windows\ServicePackFiles\i386\wininet.dll

2008-10-16 21:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\SoftwareDistribution\Download\3f9908474c970794e94d84058074373d\SP2GDR\wininet.dll

2008-10-16 21:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\SoftwareDistribution\Download\3f9908474c970794e94d84058074373d\SP2QFE\wininet.dll

2007-10-11 00:53 824832 41669fad846f6c003c1ffd8b747c6fa4 c:\windows\SoftwareDistribution\Download\c99627c42c1096d85d802de92f1144c7\SP2GDR\wininet.dll

2007-10-11 00:42 825344 bde874a25c35a9b2648b1bf510595f12 c:\windows\SoftwareDistribution\Download\c99627c42c1096d85d802de92f1144c7\SP2QFE\wininet.dll

2008-10-16 21:33 826368 046da003d4e4664ebbf9ea40b79bdc28 c:\windows\SoftwareDistribution\Download\e68a1fbaf4b42341b9e19e583377c2f9\SP2GDR\wininet.dll

2008-10-16 20:50 827904 e54a023eeb7dcf92add34940679078e2 c:\windows\SoftwareDistribution\Download\e68a1fbaf4b42341b9e19e583377c2f9\SP2QFE\wininet.dll

2008-08-26 09:27 826368 91a76d98b206723d21612aecbc1d65ce c:\windows\SoftwareDistribution\Download\f6ee33b90aa27c711d270ccb06ad3e3b\SP2GDR\wininet.dll

2008-08-26 10:12 827904 27431705f27b772f4f7903e4bf96efb2 c:\windows\SoftwareDistribution\Download\f6ee33b90aa27c711d270ccb06ad3e3b\SP2QFE\wininet.dll

2008-10-16 21:33 826368 046da003d4e4664ebbf9ea40b79bdc28 c:\windows\system32\wininet.dll

2008-10-16 21:33 826368 046da003d4e4664ebbf9ea40b79bdc28 c:\windows\system32\dllcache\wininet.dll

.

((((((((((((((((((((((((((((( snapshot_2009-01-08_17.36.37.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-08 22:21:05 632,320 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}\IconCD95F66110.exe

+ 2009-01-08 22:21:05 29,184 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}\IconCD95F6617.exe

+ 2008-12-20 19:37:30 47,579 ----a-w c:\windows\system32\zipmapp\usootjpmfcuqdzm.exe

+ 2009-01-02 20:25:43 53,410,228 ----a-w c:\windows\system32\zipmapp\xa19524250.exe

+ 2009-01-02 20:25:45 172,032 ----a-w c:\windows\system32\zipmapp\xwr20356.dll

+ 2009-01-10 20:34:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_70c.dat

+ 2009-01-10 20:35:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7ac.dat

.

(((((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]

"updateMgr"="c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"CTDVDDET"="c:\program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"VolPanel"="c:\program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"AudioDrvEmulator"="c:\program\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"HPHUPD08"="c:\program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"PCMService"="c:\program\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 147456]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]

"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2005-01-01 180269]

"Net iD"="c:\windows\system32\iid.exe" [2008-02-22 74992]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2008-05-27 413696]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-01-06 136600]

"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]

"nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe]

"CTHelper"="CTHELPER.EXE" [2005-08-08 c:\windows\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 c:\windows\system32\CTXFIHLP.EXE]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartAdobe Reader Speed Launch.lnk - c:\program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

Personal.lnk - c:\program\Personal\bin\Personal.exe [2006-08-17 438272]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 12:41 294912 c:\program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aeydcsgs]

2008-12-31 16:34 400404 c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]

"Debugger"=c:\windows\system32\wkgszvx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

 

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-07 255536]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-07 362544]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081220.001\IDSxpx86.sys [2009-01-07 274808]

R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]

R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-01-01 2799488]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-07 99376]

R3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

R4 Norton Internet Security;Norton Internet Security;c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-07 115560]

R4 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [2006-10-12 17072]

S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-01-01 468768]

S4 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

.

Innehållet i mappen 'Schemalagda aktiviteter'

 

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2009-01-10 c:\windows\Tasks\Google Software Updater.job

- c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 10:30]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.newsnow.co.uk/newsfeed/?name=Liverpool

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll

 

O16 -: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab

c:\windows\Downloaded Program Files\DAX.inf

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-10 21:35:51

Windows 5.1.2600 Service Pack 3 NTFS

 

genomsöker dolda processer ...

 

genomsöker dolda autostartpunkter ...

 

genomsöker dolda filer ...

 

genomsökningen avslutades lyckosamt

dolda filer: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"

.

--------------------- DLLer installerade under pågående processer ---------------------

 

- - - - - - - > 'winlogon.exe'(884)

c:\program\SUPERAntiSpyware\SASWINLO.dll

c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

 

- - - - - - - > 'explorer.exe'(3760)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSENG.DLL

c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

.

------------------------ Andra pågående processer ------------------------

.

c:\windows\system32\rundll32.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\LightScribe\LSSrvc.exe

c:\program\Delade filer\Microsoft Shared\VS7Debug\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

c:\program\Canon\CAL\CALMAIN.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\CTXFISPI.EXE

c:\windows\system32\scardsvr.exe

c:\program\iPod\bin\iPodService.exe

c:\windows\system\hpsysdrv.exe

.

**************************************************************************

.

Sluttid: 2009-01-10 21:43:13 - datorn startades om

ComboFix-quarantined-files.txt 2009-01-10 20:43:05

ComboFix2.txt 2009-01-08 16:37:30

ComboFix3.txt 2008-12-21 13:24:16

ComboFix4.txt 2007-10-16 16:27:25

ComboFix5.txt 2009-01-10 19:58:02

 

Före genomsökningen: 181,349,539,840 byte ledigt

Efter genomsökningen: 181,347,852,288 byte ledigt

 

275 --- E O F --- 2009-01-07 22:01:28

 

[/log]

 

[Cecilia]

c:\documents and settings\All Users\Application Data\Sandlot Games

Den mappen kan du nog också ta bort för Sandlot nämndes i en av spelfilerna så de hör nog ihop. Filen c:\windows\d3dx.dat skapades samtidigt så den hör nog också ihop, men lägg den t ex i Papperskorgen några dagar utifall att den skulle höra ihop med ett annat program.

 

Kopiera alla rader i rutan (använd markera kod)

File::
c:\windows\system32\xwr20356.dll
c:\windows\system32\wr20356.dll
c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll
c:\documents and settings\HP_Ägaren\Application Data\cwdsiwvk.dll
c:\windows\system32\usootjpmfcuqdzm.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=-

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

[Rob..]

Fick inte ut ngn logg när körde med scriptet. Men sen körde jag en utan scriptet och fick då en logg, bifogar nedan;

 

Men nu verkar internet explorer fungera, stort tack!

Är det ngt mer jag borde göra, och vad var det som hade hänt egentligen?

 

[log]

ComboFix 09-01-10.03 - HP_Ägaren 2009-01-11 10:37:16.8 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1566 [GMT 1:00]

Körs från: c:\documents and settings\HP_Ägaren\Skrivbord\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

.

---- Previous Run -------

.

c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

c:\documents and settings\HP_Ägaren\Application Data\cwdsiwvk.dll

c:\windows\system32\usootjpmfcuqdzm.exe

c:\windows\system32\wr20356.dll

c:\windows\system32\xwr20356.dll

 

.

((((((((((((((((((((( Filer Skapade från 2008-12-11 till 2009-01-11 ))))))))))))))))))))))))))))))))))))

.

 

2009-01-08 23:24 . 2009-01-09 18:30 <KAT> d-------- c:\windows\system32\zipmapp

2009-01-08 23:20 . 2009-01-08 23:34 <KAT> d-------- c:\documents and settings\All Users\Application Data\WinZip

2009-01-07 21:30 . 2006-12-29 00:31 19,569 --a------ c:\windows\000001_.tmp

2009-01-07 19:31 . 2008-12-12 04:28 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys

2009-01-07 17:51 . 2009-01-07 17:51 <KAT> dr------- c:\program\Norton Support

2009-01-07 17:30 . 2009-01-07 17:30 <KAT> d-------- c:\documents and settings\All Users\Application Data\Symantec

2009-01-07 17:29 . 2009-01-07 17:29 <KAT> d-------- c:\program\Symantec

2009-01-07 17:29 . 2009-01-07 17:29 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-07 17:29 . 2009-01-07 17:29 60,808 --a------ c:\windows\system32\S32EVNT1.DLL

2009-01-07 17:27 . 2009-01-07 21:45 <KAT> d-------- c:\windows\system32\drivers\NIS

2009-01-07 17:27 . 2009-01-07 17:27 <KAT> d-------- c:\program\Windows Sidebar

2009-01-07 17:27 . 2009-01-07 17:27 <KAT> d-------- c:\program\Norton Internet Security

2009-01-07 17:15 . 2009-01-07 17:15 <KAT> d-------- c:\program\NortonInstaller

2009-01-07 17:15 . 2009-01-07 17:15 <KAT> d-------- c:\documents and settings\All Users\Application Data\PCSettings

2009-01-07 17:15 . 2009-01-07 17:15 <KAT> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-01-07 17:15 . 2009-01-07 17:30 <KAT> d-------- c:\documents and settings\All Users\Application Data\Norton

2009-01-07 17:14 . 2009-01-07 17:14 <KAT> d-------- c:\documents and settings\All Users\Symantec Temporary Files

2009-01-06 18:53 . 2009-01-06 18:53 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-06 18:53 . 2009-01-06 18:53 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-06 18:42 . 2009-01-06 18:42 <KAT> d-------- c:\program\Delade filer\Java

2009-01-06 17:13 . 2009-01-06 17:13 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-01-06 17:13 . 2009-01-06 17:13 <KAT> d-------- c:\documents and settings\HP_Ägaren\Application Data\Malwarebytes

2009-01-06 17:13 . 2009-01-06 17:13 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-06 17:13 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-06 17:13 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-05 14:25 . 2009-01-05 14:25 44,308 --ah----- c:\windows\system32\mlfcache.dat

2009-01-05 14:05 . 2009-01-05 14:05 <KAT> d--hs---- c:\windows\ftpcache

2009-01-05 14:05 . 2009-01-05 14:05 917,504 --a------ c:\windows\system32\FLASH.OCX

2009-01-02 10:30 . 2009-01-10 20:05 <KAT> d-------- c:\documents and settings\All Users\Application Data\Google Updater

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-08 16:18 --------- d-----w c:\program\SUPERAntiSpyware

2009-01-07 16:56 --------- d-----w c:\program\Google

2009-01-07 16:43 --------- d-----w c:\program\Delade filer\Symantec Shared

2009-01-07 16:29 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-07 16:29 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-06 17:53 --------- d-----w c:\program\Java

2009-01-05 12:26 --------- d-----w c:\documents and settings\HP_Ägaren\Application Data\HP

2009-01-02 23:18 --------- d-----w c:\documents and settings\HP_Ägaren\Application Data\uTorrent

2008-12-21 10:18 --------- d-----w c:\documents and settings\All Users\Application Data\Creative

2008-11-14 23:00 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant

2006-08-13 20:19 22 --sha-w c:\windows\SMINST\HPCD.sys

.

 

------- Sigcheck -------

 

2005-10-21 04:40 662016 d3b9f978b4927b4a674546896bf981ef c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

2007-10-11 00:42 825344 bde874a25c35a9b2648b1bf510595f12 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2007-12-07 02:59 825344 520880d2467f57dd5325790f0c799b3e c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 13:49 827392 893312e4b19721a4de83411c4babab61 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2008-04-23 05:21 827392 21fc0ae15f561edc35d82c8de85c2851 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

2008-06-23 16:42 827904 763148c042469c197933ac956e566226 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

2008-08-26 10:12 827904 27431705f27b772f4f7903e4bf96efb2 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

2008-10-16 20:50 827904 e54a023eeb7dcf92add34940679078e2 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

2004-08-04 05:00 656896 9f721bd834534e75661d8f9bd1efdcd7 c:\windows\$NtUninstallKB905915$\wininet.dll

2005-10-21 04:42 658944 86bf3664b86c59c669d8ff99b150f105 c:\windows\$NtUninstallKB916281$\wininet.dll

2006-05-10 06:27 664064 193ebb237b05182975ee44bda3405af1 c:\windows\$NtUninstallKB918899$\wininet.dll

2006-06-23 12:26 665088 466146844c05dd41e7da573e2f52634a c:\windows\$NtUninstallKB922760$\wininet.dll

2006-09-14 09:37 665088 124b5b1d140b7a5dc8f23172b5125c81 c:\windows\$NtUninstallKB925454$\wininet.dll

2006-10-23 16:35 665088 43cd9445a02b0efc6c08cb86443a16ae c:\windows\$NtUninstallKB928090$\wininet.dll

2007-01-04 15:05 665600 67cc810f4f24bbe33eda3cc2689a28e1 c:\windows\$NtUninstallKB931768$\wininet.dll

2007-02-19 16:23 666112 b0e69d997838a34e68d880e67d114bc7 c:\windows\$NtUninstallKB933566$\wininet.dll

2007-04-18 13:46 666112 d6b8e18f5f73fdeb568bed5852864ef9 c:\windows\$NtUninstallKB937143$\wininet.dll

2007-06-26 15:53 666112 c2743463d86deb7eb0e224a2b769ece1 c:\windows\$NtUninstallKB939653$\wininet.dll

2007-08-22 13:58 666112 5290463c69ddc6813fdc96aeffef14fe c:\windows\$NtUninstallKB942615$\wininet.dll

2007-10-11 07:10 666624 35b50083b6158d1d92454da40d8166a2 c:\windows\ie7\wininet.dll

2007-10-11 00:53 824832 41669fad846f6c003c1ffd8b747c6fa4 c:\windows\ie7updates\KB944533-IE7\wininet.dll

2008-03-01 14:02 826368 f51a84f3b4109769f91e6348d01e2ac1 c:\windows\ie7updates\KB950759-IE7\wininet.dll

2008-06-23 17:42 826368 ce365a16790ec5c5dddc78820949c02e c:\windows\ie7updates\KB956390-IE7\wininet.dll

2008-08-26 09:27 826368 91a76d98b206723d21612aecbc1d65ce c:\windows\ie7updates\KB958215-IE7\wininet.dll

2008-04-14 17:04 666624 b8d98f0cdf9b1429cd95497ad9995078 c:\windows\ServicePackFiles\i386\wininet.dll

2008-10-16 21:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\SoftwareDistribution\Download\3f9908474c970794e94d84058074373d\SP2GDR\wininet.dll

2008-10-16 21:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\SoftwareDistribution\Download\3f9908474c970794e94d84058074373d\SP2QFE\wininet.dll

2007-10-11 00:53 824832 41669fad846f6c003c1ffd8b747c6fa4 c:\windows\SoftwareDistribution\Download\c99627c42c1096d85d802de92f1144c7\SP2GDR\wininet.dll

2007-10-11 00:42 825344 bde874a25c35a9b2648b1bf510595f12 c:\windows\SoftwareDistribution\Download\c99627c42c1096d85d802de92f1144c7\SP2QFE\wininet.dll

2008-10-16 21:33 826368 046da003d4e4664ebbf9ea40b79bdc28 c:\windows\SoftwareDistribution\Download\e68a1fbaf4b42341b9e19e583377c2f9\SP2GDR\wininet.dll

2008-10-16 20:50 827904 e54a023eeb7dcf92add34940679078e2 c:\windows\SoftwareDistribution\Download\e68a1fbaf4b42341b9e19e583377c2f9\SP2QFE\wininet.dll

2008-08-26 09:27 826368 91a76d98b206723d21612aecbc1d65ce c:\windows\SoftwareDistribution\Download\f6ee33b90aa27c711d270ccb06ad3e3b\SP2GDR\wininet.dll

2008-08-26 10:12 827904 27431705f27b772f4f7903e4bf96efb2 c:\windows\SoftwareDistribution\Download\f6ee33b90aa27c711d270ccb06ad3e3b\SP2QFE\wininet.dll

2008-10-16 21:33 826368 046da003d4e4664ebbf9ea40b79bdc28 c:\windows\system32\wininet.dll

2008-10-16 21:33 826368 046da003d4e4664ebbf9ea40b79bdc28 c:\windows\system32\dllcache\wininet.dll

.

((((((((((((((((((((((((((((( snapshot_2009-01-08_17.36.37.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-08 22:21:05 632,320 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}\IconCD95F66110.exe

+ 2009-01-08 22:21:05 29,184 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}\IconCD95F6617.exe

+ 2008-12-20 19:37:30 47,579 ----a-w c:\windows\system32\zipmapp\usootjpmfcuqdzm.exe

+ 2009-01-02 20:25:43 53,410,228 ----a-w c:\windows\system32\zipmapp\xa19524250.exe

+ 2009-01-02 20:25:45 172,032 ----a-w c:\windows\system32\zipmapp\xwr20356.dll

+ 2009-01-11 09:41:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_830.dat

+ 2009-01-11 09:41:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8e0.dat

.

(((((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]

"updateMgr"="c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"CTDVDDET"="c:\program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"VolPanel"="c:\program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"AudioDrvEmulator"="c:\program\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"HPHUPD08"="c:\program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"PCMService"="c:\program\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 147456]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]

"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2005-01-01 180269]

"Net iD"="c:\windows\system32\iid.exe" [2008-02-22 74992]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2008-05-27 413696]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-01-06 136600]

"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]

"nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe]

"CTHelper"="CTHELPER.EXE" [2005-08-08 c:\windows\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 c:\windows\system32\CTXFIHLP.EXE]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartAdobe Reader Speed Launch.lnk - c:\program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

Personal.lnk - c:\program\Personal\bin\Personal.exe [2006-08-17 438272]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 12:41 294912 c:\program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

 

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-07 255536]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-07 362544]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081220.001\IDSxpx86.sys [2009-01-07 274808]

R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]

R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-01-01 2799488]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-07 99376]

R3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

R4 Norton Internet Security;Norton Internet Security;c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-07 115560]

R4 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [2006-10-12 17072]

S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-01-01 468768]

S4 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

.

Innehållet i mappen 'Schemalagda aktiviteter'

 

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2009-01-11 c:\windows\Tasks\Google Software Updater.job

- c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 10:30]

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

Notify-aeydcsgs - c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

 

 

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.newsnow.co.uk/newsfeed/?name=Liverpool

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll

 

O16 -: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab

c:\windows\Downloaded Program Files\DAX.inf

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-11 10:41:34

Windows 5.1.2600 Service Pack 3 NTFS

 

genomsöker dolda processer ...

 

genomsöker dolda autostartpunkter ...

 

genomsöker dolda filer ...

 

genomsökningen avslutades lyckosamt

dolda filer: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"

.

--------------------- DLLer installerade under pågående processer ---------------------

 

- - - - - - - > 'winlogon.exe'(872)

c:\program\SUPERAntiSpyware\SASWINLO.dll

.

------------------------ Andra pågående processer ------------------------

.

c:\windows\system32\rundll32.exe

c:\windows\system32\CTXFISPI.EXE

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\LightScribe\LSSrvc.exe

c:\program\Delade filer\Microsoft Shared\VS7Debug\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

c:\program\Canon\CAL\CALMAIN.exe

c:\windows\system32\scardsvr.exe

c:\windows\system32\wscntfy.exe

c:\program\iPod\bin\iPodService.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system\hpsysdrv.exe

.

**************************************************************************

.

Sluttid: 2009-01-11 10:44:30 - datorn startades om [HP_Ägaren]

ComboFix-quarantined-files.txt 2009-01-11 09:44:28

ComboFix2.txt 2009-01-10 20:43:15

ComboFix3.txt 2009-01-08 16:37:30

ComboFix4.txt 2008-12-21 13:24:16

ComboFix5.txt 2009-01-11 09:23:56

 

Före genomsökningen: 181,377,339,392 byte ledigt

Efter genomsökningen: 181,366,693,888 byte ledigt

 

243 --- E O F --- 2009-01-07 22:01:28

[/log]

 

[Cecilia]

Ta bort c:\windows\system32\zipmapp som är zip-filen med de skadliga filerna du skickade mig.

 

Om du inte fick in Java förut så installera den nu och uppgradera Norton.

 

Det där skadliga filerna som kom med spelet (eventuellt att det bara var någon som kom med spelet men sedan laddade ner fler skadliga program) klämde in sig rejält i Windows för att det skulle vara svårt att få bort det. Men MBAM tog nog bort en del som troligen inte hade något samband med spelet också.

 

Klistra in en ny HijackThis-logg utifall att där skulle finnas någon rest.

 

[Rob..]

Okej,

 

Här kommer en ny logg.

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:41:58, on 11/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program\CyberLink\PowerCinema\PCMService.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\iid.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe

C:\Program\iPod\bin\iPodService.exe

c:\windows\system\hpsysdrv.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsnow.co.uk/newsfeed/?name=Liverpool

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab'>http://www.postfoto.se/aurigma/ImageUploader4.cab

O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} (DAX Control) - https://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Unknown owner - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 10858 bytes

[/log]

 

[Cecilia]

Inga rester i den loggen vad jag kunde se.

 

Tack så väldigt mycket för alla poäng! :)

 

Om allt verkar bra med datorn och du inte har några frågor så ska det nog vara klart nu.

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home