Malware doctor virus

[monet111]

Har drabbats av ett program som låtsas vara ett antivirusprogram.

Det kallar sig för Malware Doctor, dess symbol är ett rött kors på vit botten.

Någon som vet vad det är, och hur man får bort det.

 

Mvh

 

Filip

 

[Cecilia]

Börja med att ladda ner DDS till Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet (i Vista högerklicka och Kör som administratör).

Tryck Yes/Ja på frågan om Optional Scan.

 

I ditt svar bifogar du de två loggarna DSS.txt och Attach.txt i ditt svar på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen nappen i Besvara-fönstret´

Upprepa med nästa logg.

 

[EldRaven]

Jag har samma problem...

 

DDS.txt

[log]DDS (Ver_09-03-16.01) - NTFSx86

Run by Sebastian at 16:46:05,73 on 2009-05-05

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3582.2658 [GMT 2:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe

svchost.exe

C:\WINDOWS\System32\AshEvtSvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Documents and Settings\LocalService\Application Data\900399219.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

F:\Program\DAEMON Tools Lite\daemon.exe

C:\Program\Mozilla Firefox\firefox.exe

F:\Program\WC3Banlist\WC3Banlist.exe

F:\Recived\dds.scr

 

============== Pseudo HJT Report ===============

 

uInternet Settings,ProxyOverride = *.local

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [DAEMON Tools Lite] "f:\program\daemon tools lite\daemon.exe" -autorun

uRun: [Malware Doctor] c:\documents and settings\localservice\application data\900399219.exe

mRun: [Malware Doctor] c:\documents and settings\localservice\application data\900399219.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

uPolicies-system: DisableTaskMgr = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program\java\jre6\bin\jp2iexp.dll

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227718750068

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\sebast~1\applic~1\mozilla\firefox\profiles\d57clgmt.defaultFF - plugin: f:\program\videolan\vlc\npvlc.dll

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R2 AshEvtSvc;AshEvtSvc;c:\windows\system32\ashevtsvc.exe -k netsvcs --> c:\windows\system32\AshEvtSvc.exe -k netsvcs [?]

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-26 12032]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-26 57024]

S2 bEvtSvcE;bEvtSvcE;c:\windows\system32\bevtsvce.exe -k netsvcs --> c:\windows\system32\bEvtSvcE.exe -k netsvcs [?]

S3 getPlus® Helper;getPlus® Helper;c:\program\nos\bin\getPlus_HelperSvc.exe [2008-11-26 33752]

S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2008-12-26 14592]

 

=============== Created Last 30 ================

 

2009-05-05 00:13 <DIR> --d----- C:\ComboFix

2009-05-05 00:04 5,504 ac------ c:\windows\system32\dllcache\intelide.sys

2009-05-05 00:04 5,504 a------- c:\windows\system32\drivers\intelide.sys

2009-05-05 00:04 35,328 ac------ c:\windows\system32\dllcache\pcntpci5.sys

2009-05-05 00:04 35,328 a------- c:\windows\system32\drivers\pcntpci5.sys

2009-05-05 00:04 10,240 ac------ c:\windows\system32\dllcache\compbatt.sys

2009-05-05 00:04 10,240 a------- c:\windows\system32\drivers\compbatt.sys

2009-05-05 00:04 13,952 ac------ c:\windows\system32\dllcache\cmbatt.sys

2009-05-05 00:04 13,952 a------- c:\windows\system32\drivers\CmBatt.sys

2009-05-05 00:04 14,208 ac------ c:\windows\system32\dllcache\battc.sys

2009-05-05 00:04 14,208 a------- c:\windows\system32\drivers\battc.sys

2009-05-01 11:04 232,075 a------- c:\windows\Burn4Free_Toolbar_Uninstaller_3687.exe

2009-05-01 11:04 <DIR> --d----- c:\program\Burn4Free Toolbar

2009-05-01 09:45 161,792 a------- c:\windows\SWREG.exe

2009-05-01 09:45 117,248 a------- c:\windows\VFIND.exe

2009-05-01 09:45 98,816 a------- c:\windows\sed.exe

2009-05-01 09:43 90,624 a------- c:\windows\system32\bEvtSvcE.exe

2009-05-01 09:41 32,768 a------- c:\windows\system32\AshEvtSvc.exe

2009-04-30 03:15 <DIR> --d----- c:\docume~1\sebast~1\applic~1\DC++

2009-04-21 22:32 531 a------- c:\windows\eReg.dat

2009-04-18 17:17 <DIR> --d----- c:\program\Bonjour

2009-04-18 17:12 <DIR> --d----- c:\program\delade filer\Macrovision Shared

2009-04-17 11:25 <DIR> --d----- c:\docume~1\sebast~1\applic~1\Spotify

2009-04-17 09:21 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll

2009-04-17 09:21 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll

2009-04-17 09:21 284,160 -c------ c:\windows\system32\dllcache\pdh.dll

2009-04-17 09:21 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe

2009-04-17 09:21 110,592 -c------ c:\windows\system32\dllcache\services.exe

2009-04-17 09:21 729,600 -c------ c:\windows\system32\dllcache\lsasrv.dll

2009-04-17 09:21 719,360 -c------ c:\windows\system32\dllcache\ntdll.dll

2009-04-17 09:21 681,472 -c------ c:\windows\system32\dllcache\advapi32.dll

2009-04-17 09:21 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-17 09:20 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb

2009-04-17 09:20 217,088 -c------ c:\windows\system32\dllcache\wordpad.exe

 

==================== Find3M ====================

 

2009-05-05 00:16 395,520 a------- c:\windows\system32\perfh01D.dat

2009-05-05 00:16 69,608 a------- c:\windows\system32\perfc01D.dat

2009-04-18 02:33 76,097 a------- c:\windows\War3Unin.dat

2009-03-06 16:24 284,160 a------- c:\windows\system32\pdh.dll

2009-03-03 02:16 826,368 a------- c:\windows\system32\wininet.dll

2009-02-20 19:18 78,336 a------- c:\windows\system32\ieencode.dll

2009-02-09 16:07 1,846,784 a------- c:\windows\system32\win32k.sys

2009-02-09 13:27 2,024,960 a------- c:\windows\system32\ntkrnlpa.exe

2009-02-09 13:27 2,146,304 a------- c:\windows\system32\ntoskrnl.exe

2009-02-09 13:27 110,592 a------- c:\windows\system32\services.exe

2009-02-09 12:56 729,600 a------- c:\windows\system32\lsasrv.dll

2009-02-09 12:56 719,360 a------- c:\windows\system32\ntdll.dll

2009-02-09 12:56 681,472 a------- c:\windows\system32\advapi32.dll

2009-02-09 12:56 401,408 a------- c:\windows\system32\rpcss.dll

2009-02-06 12:39 35,328 a------- c:\windows\system32\sc.exe

 

============= FINISH: 16:46:15,29 ===============[/log]

 

Attach.txt

[log]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-03-16.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2008-11-26 16:43:41

System Uptime: 2009-05-05 13:40:17 (3 hours ago)

 

Motherboard: ASUSTeK Computer INC. | | M2N-SLI DELUXE

Processor: AMD Athlon 64 X2 Dual Core Processor 6400+ | Socket AM2 | 3214/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 49 GiB total, 35,416 GiB free.

D: is FIXED (NTFS) - 699 GiB total, 558,325 GiB free.

F: is FIXED (NTFS) - 195 GiB total, 151,787 GiB free.

G: is FIXED (NTFS) - 195 GiB total, 156,953 GiB free.

H: is CDROM ()

J: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\1900A21E8C00

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\1900A21E8C00

Service: NIC1394

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: NVIDIA nForce Networking Controller

Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&39414771&0&00

Manufacturer: NVIDIA

Name: NVIDIA nForce Networking Controller

PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&39414771&0&00

Service: NVENETFD

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: NVIDIA nForce Networking Controller

Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&20F173B0&0&00

Manufacturer: NVIDIA

Name: NVIDIA nForce Networking Controller #2

PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&20F173B0&0&00

Service: NVENETFD

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Hamachi Network Interface

Device ID: ROOT\NET\0000

Manufacturer: Applied Networking Inc.

Name: Hamachi Network Interface

PNP Device ID: ROOT\NET\0000

Service: hamachi

 

==== System Restore Points ===================

 

RP72: 2009-04-17 18:43:42 - Software Distribution Service 3.0

RP73: 2009-04-18 03:57:17 - Installerad Battlefield 2

RP74: 2009-04-18 04:11:00 - Installerad Battlefield 2-patch v1.41

RP75: 2009-04-19 22:13:12 - Systemkontrollpunkt

RP76: 2009-04-21 05:23:54 - Systemkontrollpunkt

RP77: 2009-04-23 14:35:20 - Systemkontrollpunkt

RP78: 2009-04-25 12:03:51 - Systemkontrollpunkt

RP79: 2009-04-27 17:50:41 - Systemkontrollpunkt

RP80: 2009-04-30 00:24:59 - Systemkontrollpunkt

RP81: 2009-05-01 05:52:02 - Systemkontrollpunkt

RP82: 2009-05-04 01:29:10 - Software Distribution Service 3.0

 

==== Installed Programs ======================

 

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Setup

Adobe Shockwave Player 11

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

ASUSUpdate

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

µTorrent

Battlefield 2

Burn4Free CD and DVD

Burn4Free Toolbar

C-Media USB Sound Driver

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

Combined Community Codec Pack 2008-09-21 16:18

D-Link DWA-556 Wireless N PCIe Desktop Adapter

Day of Defeat

DC++ 0.750

Guitar Pro 5.2

Hamachi 1.0.0.59

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Icemat Siberia USB Soundcard

IrfanView (remove only)

Java 6 Update 10

Java 6 Update 7

JMB36X Raid Configurer

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mozilla Firefox (3.0.10)

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

OpenOffice.org 3.0

PDF Settings

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 - Warlords

SimCity 4 Deluxe

Skins

Skype™ 4.0

Snabbkorrigering för Windows Media Player 11 (KB939683)

Snabbkorrigering för Windows XP (KB952287)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127-v2)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB958215)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB960714)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB963027)

Säkerhetsuppdatering för Windows Media Player (KB952069)

Säkerhetsuppdatering för Windows Media Player 11 (KB936782)

Säkerhetsuppdatering för Windows Media Player 11 (KB954154)

Säkerhetsuppdatering för Windows XP (KB923561)

Säkerhetsuppdatering för Windows XP (KB923789)

Säkerhetsuppdatering för Windows XP (KB938464)

Säkerhetsuppdatering för Windows XP (KB941569)

Säkerhetsuppdatering för Windows XP (KB946648)

Säkerhetsuppdatering för Windows XP (KB950762)

Säkerhetsuppdatering för Windows XP (KB950974)

Säkerhetsuppdatering för Windows XP (KB951066)

Säkerhetsuppdatering för Windows XP (KB951376-v2)

Säkerhetsuppdatering för Windows XP (KB951698)

Säkerhetsuppdatering för Windows XP (KB951748)

Säkerhetsuppdatering för Windows XP (KB952004)

Säkerhetsuppdatering för Windows XP (KB952954)

Säkerhetsuppdatering för Windows XP (KB954211)

Säkerhetsuppdatering för Windows XP (KB954459)

Säkerhetsuppdatering för Windows XP (KB954600)

Säkerhetsuppdatering för Windows XP (KB955069)

Säkerhetsuppdatering för Windows XP (KB956390)

Säkerhetsuppdatering för Windows XP (KB956391)

Säkerhetsuppdatering för Windows XP (KB956572)

Säkerhetsuppdatering för Windows XP (KB956802)

Säkerhetsuppdatering för Windows XP (KB956803)

Säkerhetsuppdatering för Windows XP (KB956841)

Säkerhetsuppdatering för Windows XP (KB957095)

Säkerhetsuppdatering för Windows XP (KB957097)

Säkerhetsuppdatering för Windows XP (KB958644)

Säkerhetsuppdatering för Windows XP (KB958687)

Säkerhetsuppdatering för Windows XP (KB958690)

Säkerhetsuppdatering för Windows XP (KB959426)

Säkerhetsuppdatering för Windows XP (KB960225)

Säkerhetsuppdatering för Windows XP (KB960715)

Säkerhetsuppdatering för Windows XP (KB960803)

Säkerhetsuppdatering för Windows XP (KB961373)

Spotify

Stronghold 2 Deluxe

Uppdatering för Windows XP (KB951072-v2)

Uppdatering för Windows XP (KB951978)

Uppdatering för Windows XP (KB955839)

Uppdatering för Windows XP (KB967715)

Warcraft III: All Products

WC3Banlist

WebFldrs XP

Viktig uppdatering för Windows Media Player 11 (KB959772)

Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)

Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live installer

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinPcap 3.1

WinRAR archiver

VLC media player 0.9.6

Xoomer 1.2

 

==== End Of File ===========================

[/log]

 

[Cecilia]

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny [/log]DDS-logg.

 

[EldRaven]

here we go

 

mbam-log:

[log]Malwarebytes' Anti-Malware 1.36

Databasversion: 2082

Windows 5.1.2600 Service Pack 3

 

2009-05-06 13:03:58

mbam-log-2009-05-06 (13-03-58).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 68991

Förfluten tid: 1 minute(s), 20 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 1

Infekterade registernycklar: 0

Infekterade registervärden: 2

Infekterade registerdataposter: 2

Infekterade mappar: 0

Infekterade filer: 5

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

C:\Program\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> Delete on reboot.

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\system32\bEvtSvcE.exe (Trojan.Spambot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\976949939.exe (Trojan.Spambot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Delete on reboot.

C:\Program\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\900399219.exe (Rogue.MalwareDoc) -> Delete on reboot.

[/log]

 

DDS.txt

[log]DDS (Ver_09-03-16.01) - NTFSx86

Run by Sebastian at 13:13:17,53 on 2009-05-06

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3582.3041 [GMT 2:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

F:\Program\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\System32\AshEvtSvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

F:\Recived\dds.scr

 

============== Pseudo HJT Report ===============

 

uInternet Settings,ProxyOverride = *.local

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [DAEMON Tools Lite] "f:\program\daemon tools lite\daemon.exe" -autorun

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program\java\jre6\bin\jp2iexp.dll

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227718750068

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\sebast~1\applic~1\mozilla\firefox\profiles\d57clgmt.defaultFF - plugin: f:\program\videolan\vlc\npvlc.dll

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R2 AshEvtSvc;AshEvtSvc;c:\windows\system32\ashevtsvc.exe -k netsvcs --> c:\windows\system32\AshEvtSvc.exe -k netsvcs [?]

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-26 12032]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-6 38496]

R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-26 57024]

S2 bEvtSvcE;bEvtSvcE;c:\windows\system32\bevtsvce.exe -k netsvcs --> c:\windows\system32\bEvtSvcE.exe -k netsvcs [?]

S3 getPlus® Helper;getPlus® Helper;c:\program\nos\bin\getPlus_HelperSvc.exe [2008-11-26 33752]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2008-12-26 14592]

 

=============== Created Last 30 ================

 

2009-05-06 13:01 <DIR> --d----- c:\docume~1\sebast~1\applic~1\Malwarebytes

2009-05-06 13:01 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-05-06 13:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-06 13:01 <DIR> --d----- c:\program\Malwarebytes' Anti-Malware

2009-05-06 13:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-05-05 18:03 58,880 a------- c:\windows\system32\1B.tmp

2009-05-05 00:13 <DIR> --d----- C:\ComboFix

2009-05-05 00:04 5,504 ac------ c:\windows\system32\dllcache\intelide.sys

2009-05-05 00:04 5,504 a------- c:\windows\system32\drivers\intelide.sys

2009-05-05 00:04 35,328 ac------ c:\windows\system32\dllcache\pcntpci5.sys

2009-05-05 00:04 35,328 a------- c:\windows\system32\drivers\pcntpci5.sys

2009-05-05 00:04 10,240 ac------ c:\windows\system32\dllcache\compbatt.sys

2009-05-05 00:04 10,240 a------- c:\windows\system32\drivers\compbatt.sys

2009-05-05 00:04 13,952 ac------ c:\windows\system32\dllcache\cmbatt.sys

2009-05-05 00:04 13,952 a------- c:\windows\system32\drivers\CmBatt.sys

2009-05-05 00:04 14,208 ac------ c:\windows\system32\dllcache\battc.sys

2009-05-05 00:04 14,208 a------- c:\windows\system32\drivers\battc.sys

2009-05-01 11:04 232,075 a------- c:\windows\Burn4Free_Toolbar_Uninstaller_3687.exe

2009-05-01 11:04 <DIR> --d----- c:\program\Burn4Free Toolbar

2009-05-01 09:45 161,792 a------- c:\windows\SWREG.exe

2009-05-01 09:45 117,248 a------- c:\windows\VFIND.exe

2009-05-01 09:45 98,816 a------- c:\windows\sed.exe

2009-05-01 09:41 32,768 a------- c:\windows\system32\AshEvtSvc.exe

2009-04-30 03:15 <DIR> --d----- c:\docume~1\sebast~1\applic~1\DC++

2009-04-21 22:32 531 a------- c:\windows\eReg.dat

2009-04-18 17:17 <DIR> --d----- c:\program\Bonjour

2009-04-18 17:12 <DIR> --d----- c:\program\delade filer\Macrovision Shared

2009-04-17 11:25 <DIR> --d----- c:\docume~1\sebast~1\applic~1\Spotify

2009-04-17 09:21 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll

2009-04-17 09:21 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll

2009-04-17 09:21 284,160 -c------ c:\windows\system32\dllcache\pdh.dll

2009-04-17 09:21 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe

2009-04-17 09:21 110,592 -c------ c:\windows\system32\dllcache\services.exe

2009-04-17 09:21 729,600 -c------ c:\windows\system32\dllcache\lsasrv.dll

2009-04-17 09:21 719,360 -c------ c:\windows\system32\dllcache\ntdll.dll

2009-04-17 09:21 681,472 -c------ c:\windows\system32\dllcache\advapi32.dll

2009-04-17 09:21 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-17 09:20 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb

2009-04-17 09:20 217,088 -c------ c:\windows\system32\dllcache\wordpad.exe

 

==================== Find3M ====================

 

2009-05-06 13:02 395,520 a------- c:\windows\system32\perfh01D.dat

2009-05-06 13:02 69,608 a------- c:\windows\system32\perfc01D.dat

2009-04-18 02:33 76,097 a------- c:\windows\War3Unin.dat

2009-03-06 16:24 284,160 a------- c:\windows\system32\pdh.dll

2009-03-03 02:16 826,368 a------- c:\windows\system32\wininet.dll

2009-02-20 19:18 78,336 a------- c:\windows\system32\ieencode.dll

2009-02-09 16:07 1,846,784 a------- c:\windows\system32\win32k.sys

2009-02-09 13:27 2,024,960 a------- c:\windows\system32\ntkrnlpa.exe

2009-02-09 13:27 2,146,304 a------- c:\windows\system32\ntoskrnl.exe

2009-02-09 13:27 110,592 a------- c:\windows\system32\services.exe

2009-02-09 12:56 729,600 a------- c:\windows\system32\lsasrv.dll

2009-02-09 12:56 719,360 a------- c:\windows\system32\ntdll.dll

2009-02-09 12:56 681,472 a------- c:\windows\system32\advapi32.dll

2009-02-09 12:56 401,408 a------- c:\windows\system32\rpcss.dll

2009-02-06 12:39 35,328 a------- c:\windows\system32\sc.exe

 

============= FINISH: 13:13:26,45 ===============

[/log]

 

Attach.txt

[log]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-03-16.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2008-11-26 16:43:41

System Uptime: 2009-05-06 13:05:05 (0 hours ago)

 

Motherboard: ASUSTeK Computer INC. | | M2N-SLI DELUXE

Processor: AMD Athlon 64 X2 Dual Core Processor 6400+ | Socket AM2 | 3214/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 49 GiB total, 35,378 GiB free.

D: is FIXED (NTFS) - 699 GiB total, 557,643 GiB free.

F: is FIXED (NTFS) - 195 GiB total, 151,784 GiB free.

G: is FIXED (NTFS) - 195 GiB total, 156,963 GiB free.

H: is CDROM ()

J: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\1900A21E8C00

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\1900A21E8C00

Service: NIC1394

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: NVIDIA nForce Networking Controller

Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&39414771&0&00

Manufacturer: NVIDIA

Name: NVIDIA nForce Networking Controller

PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&39414771&0&00

Service: NVENETFD

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: NVIDIA nForce Networking Controller

Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&20F173B0&0&00

Manufacturer: NVIDIA

Name: NVIDIA nForce Networking Controller #2

PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&20F173B0&0&00

Service: NVENETFD

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Hamachi Network Interface

Device ID: ROOT\NET\0000

Manufacturer: Applied Networking Inc.

Name: Hamachi Network Interface

PNP Device ID: ROOT\NET\0000

Service: hamachi

 

==== System Restore Points ===================

 

RP72: 2009-04-17 18:43:42 - Software Distribution Service 3.0

RP73: 2009-04-18 03:57:17 - Installerad Battlefield 2

RP74: 2009-04-18 04:11:00 - Installerad Battlefield 2-patch v1.41

RP75: 2009-04-19 22:13:12 - Systemkontrollpunkt

RP76: 2009-04-21 05:23:54 - Systemkontrollpunkt

RP77: 2009-04-23 14:35:20 - Systemkontrollpunkt

RP78: 2009-04-25 12:03:51 - Systemkontrollpunkt

RP79: 2009-04-27 17:50:41 - Systemkontrollpunkt

RP80: 2009-04-30 00:24:59 - Systemkontrollpunkt

RP81: 2009-05-01 05:52:02 - Systemkontrollpunkt

RP82: 2009-05-04 01:29:10 - Software Distribution Service 3.0

RP83: 2009-05-05 19:55:27 - Systemkontrollpunkt

 

==== Installed Programs ======================

 

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Setup

Adobe Shockwave Player 11

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

ASUSUpdate

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

µTorrent

Battlefield 2

Burn4Free CD and DVD

Burn4Free Toolbar

C-Media USB Sound Driver

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

Combined Community Codec Pack 2008-09-21 16:18

D-Link DWA-556 Wireless N PCIe Desktop Adapter

Day of Defeat

DC++ 0.750

Guitar Pro 5.2

Hamachi 1.0.0.59

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Icemat Siberia USB Soundcard

IrfanView (remove only)

Java 6 Update 10

Java 6 Update 7

JMB36X Raid Configurer

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mozilla Firefox (3.0.10)

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

OpenOffice.org 3.0

PDF Settings

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 - Warlords

SimCity 4 Deluxe

Skins

Skype™ 4.0

Snabbkorrigering för Windows Media Player 11 (KB939683)

Snabbkorrigering för Windows XP (KB952287)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127-v2)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB958215)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB960714)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB963027)

Säkerhetsuppdatering för Windows Media Player (KB952069)

Säkerhetsuppdatering för Windows Media Player 11 (KB936782)

Säkerhetsuppdatering för Windows Media Player 11 (KB954154)

Säkerhetsuppdatering för Windows XP (KB923561)

Säkerhetsuppdatering för Windows XP (KB923789)

Säkerhetsuppdatering för Windows XP (KB938464)

Säkerhetsuppdatering för Windows XP (KB941569)

Säkerhetsuppdatering för Windows XP (KB946648)

Säkerhetsuppdatering för Windows XP (KB950762)

Säkerhetsuppdatering för Windows XP (KB950974)

Säkerhetsuppdatering för Windows XP (KB951066)

Säkerhetsuppdatering för Windows XP (KB951376-v2)

Säkerhetsuppdatering för Windows XP (KB951698)

Säkerhetsuppdatering för Windows XP (KB951748)

Säkerhetsuppdatering för Windows XP (KB952004)

Säkerhetsuppdatering för Windows XP (KB952954)

Säkerhetsuppdatering för Windows XP (KB954211)

Säkerhetsuppdatering för Windows XP (KB954459)

Säkerhetsuppdatering för Windows XP (KB954600)

Säkerhetsuppdatering för Windows XP (KB955069)

Säkerhetsuppdatering för Windows XP (KB956390)

Säkerhetsuppdatering för Windows XP (KB956391)

Säkerhetsuppdatering för Windows XP (KB956572)

Säkerhetsuppdatering för Windows XP (KB956802)

Säkerhetsuppdatering för Windows XP (KB956803)

Säkerhetsuppdatering för Windows XP (KB956841)

Säkerhetsuppdatering för Windows XP (KB957095)

Säkerhetsuppdatering för Windows XP (KB957097)

Säkerhetsuppdatering för Windows XP (KB958644)

Säkerhetsuppdatering för Windows XP (KB958687)

Säkerhetsuppdatering för Windows XP (KB958690)

Säkerhetsuppdatering för Windows XP (KB959426)

Säkerhetsuppdatering för Windows XP (KB960225)

Säkerhetsuppdatering för Windows XP (KB960715)

Säkerhetsuppdatering för Windows XP (KB960803)

Säkerhetsuppdatering för Windows XP (KB961373)

Spotify

Stronghold 2 Deluxe

Uppdatering för Windows XP (KB951072-v2)

Uppdatering för Windows XP (KB951978)

Uppdatering för Windows XP (KB955839)

Uppdatering för Windows XP (KB967715)

Warcraft III: All Products

WC3Banlist

WebFldrs XP

Viktig uppdatering för Windows Media Player 11 (KB959772)

Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)

Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live installer

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinPcap 3.1

WinRAR archiver

VLC media player 0.9.6

Xoomer 1.2

 

==== End Of File ===========================

[/log]

 

[Cecilia]

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/

 

Avinstallera:

Burn4Free Toolbar

Java™ 6 Update 10

Java™ 6 Update 7

 

Jag ser att du redan har ComboFix i datorn då kan jag ju lika gärna få se loggen från den också.

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

[log]VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.[/log]

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

[EldRaven]

Hehe, hur har du koll på allting? vart har du lärt dig vad som funkar och vad som inte funkar =S

 

Jag menar du vet precis vad som ska göras beroende på vilket "fel" det är som har uppstått. Är impad över att du håller sån koll!

 

iaf här är combofix-loggen! Tack för hjälpen =)

[log]ComboFix 09-05-05.04 - Sebastian 2009-05-06 14:30.8 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3582.3093 [GMT 2:00]

Körs från: f:\recived\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\LocalService\Application Data\951323796.exe

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-04-06 till 2009-05-06 ))))))))))))))))))))))))))))))

.

 

2009-05-06 12:27 . 2009-05-06 12:27 -------- d-----w c:\program\Java

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\documents and settings\Sebastian\Application Data\Malwarebytes

2009-05-06 11:01 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-06 11:01 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\program\Malwarebytes' Anti-Malware

2009-05-04 22:04 . 2008-04-14 14:40 5504 -c--a-w c:\windows\system32\dllcache\intelide.sys

2009-05-04 22:04 . 2008-04-14 14:40 5504 ----a-w c:\windows\system32\drivers\intelide.sys

2009-05-04 22:04 . 2001-08-17 18:11 35328 -c--a-w c:\windows\system32\dllcache\pcntpci5.sys

2009-05-04 22:04 . 2001-08-17 18:11 35328 ----a-w c:\windows\system32\drivers\pcntpci5.sys

2009-05-04 22:04 . 2008-04-13 17:36 10240 -c--a-w c:\windows\system32\dllcache\compbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 10240 ----a-w c:\windows\system32\drivers\compbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 13952 -c--a-w c:\windows\system32\dllcache\cmbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 13952 ----a-w c:\windows\system32\drivers\CmBatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 14208 -c--a-w c:\windows\system32\dllcache\battc.sys

2009-05-04 22:04 . 2008-04-13 17:36 14208 ----a-w c:\windows\system32\drivers\battc.sys

2009-05-01 09:04 . 2009-05-01 09:04 232075 ----a-w c:\windows\Burn4Free_Toolbar_Uninstaller_3687.exe

2009-05-01 09:04 . 2009-05-06 12:04 -------- d-----w c:\program\Burn4Free Toolbar

2009-05-01 07:41 . 2009-05-01 07:41 32768 ----a-w c:\windows\system32\AshEvtSvc.exe

2009-04-30 01:15 . 2009-04-30 16:33 -------- d-----w c:\documents and settings\Sebastian\Application Data\DC++

2009-04-23 17:58 . 2009-04-30 02:39 -------- d-----w c:\documents and settings\Sebastian\Application Data\Skype

2009-04-23 17:57 . 2009-04-23 17:58 -------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-04-21 20:32 . 2009-04-21 20:32 531 ----a-w c:\windows\eReg.dat

2009-04-18 15:21 . 2009-04-18 15:21 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-04-18 15:17 . 2009-04-18 15:17 -------- d-----w c:\program\Bonjour

2009-04-18 15:12 . 2009-04-18 15:12 -------- d-----w c:\program\Delade filer\Macrovision Shared

2009-04-18 15:10 . 2009-04-18 15:17 -------- d-----w c:\program\Delade filer\Adobe

2009-04-17 09:25 . 2009-04-23 13:05 -------- d-----w c:\documents and settings\Sebastian\Application Data\Spotify

2009-04-17 07:21 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-17 07:21 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-17 07:21 . 2009-02-09 11:27 110592 -c----w c:\windows\system32\dllcache\services.exe

2009-04-17 07:21 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-17 07:21 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-17 07:21 . 2009-02-09 10:56 681472 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-17 07:21 . 2009-02-09 10:56 729600 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-17 07:21 . 2009-02-09 10:55 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-17 07:21 . 2009-02-09 10:56 719360 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-17 07:20 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-06 12:27 . 2008-11-26 19:10 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-06 11:02 . 2007-10-29 12:00 69608 ----a-w c:\windows\system32\perfc01D.dat

2009-05-06 11:02 . 2007-10-29 12:00 395520 ----a-w c:\windows\system32\perfh01D.dat

2009-05-05 11:43 . 2009-05-05 16:03 58880 ----a-w c:\windows\system32\1B.tmp

2009-04-18 01:57 . 2008-11-26 16:34 -------- d--h--w c:\program\InstallShield Installation Information

2009-04-18 00:33 . 2009-01-05 01:05 76097 ----a-w c:\windows\War3Unin.dat

2009-03-06 14:24 . 2007-10-29 12:00 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:16 . 2007-10-29 12:00 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:18 . 2007-10-29 12:00 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-09 14:07 . 2007-10-29 12:00 1846784 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:27 . 2004-08-04 01:25 2024960 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:27 . 2007-10-29 12:00 2146304 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:27 . 2007-10-29 12:00 110592 ----a-w c:\windows\system32\services.exe

2009-02-09 10:56 . 2007-10-29 12:00 729600 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:56 . 2007-10-29 12:00 719360 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 10:56 . 2007-10-29 12:00 681472 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:56 . 2007-10-29 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-06 10:39 . 2007-10-29 12:00 35328 ----a-w c:\windows\system32\sc.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-01_08.01.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-06 12:27 . 2009-05-06 12:27 16384 c:\windows\Temp\Perflib_Perfdata_680.dat

+ 2009-05-04 21:47 . 2008-04-14 16:04 75264 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\storprop.dll

+ 2009-05-04 21:47 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

+ 2007-10-29 12:00 . 2009-05-06 11:02 58596 c:\windows\system32\perfc009.dat

- 2007-10-29 12:00 . 2009-04-18 14:58 58596 c:\windows\system32\perfc009.dat

+ 2008-09-05 22:30 . 2009-03-10 20:18 968584 c:\windows\system32\WgaTray.exe

+ 2008-09-05 22:31 . 2009-03-10 20:18 265088 c:\windows\system32\WgaLogon.dll

- 2007-10-29 12:00 . 2009-04-18 14:58 392296 c:\windows\system32\perfh009.dat

+ 2007-10-29 12:00 . 2009-05-06 11:02 392296 c:\windows\system32\perfh009.dat

+ 2009-05-06 12:27 . 2009-05-06 12:27 148888 c:\windows\system32\javaws.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 148888 c:\windows\system32\javaws.exe

+ 2009-05-06 12:27 . 2009-05-06 12:27 144792 c:\windows\system32\javaw.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 144792 c:\windows\system32\javaw.exe

+ 2009-05-06 12:27 . 2009-05-06 12:27 144792 c:\windows\system32\java.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 144792 c:\windows\system32\java.exe

+ 2008-09-05 22:30 . 2009-03-10 20:18 968584 c:\windows\system32\dllcache\WgaTray.exe

+ 2008-09-05 22:31 . 2009-03-10 20:18 265088 c:\windows\system32\dllcache\wgaLogon.dll

+ 2008-02-29 04:14 . 2008-02-29 04:14 223744 c:\windows\system32\b4fm.dll

+ 2008-03-20 17:06 . 2009-03-10 20:18 1482112 c:\windows\system32\LegitCheckControl.dll

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1695232]

"DAEMON Tools Lite"="f:\program\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-05-06 148888]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Wireless Connection Manager.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Wireless Connection Manager.lnk

backup=c:\windows\pss\Wireless Connection Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Sebastian^Start-meny^Program^Autostart^OpenOffice.org 3.0.lnk]

path=c:\documents and settings\Sebastian\Start-meny\Program\Autostart\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"f:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"g:\\Warcraft III\\war3.exe"=

"g:\\Steam\\steamapps\\eldraven\\counter-strike\\hl.exe"=

"g:\\CIV4\\Civilization4.exe"=

"g:\\CIV4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"g:\\CIV4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"g:\\CIV4\\Warlords\\Civ4Warlords.exe"=

"g:\\CIV4\\Warlords\\Civ4Warlords_PitBoss.exe"=

"g:\\Steam\\steamapps\\eldraven\\team fortress 2\\hl2.exe"=

"g:\\Stronghold 2\\Stronghold2.exe"=

"f:\\Program\\Spotify\\spotify.exe"=

"g:\\Counter-Strike 1.6\\hl.exe"=

"g:\\BF2\\BF2.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"g:\\Steam\\steamapps\\eldraven\\day of defeat source\\hl2.exe"=

"f:\\Recived\\pickup.listchecker.exe"=

"f:\\Program\\Skype\\Phone\\Skype.exe"=

"f:\\Program\\DC++ HUB\\PtokaX.exe"=

"f:\\Program\\DC++\\DCPlusPlus.exe"=

 

R2 AshEvtSvc;AshEvtSvc;c:\windows\System32\AshEvtSvc.exe -k netsvcs --> c:\windows\System32\AshEvtSvc.exe -k netsvcs [?]

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-26 12032]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-26 57024]

S2 bEvtSvcE;bEvtSvcE;c:\windows\System32\bEvtSvcE.exe -k netsvcs --> c:\windows\System32\bEvtSvcE.exe -k netsvcs [?]

S3 getPlus® Helper;getPlus® Helper;c:\program\NOS\bin\getPlus_HelperSvc.exe [2008-11-26 33752]

S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2008-12-26 14592]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*NewlyCreated* - APPMGMT

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{144f7b7c-2b99-11de-9caf-001e8c6d38bf}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

.

.

------- Extra genomsökning -------

.

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

FF - ProfilePath - c:\documents and settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\d57clgmt.defaultFF - plugin: f:\program\VideoLAN\VLC\npvlc.dll

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-06 14:31

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(728)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(784)

c:\windows\system32\nvappfilter.dll

.

Sluttid: 2009-05-06 14:31

ComboFix-quarantined-files.txt 2009-05-06 12:31

ComboFix2.txt 2009-05-04 22:15

ComboFix3.txt 2009-05-04 20:25

ComboFix4.txt 2009-05-02 18:09

ComboFix5.txt 2009-05-06 12:29

 

Före genomsökningen: 37 948 669 952 byte ledigt

Efter genomsökningen: 37 978 652 672 byte ledigt

 

188 --- E O F --- 2009-05-03 23:29[/log]

 

 

[Cecilia]

Nja, det är väl inte alltid så att jag vet vad som är enklaste eller bästa sättet att bli av med skadliga program, men jag är välbekant med ett antal program som hjälper mot mycket. Sedan får man läsa mycket hur andra har löst samma eller likartade problem.

 

Om Burn4Free Toolbar nu är avinstallerad så ta bort:

2009-05-01 09:04 . 2009-05-01 09:04 232075 ----a-w c:\windows\Burn4Free_Toolbar_Uninstaller_3687.exe

2009-05-01 09:04 . 2009-05-06 12:04 -------- d-----w c:\program\Burn4Free Toolbar

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

c:\windows\system32\AshEvtSvc.exe

c:\windows\system32\1B.tmp

c:\windows\System32\bEvtSvcE.exe

 

[EldRaven]

hmm jag hittade inte:

2009-05-01 09:04 . 2009-05-01 09:04 232075 ----a-w c:\windows\Burn4Free_Toolbar_Uninstaller_3687.exe

 

den andra är borttagen, men malware doctor är tillbaka däremot! =/

 

 

AshEvtSvc.exe

[log]a-squared 4.0.0.101 2009.05.07 Trojan-Downloader.Win32.Cbeplay!IK

AhnLab-V3 5.0.0.2 2009.05.07 -

AntiVir 7.9.0.160 2009.05.07 TR/Crypt.XPACK.Gen

Antiy-AVL 2.0.3.1 2009.05.07 -

Authentium 5.1.2.4 2009.05.07 -

Avast 4.8.1335.0 2009.05.06 -

AVG 8.5.0.327 2009.05.07 -

BitDefender 7.2 2009.05.07 Trojan.Downloader.JLXY

CAT-QuickHeal 10.00 2009.05.06 Trojan.Agent.ATV

ClamAV 0.94.1 2009.05.07 -

Comodo 1154 2009.05.06 Unclassified Malware

DrWeb 5.0.0.12182 2009.05.07 Trojan.DownLoad.33602

eSafe 7.0.17.0 2009.05.05 Suspicious File

eTrust-Vet 31.6.6494 2009.05.07 -

F-Prot 4.4.4.56 2009.05.06 -

F-Secure 8.0.14470.0 2009.05.07 -

Fortinet 3.117.0.0 2009.05.07 -

GData 19 2009.05.07 Trojan.Downloader.JLXY

Ikarus T3.1.1.49.0 2009.05.07 Trojan-Downloader.Win32.Cbeplay

K7AntiVirus 7.10.723 2009.05.05 Trojan.Win32.Malware.1

Kaspersky 7.0.0.125 2009.05.07 -

McAfee 5607 2009.05.06 Generic.dx!bi

McAfee+Artemis 5607 2009.05.06 Generic.dx!bi

McAfee-GW-Edition 6.7.6 2009.05.07 Trojan.Crypt.XPACK.Gen

Microsoft 1.4602 2009.05.07 -

NOD32 4059 2009.05.07 -

Norman 6.01.05 2009.05.06 W32/Smalltroj.NHLR

nProtect 2009.1.8.0 2009.05.07 -

Panda 10.0.0.14 2009.05.06 Trj/CI.A

PCTools 4.4.2.0 2009.05.06 -

Prevx 3.0 2009.05.07 -

Rising 21.28.32.00 2009.05.07 -

Sophos 4.41.0 2009.05.07 Mal/EncPk-HL

Sunbelt 3.2.1858.2 2009.05.07 -

Symantec 1.4.4.12 2009.05.07 Trojan Horse

TheHacker 6.3.4.1.320 2009.05.07 -

TrendMicro 8.950.0.1092 2009.05.07 -

VBA32 3.12.10.4 2009.05.05 -

ViRobot 2009.5.7.1723 2009.05.07 -

VirusBuster 4.6.5.0 2009.05.06 -[/log]

 

1B.tmp

[log]Antivirus Version Senaste Uppdatering Resultat

a-squared 4.0.0.101 2009.05.07 Gen.Trojan!IK

AhnLab-V3 5.0.0.2 2009.05.07 -

AntiVir 7.9.0.160 2009.05.07 TR/Crypt.XPACK.Gen

Antiy-AVL 2.0.3.1 2009.05.07 -

Authentium 5.1.2.4 2009.05.07 W32/Trojan3.AOE

Avast 4.8.1335.0 2009.05.06 Win32:Trojan-gen {Other}

BitDefender 7.2 2009.05.07 Trojan.Agent.AMPZ

CAT-QuickHeal 10.00 2009.05.06 -

ClamAV 0.94.1 2009.05.07 -

Comodo 1154 2009.05.06 Unclassified Malware

eSafe 7.0.17.0 2009.05.05 Win32.TRCrypt.XPACK

eTrust-Vet 31.6.6494 2009.05.07 -

F-Prot 4.4.4.56 2009.05.06 W32/Trojan3.AOE

F-Secure 8.0.14470.0 2009.05.07 Trojan.Win32.Agent.cbsz

Fortinet 3.117.0.0 2009.05.07 W32/Agent.CBSZ!tr

GData 19 2009.05.07 Trojan.Agent.AMPZ

Ikarus T3.1.1.49.0 2009.05.07 Gen.Trojan

K7AntiVirus 7.10.723 2009.05.05 Trojan.Win32.Malware.1

Kaspersky 7.0.0.125 2009.05.07 Trojan.Win32.Agent.cbsz

McAfee 5607 2009.05.06 FakeAlert-CK.dll

McAfee+Artemis 5607 2009.05.06 FakeAlert-CK.dll

McAfee-GW-Edition 6.7.6 2009.05.07 Trojan.Crypt.XPACK.Gen

Microsoft 1.4602 2009.05.07 PWS:Win32/Prefsap.C

NOD32 4059 2009.05.07 -

Norman 6.01.05 2009.05.06 -

nProtect 2009.1.8.0 2009.05.07 -

Panda 10.0.0.14 2009.05.06 Trj/CI.A

PCTools 4.4.2.0 2009.05.06 -

Prevx 3.0 2009.05.07 -

Sophos 4.41.0 2009.05.07 Mal/EncPk-HL

Sunbelt 3.2.1858.2 2009.05.07 Gen-Trojan.Heur

Symantec 1.4.4.12 2009.05.07 Trojan Horse

TheHacker 6.3.4.1.320 2009.05.07 -

TrendMicro 8.950.0.1092 2009.05.07 TROJ_XPACK.AZ

VBA32 3.12.10.4 2009.05.05 -

ViRobot 2009.5.7.1723 2009.05.07 -

VirusBuster 4.6.5.0 2009.05.06 -[/log]

 

bEvtSvcE.exe

[log]

Antivirus Version Senaste Uppdatering Resultat

a-squared 4.0.0.101 2009.05.07 Trojan.Win32.Agent!IK

AhnLab-V3 5.0.0.2 2009.05.07 Win-Trojan/Agent.90624.BQ

AntiVir 7.9.0.160 2009.05.07 TR/Crypt.XPACK.Gen

Antiy-AVL 2.0.3.1 2009.05.07 Trojan/Win32.Agent

Authentium 5.1.2.4 2009.05.07 W32/TrojanX.BJBG

Avast 4.8.1335.0 2009.05.06 Win32:Trojan-gen {Other}

AVG 8.5.0.327 2009.05.07 Downloader.FraudLoad.AP

BitDefender 7.2 2009.05.07 Trojan.Packed.Gen.1

CAT-QuickHeal 10.00 2009.05.06 Trojan.Agent.ATV

ClamAV 0.94.1 2009.05.07 Trojan.Downloader-60771

Comodo 1154 2009.05.06 TrojWare.Win32.Trojan.Agent.~SEI

DrWeb 5.0.0.12182 2009.05.07 Trojan.EmailSpy.132

eSafe 7.0.17.0 2009.05.05 Win32.Agent.aqpi

eTrust-Vet 31.6.6494 2009.05.07 -

F-Prot 4.4.4.56 2009.05.06 W32/TrojanX.BJBG

F-Secure 8.0.14470.0 2009.05.07 Trojan.Win32.Agent.aqpi

Fortinet 3.117.0.0 2009.05.07 W32/TibsPak

GData 19 2009.05.07 Trojan.Packed.Gen.1

Ikarus T3.1.1.49.0 2009.05.07 Trojan.Win32.Agent

K7AntiVirus 7.10.723 2009.05.05 Trojan.Win32.Agent.aqpi

Kaspersky 7.0.0.125 2009.05.07 Trojan.Win32.Agent.aqpi

McAfee 5607 2009.05.06 Generic PWS.y

McAfee+Artemis 5607 2009.05.06 Generic PWS.y

McAfee-GW-Edition 6.7.6 2009.05.07 Trojan.Crypt.XPACK.Gen

Microsoft 1.4602 2009.05.07 Trojan:Win32/Tibs.gen!O

NOD32 4059 2009.05.07 Win32/Agent.PFK

Norman 6.01.05 2009.05.06 Festeal.A

nProtect 2009.1.8.0 2009.05.07 Trojan/W32.Agent.90624.AI

Panda 10.0.0.14 2009.05.06 Suspicious file

PCTools 4.4.2.0 2009.05.06 Trojan-Downloader.Agent.AGPI

Prevx 3.0 2009.05.07 High Risk Worm

Rising 21.28.32.00 2009.05.07 Trojan.DL.Win32.Undef.cgj

Sophos 4.41.0 2009.05.07 Mal/EncPk-GD

Sunbelt 3.2.1858.2 2009.05.07 Trojan.Win32.Agent.aqpi

Symantec 1.4.4.12 2009.05.07 Trojan Horse

TheHacker 6.3.4.1.320 2009.05.07 Trojan/Agent.aqpi

TrendMicro 8.950.0.1092 2009.05.07 TROJ_FRAUD.AL

VBA32 3.12.10.4 2009.05.05 Win32.Agent.PFK

ViRobot 2009.5.7.1723 2009.05.07 Trojan.Win32.Agent.90624.B

VirusBuster 4.6.5.0 2009.05.06 Trojan.Agent.FMRQ[/log]

 

[Cecilia]

Okej, om Malware doctor är tillbaks så är det nog bäst med en ny ComboFix-logg innan borttagningen av filer börjar.

 

[EldRaven]

Det verkar också vara så att det bara kommer tebaks när jag startar om datorn, så jag kan låta den vara på tills vi/jag/du fått rätsida på det. =)

 

Combofix-log

[log]ComboFix 09-05-05.04 - Sebastian 2009-05-07 13:42.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3582.2953 [GMT 2:00]

Körs från: f:\recived\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\LocalService\Application Data\900399219.exe

c:\documents and settings\LocalService\Application Data\951323796.exe

c:\documents and settings\LocalService\Application Data\976949939.exe

c:\program\Mozilla Firefox\setupapi.dll

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-04-07 till 2009-05-07 ))))))))))))))))))))))))))))))

.

 

2009-05-07 10:17 . 2009-05-07 10:17 90624 ----a-w c:\windows\system32\bEvtSvcE.exe

2009-05-06 19:35 . 2009-05-06 19:35 -------- d-sh--w C:\found.000

2009-05-06 12:27 . 2009-05-06 12:27 -------- d-----w c:\program\Java

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\documents and settings\Sebastian\Application Data\Malwarebytes

2009-05-06 11:01 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-06 11:01 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\program\Malwarebytes' Anti-Malware

2009-05-04 22:04 . 2008-04-14 14:40 5504 -c--a-w c:\windows\system32\dllcache\intelide.sys

2009-05-04 22:04 . 2008-04-14 14:40 5504 ----a-w c:\windows\system32\drivers\intelide.sys

2009-05-04 22:04 . 2001-08-17 18:11 35328 -c--a-w c:\windows\system32\dllcache\pcntpci5.sys

2009-05-04 22:04 . 2001-08-17 18:11 35328 ----a-w c:\windows\system32\drivers\pcntpci5.sys

2009-05-04 22:04 . 2008-04-13 17:36 10240 -c--a-w c:\windows\system32\dllcache\compbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 10240 ----a-w c:\windows\system32\drivers\compbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 13952 -c--a-w c:\windows\system32\dllcache\cmbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 13952 ----a-w c:\windows\system32\drivers\CmBatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 14208 -c--a-w c:\windows\system32\dllcache\battc.sys

2009-05-04 22:04 . 2008-04-13 17:36 14208 ----a-w c:\windows\system32\drivers\battc.sys

2009-05-01 07:41 . 2009-05-01 07:41 32768 ----a-w c:\windows\system32\AshEvtSvc.exe

2009-04-30 01:15 . 2009-04-30 16:33 -------- d-----w c:\documents and settings\Sebastian\Application Data\DC++

2009-04-23 17:58 . 2009-04-30 02:39 -------- d-----w c:\documents and settings\Sebastian\Application Data\Skype

2009-04-23 17:57 . 2009-04-23 17:58 -------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-04-21 20:32 . 2009-04-21 20:32 531 ----a-w c:\windows\eReg.dat

2009-04-18 15:21 . 2009-04-18 15:21 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-04-18 15:17 . 2009-04-18 15:17 -------- d-----w c:\program\Bonjour

2009-04-18 15:12 . 2009-04-18 15:12 -------- d-----w c:\program\Delade filer\Macrovision Shared

2009-04-18 15:10 . 2009-05-07 09:35 -------- d-----w c:\program\Delade filer\Adobe

2009-04-17 09:25 . 2009-04-23 13:05 -------- d-----w c:\documents and settings\Sebastian\Application Data\Spotify

2009-04-17 07:21 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-17 07:21 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-17 07:21 . 2009-02-09 11:27 110592 -c----w c:\windows\system32\dllcache\services.exe

2009-04-17 07:21 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-17 07:21 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-17 07:21 . 2009-02-09 10:56 681472 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-17 07:21 . 2009-02-09 10:56 729600 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-17 07:21 . 2009-02-09 10:55 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-17 07:21 . 2009-02-09 10:56 719360 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-17 07:20 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-06 12:27 . 2008-11-26 19:10 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-06 11:02 . 2007-10-29 12:00 69608 ----a-w c:\windows\system32\perfc01D.dat

2009-05-06 11:02 . 2007-10-29 12:00 395520 ----a-w c:\windows\system32\perfh01D.dat

2009-05-05 11:43 . 2009-05-05 16:03 58880 ----a-w c:\windows\system32\1B.tmp

2009-04-18 01:57 . 2008-11-26 16:34 -------- d--h--w c:\program\InstallShield Installation Information

2009-04-18 00:33 . 2009-01-05 01:05 76097 ----a-w c:\windows\War3Unin.dat

2009-03-06 14:24 . 2007-10-29 12:00 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:16 . 2007-10-29 12:00 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:18 . 2007-10-29 12:00 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-09 14:07 . 2007-10-29 12:00 1846784 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:27 . 2004-08-04 01:25 2024960 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:27 . 2007-10-29 12:00 2146304 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:27 . 2007-10-29 12:00 110592 ----a-w c:\windows\system32\services.exe

2009-02-09 10:56 . 2007-10-29 12:00 729600 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:56 . 2007-10-29 12:00 719360 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 10:56 . 2007-10-29 12:00 681472 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:56 . 2007-10-29 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-01_08.01.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-07 10:15 . 2009-05-07 10:15 16384 c:\windows\Temp\Perflib_Perfdata_718.dat

+ 2009-05-04 21:47 . 2008-04-14 16:04 75264 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\storprop.dll

+ 2009-05-04 21:47 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

+ 2007-10-29 12:00 . 2009-05-06 11:02 58596 c:\windows\system32\perfc009.dat

- 2007-10-29 12:00 . 2009-04-18 14:58 58596 c:\windows\system32\perfc009.dat

+ 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2008-09-05 22:30 . 2009-03-10 20:18 968584 c:\windows\system32\WgaTray.exe

+ 2008-09-05 22:31 . 2009-03-10 20:18 265088 c:\windows\system32\WgaLogon.dll

+ 2007-10-29 12:00 . 2009-05-06 11:02 392296 c:\windows\system32\perfh009.dat

- 2007-10-29 12:00 . 2009-04-18 14:58 392296 c:\windows\system32\perfh009.dat

+ 2009-05-06 12:27 . 2009-05-06 12:27 148888 c:\windows\system32\javaws.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 148888 c:\windows\system32\javaws.exe

+ 2009-05-06 12:27 . 2009-05-06 12:27 144792 c:\windows\system32\javaw.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 144792 c:\windows\system32\javaw.exe

+ 2009-05-06 12:27 . 2009-05-06 12:27 144792 c:\windows\system32\java.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 144792 c:\windows\system32\java.exe

+ 2008-09-05 22:30 . 2009-03-10 20:18 968584 c:\windows\system32\dllcache\WgaTray.exe

+ 2008-09-05 22:31 . 2009-03-10 20:18 265088 c:\windows\system32\dllcache\wgaLogon.dll

+ 2008-02-29 04:14 . 2008-02-29 04:14 223744 c:\windows\system32\b4fm.dll

+ 2008-03-20 17:06 . 2009-03-10 20:18 1482112 c:\windows\system32\LegitCheckControl.dll

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1695232]

"DAEMON Tools Lite"="f:\program\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Malware Doctor"="c:\documents and settings\LocalService\Application Data\900399219.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-05-06 148888]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Malware Doctor"="c:\documents and settings\LocalService\Application Data\900399219.exe" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Wireless Connection Manager.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Wireless Connection Manager.lnk

backup=c:\windows\pss\Wireless Connection Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Sebastian^Start-meny^Program^Autostart^OpenOffice.org 3.0.lnk]

path=c:\documents and settings\Sebastian\Start-meny\Program\Autostart\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"f:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"g:\\Warcraft III\\war3.exe"=

"g:\\Steam\\steamapps\\eldraven\\counter-strike\\hl.exe"=

"g:\\CIV4\\Civilization4.exe"=

"g:\\CIV4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"g:\\CIV4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"g:\\CIV4\\Warlords\\Civ4Warlords.exe"=

"g:\\CIV4\\Warlords\\Civ4Warlords_PitBoss.exe"=

"g:\\Steam\\steamapps\\eldraven\\team fortress 2\\hl2.exe"=

"g:\\Stronghold 2\\Stronghold2.exe"=

"f:\\Program\\Spotify\\spotify.exe"=

"g:\\Counter-Strike 1.6\\hl.exe"=

"g:\\BF2\\BF2.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"g:\\Steam\\steamapps\\eldraven\\day of defeat source\\hl2.exe"=

"f:\\Program\\Skype\\Phone\\Skype.exe"=

"f:\\Program\\DC++ HUB\\PtokaX.exe"=

"f:\\Program\\DC++\\DCPlusPlus.exe"=

 

R2 AshEvtSvc;AshEvtSvc;c:\windows\System32\AshEvtSvc.exe -k netsvcs --> c:\windows\System32\AshEvtSvc.exe -k netsvcs [?]

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-26 12032]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-26 57024]

S2 bEvtSvcE;bEvtSvcE;c:\windows\System32\bEvtSvcE.exe -k netsvcs --> c:\windows\System32\bEvtSvcE.exe -k netsvcs [?]

S3 getPlus® Helper;getPlus® Helper;c:\program\NOS\bin\getPlus_HelperSvc.exe [2008-11-26 33752]

S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2008-12-26 14592]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{144f7b7c-2b99-11de-9caf-001e8c6d38bf}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

.

.

------- Extra genomsökning -------

.

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

FF - ProfilePath - c:\documents and settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\d57clgmt.defaultFF - plugin: f:\program\VideoLAN\VLC\npvlc.dll

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-07 13:43

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(728)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(784)

c:\windows\system32\nvappfilter.dll

.

Sluttid: 2009-05-07 13:43

ComboFix-quarantined-files.txt 2009-05-07 11:43

ComboFix2.txt 2009-05-06 12:31

ComboFix3.txt 2009-05-04 22:15

ComboFix4.txt 2009-05-04 20:25

ComboFix5.txt 2009-05-07 11:42

 

Före genomsökningen: 37 674 446 848 byte ledigt

Efter genomsökningen: 37 667 966 976 byte ledigt

 

192 --- E O F --- 2009-05-03 23:29

[/log]

 

[Cecilia]

Jag hoppas att nedanstående knäcker Malware Doctor.

Du behöver flytta ComboFix från mappen f:\recived till Skrivbordet för att nedanstående beskrivning ska stämma.

 

Kopiera alla rader i rutan (använd markera kod)

Driver::
AshEvtSvc
bEvtSvcE
File::
c:\windows\system32\bEvtSvcE.exe
c:\windows\system32\AshEvtSvc.exe
c:\windows\system32\1B.tmp

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Finns det några filer i mappen c:\windows\system32 som liknar filnamnet 1B.tmp?

 

[EldRaven]

yes jag gjorde som du sa. Har dock inte hittat några filer med liknenade namn (om man inte räknar med alla andra .tmp-filer som fanns där?)

 

har dock inte använt Windows (kör dualboot med Linux) de senaste dagarna men ska logga in och kolla om det är löst!

 

[Cecilia]

Det är inte normalt med tmp-filer i mappen c:\windows\system32 så jag tycker du tar bort allihop.

 

Jag skulle vilja se C:\ComboFix.txt för att se om det finns något mer som borde tas bort.

 

[EldRaven]

Hmm I see...

Men Malware Doctor verkar vara borta för tillfället.

 

här är loggen (körde en ny precis nu)

[log]ComboFix 09-05-09.05 - Sebastian 2009-05-10 21:18.11 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3582.3013 [GMT 2:00]

Körs från: c:\documents and settings\Sebastian\Skrivbord\ComboFix.exe

* Skapade en ny återställningspunkt

.

 

(((((((((((((((((((((((( Filer Skapade från 2009-04-10 till 2009-05-10 ))))))))))))))))))))))))))))))

.

 

2009-05-06 19:35 . 2009-05-06 19:35 -------- d-sh--w C:\found.000

2009-05-06 12:27 . 2009-05-06 12:27 -------- d-----w c:\program\Java

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\documents and settings\Sebastian\Application Data\Malwarebytes

2009-05-06 11:01 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-06 11:01 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\program\Malwarebytes' Anti-Malware

2009-05-04 22:04 . 2008-04-14 14:40 5504 -c--a-w c:\windows\system32\dllcache\intelide.sys

2009-05-04 22:04 . 2008-04-14 14:40 5504 ----a-w c:\windows\system32\drivers\intelide.sys

2009-05-04 22:04 . 2001-08-17 18:11 35328 -c--a-w c:\windows\system32\dllcache\pcntpci5.sys

2009-05-04 22:04 . 2001-08-17 18:11 35328 ----a-w c:\windows\system32\drivers\pcntpci5.sys

2009-05-04 22:04 . 2008-04-13 17:36 10240 -c--a-w c:\windows\system32\dllcache\compbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 10240 ----a-w c:\windows\system32\drivers\compbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 13952 -c--a-w c:\windows\system32\dllcache\cmbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 13952 ----a-w c:\windows\system32\drivers\CmBatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 14208 -c--a-w c:\windows\system32\dllcache\battc.sys

2009-05-04 22:04 . 2008-04-13 17:36 14208 ----a-w c:\windows\system32\drivers\battc.sys

2009-04-30 01:15 . 2009-04-30 16:33 -------- d-----w c:\documents and settings\Sebastian\Application Data\DC++

2009-04-23 17:58 . 2009-04-30 02:39 -------- d-----w c:\documents and settings\Sebastian\Application Data\Skype

2009-04-23 17:57 . 2009-04-23 17:58 -------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-04-21 20:32 . 2009-04-21 20:32 531 ----a-w c:\windows\eReg.dat

2009-04-18 15:21 . 2009-04-18 15:21 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-04-18 15:17 . 2009-04-18 15:17 -------- d-----w c:\program\Bonjour

2009-04-18 15:12 . 2009-04-18 15:12 -------- d-----w c:\program\Delade filer\Macrovision Shared

2009-04-18 15:10 . 2009-05-07 09:35 -------- d-----w c:\program\Delade filer\Adobe

2009-04-17 09:25 . 2009-04-23 13:05 -------- d-----w c:\documents and settings\Sebastian\Application Data\Spotify

2009-04-17 07:21 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-17 07:21 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-17 07:21 . 2009-02-09 11:27 110592 -c----w c:\windows\system32\dllcache\services.exe

2009-04-17 07:21 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-17 07:21 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-17 07:21 . 2009-02-09 10:56 681472 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-17 07:21 . 2009-02-09 10:56 729600 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-17 07:21 . 2009-02-09 10:55 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-17 07:21 . 2009-02-09 10:56 719360 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-17 07:20 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-06 12:27 . 2008-11-26 19:10 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-06 11:02 . 2007-10-29 12:00 69608 ----a-w c:\windows\system32\perfc01D.dat

2009-05-06 11:02 . 2007-10-29 12:00 395520 ----a-w c:\windows\system32\perfh01D.dat

2009-04-18 01:57 . 2008-11-26 16:34 -------- d--h--w c:\program\InstallShield Installation Information

2009-04-18 00:33 . 2009-01-05 01:05 76097 ----a-w c:\windows\War3Unin.dat

2009-03-06 14:24 . 2007-10-29 12:00 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:16 . 2007-10-29 12:00 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:18 . 2007-10-29 12:00 78336 ----a-w c:\windows\system32\ieencode.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-01_08.01.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-10 17:24 . 2009-05-10 17:24 16384 c:\windows\Temp\Perflib_Perfdata_71c.dat

+ 2009-05-04 21:47 . 2008-04-14 16:04 75264 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\storprop.dll

+ 2009-05-04 21:47 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

+ 2007-10-29 12:00 . 2009-05-06 11:02 58596 c:\windows\system32\perfc009.dat

- 2007-10-29 12:00 . 2009-04-18 14:58 58596 c:\windows\system32\perfc009.dat

+ 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2008-09-05 22:30 . 2009-03-10 20:18 968584 c:\windows\system32\WgaTray.exe

+ 2008-09-05 22:31 . 2009-03-10 20:18 265088 c:\windows\system32\WgaLogon.dll

+ 2007-10-29 12:00 . 2009-05-06 11:02 392296 c:\windows\system32\perfh009.dat

- 2007-10-29 12:00 . 2009-04-18 14:58 392296 c:\windows\system32\perfh009.dat

+ 2009-05-06 12:27 . 2009-05-06 12:27 148888 c:\windows\system32\javaws.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 148888 c:\windows\system32\javaws.exe

+ 2009-05-06 12:27 . 2009-05-06 12:27 144792 c:\windows\system32\javaw.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 144792 c:\windows\system32\javaw.exe

+ 2009-05-06 12:27 . 2009-05-06 12:27 144792 c:\windows\system32\java.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 144792 c:\windows\system32\java.exe

+ 2008-09-05 22:30 . 2009-03-10 20:18 968584 c:\windows\system32\dllcache\WgaTray.exe

+ 2008-09-05 22:31 . 2009-03-10 20:18 265088 c:\windows\system32\dllcache\wgaLogon.dll

+ 2008-02-29 04:14 . 2008-02-29 04:14 223744 c:\windows\system32\b4fm.dll

+ 2008-03-20 17:06 . 2009-03-10 20:18 1482112 c:\windows\system32\LegitCheckControl.dll

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1695232]

"DAEMON Tools Lite"="f:\program\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Malware Doctor"="c:\documents and settings\LocalService\Application Data\900399219.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-05-06 148888]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Malware Doctor"="c:\documents and settings\LocalService\Application Data\900399219.exe" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Wireless Connection Manager.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Wireless Connection Manager.lnk

backup=c:\windows\pss\Wireless Connection Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Sebastian^Start-meny^Program^Autostart^OpenOffice.org 3.0.lnk]

path=c:\documents and settings\Sebastian\Start-meny\Program\Autostart\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"f:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"g:\\Warcraft III\\war3.exe"=

"g:\\Steam\\steamapps\\eldraven\\counter-strike\\hl.exe"=

"g:\\CIV4\\Civilization4.exe"=

"g:\\CIV4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"g:\\CIV4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"g:\\CIV4\\Warlords\\Civ4Warlords.exe"=

"g:\\CIV4\\Warlords\\Civ4Warlords_PitBoss.exe"=

"g:\\Steam\\steamapps\\eldraven\\team fortress 2\\hl2.exe"=

"g:\\Stronghold 2\\Stronghold2.exe"=

"f:\\Program\\Spotify\\spotify.exe"=

"g:\\Counter-Strike 1.6\\hl.exe"=

"g:\\BF2\\BF2.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"g:\\Steam\\steamapps\\eldraven\\day of defeat source\\hl2.exe"=

"f:\\Program\\Skype\\Phone\\Skype.exe"=

"f:\\Program\\DC++ HUB\\PtokaX.exe"=

"f:\\Program\\DC++\\DCPlusPlus.exe"=

 

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-26 12032]

R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-26 57024]

S3 getPlus® Helper;getPlus® Helper;c:\program\NOS\bin\getPlus_HelperSvc.exe [2008-11-26 33752]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2008-12-26 14592]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{144f7b7c-2b99-11de-9caf-001e8c6d38bf}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

.

.

------- Extra genomsökning -------

.

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

FF - ProfilePath - c:\documents and settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\d57clgmt.defaultFF - plugin: f:\program\VideoLAN\VLC\npvlc.dll

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-10 21:19

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(724)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(780)

c:\windows\system32\nvappfilter.dll

 

- - - - - - - > 'explorer.exe'(1108)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Sluttid: 2009-05-10 21:19

ComboFix-quarantined-files.txt 2009-05-10 19:19

ComboFix2.txt 2009-05-08 09:19

ComboFix3.txt 2009-05-07 11:43

ComboFix4.txt 2009-05-06 12:31

ComboFix5.txt 2009-05-10 19:17

 

Före genomsökningen: 37 572 530 176 byte ledigt

Efter genomsökningen: 37 565 255 680 byte ledigt

 

177 --- E O F --- 2009-05-03 23:29[/log]

 

 

 

[Cecilia]

C:\found.000

Har du problem med hårddisken? Sådana mappar brukar skapas när man kör diskkontroll, chkdsk, inkonsekvenskontroll och programmet hittar delar av filer som inte ligger i någon mapp eller andra typer av filsystemsfel.

 

Ja, nu ser de skadliga filerna ut att vara borta, men det finns lite rester kvar i registret att ta bort.

Kopiera alla rader i rutan (använd markera kod)

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malware Doctor"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malware Doctor"=-

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

[EldRaven]

Skönt att det verkar vara borta nu iaf =)

 

[log]ComboFix 09-05-12.04 - Sebastian 2009-05-12 22:58.12 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3582.3100 [GMT 2:00]

Körs från: c:\documents and settings\Sebastian\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Sebastian\Skrivbord\CFScript.txt

.

 

(((((((((((((((((((((((( Filer Skapade från 2009-04-12 till 2009-05-12 ))))))))))))))))))))))))))))))

.

 

2009-05-06 19:35 . 2009-05-06 19:35 -------- d-sh--w C:\found.000

2009-05-06 12:27 . 2009-05-06 12:27 -------- d-----w c:\program\Java

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\documents and settings\Sebastian\Application Data\Malwarebytes

2009-05-06 11:01 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-06 11:01 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\program\Malwarebytes' Anti-Malware

2009-05-04 22:04 . 2008-04-14 14:40 5504 -c--a-w c:\windows\system32\dllcache\intelide.sys

2009-05-04 22:04 . 2008-04-14 14:40 5504 ----a-w c:\windows\system32\drivers\intelide.sys

2009-05-04 22:04 . 2001-08-17 18:11 35328 -c--a-w c:\windows\system32\dllcache\pcntpci5.sys

2009-05-04 22:04 . 2001-08-17 18:11 35328 ----a-w c:\windows\system32\drivers\pcntpci5.sys

2009-05-04 22:04 . 2008-04-13 17:36 10240 -c--a-w c:\windows\system32\dllcache\compbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 10240 ----a-w c:\windows\system32\drivers\compbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 13952 -c--a-w c:\windows\system32\dllcache\cmbatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 13952 ----a-w c:\windows\system32\drivers\CmBatt.sys

2009-05-04 22:04 . 2008-04-13 17:36 14208 -c--a-w c:\windows\system32\dllcache\battc.sys

2009-05-04 22:04 . 2008-04-13 17:36 14208 ----a-w c:\windows\system32\drivers\battc.sys

2009-04-30 01:15 . 2009-04-30 16:33 -------- d-----w c:\documents and settings\Sebastian\Application Data\DC++

2009-04-23 17:58 . 2009-04-30 02:39 -------- d-----w c:\documents and settings\Sebastian\Application Data\Skype

2009-04-23 17:57 . 2009-04-23 17:58 -------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-04-21 20:32 . 2009-04-21 20:32 531 ----a-w c:\windows\eReg.dat

2009-04-18 15:21 . 2009-04-18 15:21 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-04-18 15:17 . 2009-04-18 15:17 -------- d-----w c:\program\Bonjour

2009-04-18 15:12 . 2009-04-18 15:12 -------- d-----w c:\program\Delade filer\Macrovision Shared

2009-04-18 15:10 . 2009-05-07 09:35 -------- d-----w c:\program\Delade filer\Adobe

2009-04-17 09:25 . 2009-04-23 13:05 -------- d-----w c:\documents and settings\Sebastian\Application Data\Spotify

2009-04-17 07:21 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-17 07:21 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-17 07:21 . 2009-02-09 11:27 110592 -c----w c:\windows\system32\dllcache\services.exe

2009-04-17 07:21 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-17 07:21 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-17 07:21 . 2009-02-09 10:56 681472 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-17 07:21 . 2009-02-09 10:56 729600 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-17 07:21 . 2009-02-09 10:55 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-17 07:21 . 2009-02-09 10:56 719360 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-17 07:20 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-06 12:27 . 2008-11-26 19:10 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-06 11:02 . 2007-10-29 12:00 69608 ----a-w c:\windows\system32\perfc01D.dat

2009-05-06 11:02 . 2007-10-29 12:00 395520 ----a-w c:\windows\system32\perfh01D.dat

2009-04-18 01:57 . 2008-11-26 16:34 -------- d--h--w c:\program\InstallShield Installation Information

2009-04-18 00:33 . 2009-01-05 01:05 76097 ----a-w c:\windows\War3Unin.dat

2009-03-06 14:24 . 2007-10-29 12:00 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:16 . 2007-10-29 12:00 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:18 . 2007-10-29 12:00 78336 ----a-w c:\windows\system32\ieencode.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-01_08.01.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-12 09:49 . 2009-05-12 09:49 16384 c:\windows\Temp\Perflib_Perfdata_540.dat

+ 2009-05-04 21:47 . 2008-04-14 16:04 75264 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\storprop.dll

+ 2009-05-04 21:47 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

+ 2007-10-29 12:00 . 2009-05-06 11:02 58596 c:\windows\system32\perfc009.dat

- 2007-10-29 12:00 . 2009-04-18 14:58 58596 c:\windows\system32\perfc009.dat

+ 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2008-09-05 22:30 . 2009-03-10 20:18 968584 c:\windows\system32\WgaTray.exe

+ 2008-09-05 22:31 . 2009-03-10 20:18 265088 c:\windows\system32\WgaLogon.dll

+ 2007-10-29 12:00 . 2009-05-06 11:02 392296 c:\windows\system32\perfh009.dat

- 2007-10-29 12:00 . 2009-04-18 14:58 392296 c:\windows\system32\perfh009.dat

+ 2009-05-06 12:27 . 2009-05-06 12:27 148888 c:\windows\system32\javaws.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 148888 c:\windows\system32\javaws.exe

+ 2009-05-06 12:27 . 2009-05-06 12:27 144792 c:\windows\system32\javaw.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 144792 c:\windows\system32\javaw.exe

+ 2009-05-06 12:27 . 2009-05-06 12:27 144792 c:\windows\system32\java.exe

- 2008-11-26 19:10 . 2008-11-26 19:10 144792 c:\windows\system32\java.exe

+ 2008-09-05 22:30 . 2009-03-10 20:18 968584 c:\windows\system32\dllcache\WgaTray.exe

+ 2008-09-05 22:31 . 2009-03-10 20:18 265088 c:\windows\system32\dllcache\wgaLogon.dll

+ 2008-02-29 04:14 . 2008-02-29 04:14 223744 c:\windows\system32\b4fm.dll

+ 2008-03-20 17:06 . 2009-03-10 20:18 1482112 c:\windows\system32\LegitCheckControl.dll

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1695232]

"DAEMON Tools Lite"="f:\program\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Malware Doctor"="c:\documents and settings\LocalService\Application Data\900399219.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-05-06 148888]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Malware Doctor"="c:\documents and settings\LocalService\Application Data\900399219.exe" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Wireless Connection Manager.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Wireless Connection Manager.lnk

backup=c:\windows\pss\Wireless Connection Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Sebastian^Start-meny^Program^Autostart^OpenOffice.org 3.0.lnk]

path=c:\documents and settings\Sebastian\Start-meny\Program\Autostart\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"f:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"g:\\Warcraft III\\war3.exe"=

"g:\\Steam\\steamapps\\eldraven\\counter-strike\\hl.exe"=

"g:\\CIV4\\Civilization4.exe"=

"g:\\CIV4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"g:\\CIV4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"g:\\CIV4\\Warlords\\Civ4Warlords.exe"=

"g:\\CIV4\\Warlords\\Civ4Warlords_PitBoss.exe"=

"g:\\Steam\\steamapps\\eldraven\\team fortress 2\\hl2.exe"=

"g:\\Stronghold 2\\Stronghold2.exe"=

"f:\\Program\\Spotify\\spotify.exe"=

"g:\\Counter-Strike 1.6\\hl.exe"=

"g:\\BF2\\BF2.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"g:\\Steam\\steamapps\\eldraven\\day of defeat source\\hl2.exe"=

"f:\\Program\\Skype\\Phone\\Skype.exe"=

"f:\\Program\\DC++ HUB\\PtokaX.exe"=

"f:\\Program\\DC++\\DCPlusPlus.exe"=

 

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-26 12032]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-26 57024]

S3 getPlus® Helper;getPlus® Helper;c:\program\NOS\bin\getPlus_HelperSvc.exe [2008-11-26 33752]

S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2008-12-26 14592]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{144f7b7c-2b99-11de-9caf-001e8c6d38bf}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

.

.

------- Extra genomsökning -------

.

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

FF - ProfilePath - c:\documents and settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\d57clgmt.defaultFF - plugin: f:\program\VideoLAN\VLC\npvlc.dll

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-12 22:59

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(724)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(780)

c:\windows\system32\nvappfilter.dll

 

- - - - - - - > 'explorer.exe'(464)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

f:\program\WinRAR\rarext.dll

c:\program\Malwarebytes' Anti-Malware\mbamext.dll

c:\program\Delade filer\Adobe\Acrobat\ActiveX\PDFShell.SVE

c:\program\Delade filer\Adobe\Acrobat\ActiveX\PDFShell.dll

.

Sluttid: 2009-05-12 23:00

ComboFix-quarantined-files.txt 2009-05-12 21:00

ComboFix2.txt 2009-05-10 19:19

ComboFix3.txt 2009-05-08 09:19

ComboFix4.txt 2009-05-07 11:43

ComboFix5.txt 2009-05-12 20:53

 

Före genomsökningen: 37 001 027 584 byte ledigt

Efter genomsökningen: 36 992 204 800 byte ledigt

 

181 --- E O F --- 2009-05-03 23:29

[/log]

 

[Cecilia]

Det gick inte bra, troligen för att det blev knas med det som du skulle klistra in i CFScript.txt. Gör som jag skrev 10 maj 2009 22:52 men efter att du har klistrat in i Anteckningar så tar du bort de radbrytningar som forumet har stoppat in extra. Det ska inte vara någon radbrytning efter CurrentVersion och inte heller mitt i CurrentVersion utan allt det som är mellan [ ] ska stå på en och samma rad.

 

[hectic]

[log]

DDS (Ver_09-05-14.01) - NTFSx86

Run by Jag at 17:04:25,35 on 2009-06-02

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.2.1252.46.1053.18.2014.1220 [GMT 2:00]

 

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\System32\avast!Antivirus.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgnsx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\AVG\AVG8\avgtray.exe

C:\Documents and Settings\LocalService\Application Data\691447002.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Office\Office12\WINWORD.EXE

C:\Program\AVG\AVG8\avgcsrvx.exe

C:\Program\AVG\AVG8\avgscanx.exe

C:\Program\AVG\AVG8\avgcsrvx.exe

C:\Documents and Settings\Jag\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg8\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Chrome copyright: {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmcd.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [RemoveIT Pro v7Ent] c:\program\incode solutions\removeit pro v7 enterprise\removeit.exe

uRun: [DAEMON Tools Pro Agent] "c:\program\daemon tools pro\DTProAgent.exe" -autorun

uRun: [Malware Doctor] c:\documents and settings\localservice\application data\691447002.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [QuickTime Task] "c:\program\quicktime\QTTask.exe" -atboottime

mRun: [AdobeCS4ServiceManager] "c:\program\delade filer\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AVG8_TRAY] c:\program\avg\avg8\avgtray.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malware Doctor] c:\documents and settings\localservice\application data\691447002.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adober~1.lnk - c:\program\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe

uPolicies-system: DisableTaskMgr = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

IE: E&xportera till Microsoft Excel - c:\program\office\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\office\office12\REFIEBAR.DLL

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

AppInit_DLLs: c:\windows\system32\bisobobe.dll c:\windows\system32\pahibiyi.dll,c:\progra~1\thunmail\testabd.dll

LSA: Notification Packages = scecli c:\windows\system32\bisobobe.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\jag\applic~1\mozilla\firefox\profiles\pdf044aj.defaultFF - component: c:\program\avg\avg8\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\jag\application data\mozilla\firefox\profiles\pdf044aj.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-2 325896]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-2 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-2 108552]

R2 avast!Antivirus;avast!Antivirus;c:\windows\system32\avast!antivirus.exe -k netsvcs --> c:\windows\system32\avast!Antivirus.exe -k netsvcs [?]

R2 avg8wd;AVG Free8 WatchDog;c:\program\avg\avg8\avgwdsvc.exe [2009-5-2 298776]

R2 BcmSqlStartupSvc;Starttjänst för Business Contact Manager SQL Server;c:\program\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-16 30312]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2009-1-27 41216]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]

 

=============== Created Last 30 ================

 

2009-06-02 16:07 99,422 a------- c:\windows\system32\drivers\833d7df8.sys

2009-06-01 18:37 29,184 a------- c:\windows\system32\jbnmcd.dll

2009-06-01 17:37 29,184 a------- c:\windows\system32\jbnmck.dll

2009-06-01 16:37 99,422 a------- c:\windows\system32\drivers\42e7a05d.sys

2009-06-01 09:07 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-01 09:07 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-06-01 09:07 <DIR> --d----- c:\program\Malwarebytes' Anti-Malware

2009-06-01 03:14 99,422 a------- c:\windows\system32\drivers\589f941.sys

2009-05-31 18:46 99,422 a------- c:\windows\system32\drivers\c3f1dee5.sys

2009-05-31 11:54 29,184 a------- c:\windows\system32\lklf32.dll

2009-05-31 10:54 99,422 a------- c:\windows\system32\drivers\c1ef9c1f.sys

2009-05-31 10:54 210 a------- c:\windows\system32\sft.res

2009-05-31 10:54 29,184 a------- c:\windows\system32\jhxm32.dll

2009-05-31 10:54 32,768 a------- c:\windows\system32\service-466.exe

2009-05-31 10:54 32,768 a------- c:\windows\system32\avast!Antivirus.exe

2009-05-30 16:55 <DIR> --d----- c:\program\Firaxis Games

2009-05-30 16:42 <DIR> --d----- c:\program\DAEMON Tools Pro

2009-05-30 16:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro

2009-05-30 16:38 721,904 a------- c:\windows\system32\drivers\sptd.sys

2009-05-30 16:38 <DIR> --d----- c:\docume~1\jag\applic~1\DAEMON Tools Pro

2009-05-28 21:15 105 a------- C:\tj.vbs

2009-05-28 21:15 107,148 a------- c:\windows\system32\vic_setup.exe

2009-05-22 09:20 136 a------- c:\windows\system32\vp_setup.exe.bat

2009-05-22 09:20 <DIR> --d----- C:\program Files

2009-05-21 15:20 <DIR> --d----- c:\docume~1\jag\applic~1\ScummVM

2009-05-21 15:20 <DIR> --d----- c:\program\ScummVM

2009-05-10 01:10 <DIR> --d----- c:\program\NCH Swift Sound

2009-05-09 15:27 321,536 a------- c:\windows\system32\SDL.dll

2009-05-09 14:40 <DIR> --d----- c:\documents and settings\jag\Tracing

2009-05-09 14:03 <DIR> --d----- c:\docume~1\jag\applic~1\Malwarebytes

2009-05-09 14:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-05-09 13:49 <DIR> --d----- c:\program\InCode Solutions

2009-05-09 13:34 77,312 a------- c:\windows\ua2.dll

2009-05-09 13:28 62 a------- c:\windows\wininit.ini

2009-05-09 00:29 50 a------- C:\xcrashdump.dat

2009-05-03 20:03 <DIR> --d----- c:\docume~1\jag\applic~1\Personal

2009-05-03 20:03 <DIR> --d----- c:\program\Personal

 

==================== Find3M ====================

 

2009-05-02 22:31 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-05-02 22:31 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-05-02 22:31 325,896 a------- c:\windows\system32\drivers\avgldx86.sys

2009-04-17 14:49 493,478 a------- c:\windows\system32\perfh01D.dat

2009-04-17 14:49 104,112 a------- c:\windows\system32\perfc01D.dat

2009-04-06 14:07 118,104 a------- c:\windows\dxsdkuninst.exe

2009-03-21 16:21 999,936 a------- c:\windows\system32\dllcache\kernel32.dll

2009-03-16 23:36 931,672 a------- c:\windows\system32\XAudioD2_4.dll

2009-03-16 23:35 4,280,136 a------- c:\windows\system32\D3dx9d_41.dll

2009-03-16 23:35 343,368 a------- c:\windows\system32\XactEngineD3_4.dll

2009-03-16 23:35 497,480 a------- c:\windows\system32\D3DX10d_41.dll

2009-03-16 23:35 125,768 a------- c:\windows\system32\XAPOFXD1_3.dll

2009-03-16 23:35 428,888 a------- c:\windows\system32\XactEngineA3_4.dll

2009-03-16 23:35 45,384 a------- c:\windows\system32\X3DAudioD1_6.dll

2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll

2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll

2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll

2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll

2009-03-10 22:18 968,584 -------- c:\windows\system32\dllcache\WgaTray.exe

2009-03-10 22:18 265,088 -------- c:\windows\system32\dllcache\wgaLogon.dll

2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll

2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll

2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll

2009-03-06 16:01 284,160 a------- c:\windows\system32\pdh.dll

2009-03-06 16:01 284,160 a------- c:\windows\system32\dllcache\pdh.dll

2008-08-29 06:18 84,227 a------- c:\program\Dreamweaver CS4 Read Me.pdf

2008-08-27 01:56 196,140 a------- c:\program\Dreamweaver CS4 — Lisez-moi.pdf

2008-08-26 06:49 186,678 a------- c:\program\Léame de Dreamweaver CS4.pdf

2008-03-09 08:25 236 a---h--- c:\program\delade filer\dx.reg

 

============= FINISH: 17:04:49,64 ===============

[/log]

 

[log]

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-05-14.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2009-01-26 16:52:45

System Uptime: 2009-06-02 15:06:22 (2 hours ago)

 

Motherboard: FUJITSU SIEMENS | | D2587-A1

Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | CPU | 2659/mhz

Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | CPU | 2660/mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 233 GiB total, 149,595 GiB free.

D: is CDROM (UDF)

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID:

Description: Nätverksstyrenhet

Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00611737&REV_01\4&E384A6E&0&28F0

Manufacturer:

Name: Nätverksstyrenhet

PNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00611737&REV_01\4&E384A6E&0&28F0

Service:

 

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\5&1500785A&0

Manufacturer: (Standardtangentbord)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\5&1500785A&0

Service: i8042prt

 

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: PS/2-kompatibel mus

Device ID: ACPI\PNP0F13\5&1500785A&0

Manufacturer: Microsoft

Name: PS/2-kompatibel mus

PNP Device ID: ACPI\PNP0F13\5&1500785A&0

Service: i8042prt

 

==== System Restore Points ===================

 

RP75: 2009-04-15 20:20:14 - Systemkontrollpunkt

RP76: 2009-04-16 22:18:28 - Systemkontrollpunkt

RP77: 2009-04-16 23:18:50 - Software Distribution Service 3.0

RP78: 2009-04-18 11:34:32 - Systemkontrollpunkt

RP79: 2009-04-19 12:17:16 - Systemkontrollpunkt

RP80: 2009-04-21 17:46:23 - Systemkontrollpunkt

RP81: 2009-04-22 19:35:06 - Systemkontrollpunkt

RP82: 2009-04-25 00:47:26 - Systemkontrollpunkt

RP83: 2009-04-28 21:17:42 - Systemkontrollpunkt

RP84: 2009-04-29 23:58:17 - Systemkontrollpunkt

RP85: 2009-04-30 10:07:27 - Software Distribution Service 3.0

RP86: 2009-05-01 15:23:50 - Systemkontrollpunkt

RP87: 2009-05-10 01:00:46 - Installed AVG Free 8.5

RP88: 2009-05-12 18:40:05 - Avg8 Update

RP89: 2009-05-30 16:50:02 - Systemkontrollpunkt

 

==== Installed Programs ======================

 

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office system

Activation Assistant for the 2007 Microsoft Office suites

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe CMaps CS4

Adobe Color Video Profiles AE CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Dreamweaver CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Reader 7.0 - Svenska

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

AdobeColorCommonSetRGB

Advertisement Service

Apple Software Update

AVG Free 8.5

Battlefield Heroes

BitLord 1.1

Business Contact Manager för Outlook 2007 SP1

CodeBlocks

Connect

Dark GDK

Dev-C++ 5 beta 9 release (4.9.9.2)

Express Burn

Game Creators Dark GDK

High Definition Audio - KB888111

Hjälpfiler för installation av Microsoft SQL Server (engelska)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)

Hotfix for Windows XP (KB954550-v5)

ImgBurn

Intel® PRO Network Connections Drivers

IsoBuster 2.5

Java 6 Update 11

kuler

LimeWire 5.0.11

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 1.1 Swedish Language Pack

Microsoft .NET Framework 2.0 Language Pack - SVE

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft DirectX SDK (June 2008)

Microsoft DirectX SDK (March 2009)

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2003 Webbkomponenter

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Access MUI (Swedish) 2007

Microsoft Office Excel MUI (Swedish) 2007

Microsoft Office Outlook MUI (Swedish) 2007

Microsoft Office PowerPoint MUI (Swedish) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (Swedish) 2007

Microsoft Office Publisher MUI (Swedish) 2007

Microsoft Office Shared MUI (Swedish) 2007

Microsoft Office Small Business 2007

Microsoft Office Small Business Anslutningsbara komponenter

Microsoft Office Word MUI (Swedish) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (Swedish) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server 2008 Management Objects

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft SQL Server Native Client

Microsoft SQL Server VSS-skrivare

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

Microsoft Visual C# 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft XNA Framework Redistributable 3.0

Microsoft XNA Game Studio 3.0

Microsoft XNA Game Studio 3.0 (ARP entry)

Microsoft XNA Game Studio 3.0 (Platformer)

Microsoft XNA Game Studio 3.0 (Redists)

Microsoft XNA Game Studio 3.0 (Shared Components)

Microsoft XNA Game Studio 3.0 (VCSExpress)

Microsoft XNA Game Studio 3.0 (XnaLiveProxy)

Microsoft XNA Game Studio 3.0 Documentation

Microsoft XNA Game Studio Platform Tools

Mozilla Firefox (3.0.10)

MSXML 6 Service Pack 2 (KB954459)

NVIDIA Drivers

Personal 4.9.3

Photoshop Camera Raw

QuickTime

Realtek High Definition Audio Driver

ScummVM 0.10.0

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB960003)

Security Update for Microsoft Office Excel 2007 (KB959997)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office Publisher 2007 (KB950114)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office system 2007 (KB956828)

Security Update for Microsoft Office Word 2007 (KB956358)

Sid Meier's Pirates!

Snabbkorrigering för Windows XP (KB893357)

Snabbkorrigering för Windows XP (KB896256)

Snabbkorrigering för Windows XP (KB910728)

Snabbkorrigering för Windows XP (KB921337)

Snabbkorrigering för Windows XP (KB923232)

Snabbkorrigering för Windows XP (KB928388)

Snabbkorrigering för Windows XP (KB935448)

Snabbkorrigering för Windows XP (KB942288-v3)

Snabbkorrigering för Windows XP (KB952287)

Snabbkorrigering för Windows XP (KB961118)

Säkerhetsuppdatering för Step by Step Interactive Training (KB898458)

Säkerhetsuppdatering för Step by Step Interactive Training (KB923723)

Säkerhetsuppdatering för Windows Media Player (KB911564)

Säkerhetsuppdatering för Windows Media Player (KB952069)

Säkerhetsuppdatering för Windows Media Player 9 (KB911565)

Säkerhetsuppdatering för Windows XP (KB890046)

Säkerhetsuppdatering för Windows XP (KB893066)

Säkerhetsuppdatering för Windows XP (KB893756)

Säkerhetsuppdatering för Windows XP (KB896358)

Säkerhetsuppdatering för Windows XP (KB896422)

Säkerhetsuppdatering för Windows XP (KB896423)

Säkerhetsuppdatering för Windows XP (KB896424)

Säkerhetsuppdatering för Windows XP (KB896428)

Säkerhetsuppdatering för Windows XP (KB899588)

Säkerhetsuppdatering för Windows XP (KB899589)

Säkerhetsuppdatering för Windows XP (KB899591)

Säkerhetsuppdatering för Windows XP (KB900725)

Säkerhetsuppdatering för Windows XP (KB901017)

Säkerhetsuppdatering för Windows XP (KB901190)

Säkerhetsuppdatering för Windows XP (KB901214)

Säkerhetsuppdatering för Windows XP (KB902400)

Säkerhetsuppdatering för Windows XP (KB903235)

Säkerhetsuppdatering för Windows XP (KB904706)

Säkerhetsuppdatering för Windows XP (KB905749)

Säkerhetsuppdatering för Windows XP (KB908519)

Säkerhetsuppdatering för Windows XP (KB911562)

Säkerhetsuppdatering för Windows XP (KB911567)

Säkerhetsuppdatering för Windows XP (KB911927)

Säkerhetsuppdatering för Windows XP (KB912919)

Säkerhetsuppdatering för Windows XP (KB913446)

Säkerhetsuppdatering för Windows XP (KB914388)

Säkerhetsuppdatering för Windows XP (KB914389)

Säkerhetsuppdatering för Windows XP (KB917159)

Säkerhetsuppdatering för Windows XP (KB917344)

Säkerhetsuppdatering för Windows XP (KB917422)

Säkerhetsuppdatering för Windows XP (KB917537)

Säkerhetsuppdatering för Windows XP (KB917953)

Säkerhetsuppdatering för Windows XP (KB918118)

Säkerhetsuppdatering för Windows XP (KB918439)

Säkerhetsuppdatering för Windows XP (KB918899)

Säkerhetsuppdatering för Windows XP (KB919007)

Säkerhetsuppdatering för Windows XP (KB920214)

Säkerhetsuppdatering för Windows XP (KB920670)

Säkerhetsuppdatering för Windows XP (KB920683)

Säkerhetsuppdatering för Windows XP (KB920685)

Säkerhetsuppdatering för Windows XP (KB921398)

Säkerhetsuppdatering för Windows XP (KB921883)

Säkerhetsuppdatering för Windows XP (KB922616)

Säkerhetsuppdatering för Windows XP (KB922819)

Säkerhetsuppdatering för Windows XP (KB923414)

Säkerhetsuppdatering för Windows XP (KB923561)

Säkerhetsuppdatering för Windows XP (KB923689)

Säkerhetsuppdatering för Windows XP (KB923789)

Säkerhetsuppdatering för Windows XP (KB924191)

Säkerhetsuppdatering för Windows XP (KB924667)

Säkerhetsuppdatering för Windows XP (KB925902)

Säkerhetsuppdatering för Windows XP (KB926255)

Säkerhetsuppdatering för Windows XP (KB926436)

Säkerhetsuppdatering för Windows XP (KB927779)

Säkerhetsuppdatering för Windows XP (KB927802)

Säkerhetsuppdatering för Windows XP (KB928255)

Säkerhetsuppdatering för Windows XP (KB928843)

Säkerhetsuppdatering för Windows XP (KB929123)

Säkerhetsuppdatering för Windows XP (KB929969)

Säkerhetsuppdatering för Windows XP (KB930178)

Säkerhetsuppdatering för Windows XP (KB931261)

Säkerhetsuppdatering för Windows XP (KB931784)

Säkerhetsuppdatering för Windows XP (KB932168)

Säkerhetsuppdatering för Windows XP (KB933566)

Säkerhetsuppdatering för Windows XP (KB935839)

Säkerhetsuppdatering för Windows XP (KB935840)

Säkerhetsuppdatering för Windows XP (KB938464)

Säkerhetsuppdatering för Windows XP (KB944338-v2)

Säkerhetsuppdatering för Windows XP (KB946648)

Säkerhetsuppdatering för Windows XP (KB950760)

Säkerhetsuppdatering för Windows XP (KB950762)

Säkerhetsuppdatering för Windows XP (KB950974)

Säkerhetsuppdatering för Windows XP (KB951066)

Säkerhetsuppdatering för Windows XP (KB951376-v2)

Säkerhetsuppdatering för Windows XP (KB951698)

Säkerhetsuppdatering för Windows XP (KB951748)

Säkerhetsuppdatering för Windows XP (KB952004)

Säkerhetsuppdatering för Windows XP (KB952954)

Säkerhetsuppdatering för Windows XP (KB954211)

Säkerhetsuppdatering för Windows XP (KB954600)

Säkerhetsuppdatering för Windows XP (KB955069)

Säkerhetsuppdatering för Windows XP (KB956572)

Säkerhetsuppdatering för Windows XP (KB956802)

Säkerhetsuppdatering för Windows XP (KB956803)

Säkerhetsuppdatering för Windows XP (KB956841)

Säkerhetsuppdatering för Windows XP (KB957097)

Säkerhetsuppdatering för Windows XP (KB958215)

Säkerhetsuppdatering för Windows XP (KB958644)

Säkerhetsuppdatering för Windows XP (KB958687)

Säkerhetsuppdatering för Windows XP (KB958690)

Säkerhetsuppdatering för Windows XP (KB959426)

Säkerhetsuppdatering för Windows XP (KB960225)

Säkerhetsuppdatering för Windows XP (KB960714)

Säkerhetsuppdatering för Windows XP (KB960715)

Säkerhetsuppdatering för Windows XP (KB960803)

Säkerhetsuppdatering för Windows XP (KB961373)

Säkerhetsuppdatering för Windows XP (KB963027)

Sony Vegas Pro 8.0

SQL Server System CLR Types

Steam

Suite Shared Configuration CS4

TextPad 5

Trapcode 3DStroke

Trapcode Shine

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office Outlook 2007 (KB952142)

Update for Outlook 2007 Junk Email Filter (kb968503)

Uppdatering för Windows XP (KB898461)

Uppdatering för Windows XP (KB908531)

Uppdatering för Windows XP (KB910437)

Uppdatering för Windows XP (KB911280)

Uppdatering för Windows XP (KB916595)

Uppdatering för Windows XP (KB920872)

Uppdatering för Windows XP (KB922582)

Uppdatering för Windows XP (KB925720)

Uppdatering för Windows XP (KB927891)

Uppdatering för Windows XP (KB929338)

Uppdatering för Windows XP (KB930916)

Uppdatering för Windows XP (KB931836)

Uppdatering för Windows XP (KB955839)

Uppdatering för Windows XP (KB961503)

Uppdatering för Windows XP (KB967715)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Live inloggningsassistenten

Windows Live Upload Tool

Windows Messenger 5.1

Windows Presentation Foundation

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB883667

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885894

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB889673

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893086

WinRAR archiver

XAMPP 1.7.0

XML Paper Specification Shared Components Pack 1.0

Xvid 1.2.1 final uninstall

 

==== End Of File ===========================

[/log]

 

[Cecilia]

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny DDS-logg inför ytterligare rensning.

 

[Aldhissla]

Samma problem

 

mvh

Simon

 

 

[log] DDS (Ver_10-03-17.01) - NTFSx86 Run by Simon at 0:05:49,55 on 2010-08-23 Internet Explorer: 8.0.6001.18943 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3036.1656 [GMT 2:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Ati2evxx.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe C:\Windows\system32\taskeng.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATK Hotkey\MsgTranAgt.exe C:\Program Files\Packardbell\EcoBtn\EcoBtn.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Personal\bin\Personal.exe C:\Users\Simon\AppData\Roaming\7B2C042F4BBD206FBF2F45F6660A7BBF\newsecureapp70700.exe C:\Program Files\ATK Hotkey\LOSD.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Simon\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=2&o=vp32&d=0509&m=easynote_rs66-u-320nc uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=2&o=vp32&d=0509&m=easynote_rs66-u-320nc mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=2&o=vp32&d=0509&m=easynote_rs66-u-320nc uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mWinlogon: Userinit=c:\windows\system32\ezShellStart.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [newsecureapp70700.exe] c:\users\simon\appdata\roaming\7b2c042f4bbd206fbf2f45f6660a7bbf\newsecureapp70700.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\users\simon\appdata\roaming\micros~1\windows\startm~1\programs\startup\antima~1.lnk - c:\users\simon\appdata\roaming\7b2c042f4bbd206fbf2f45f6660a7bbf\newsecureapp70700.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: telia.com\cve.trust DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_Win32.cab DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\simon\appdata\roaming\mozilla\firefox\profiles\8cns0nc2.default\ FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npiidplg.dll FF - plugin: c:\program files\personal\bin\np_prsnl.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\simon\appdata\roaming\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\users\simon\appdata\roaming\facebook\npfbplugin_1_0_3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B"); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask"); ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-29 108792] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 95896] R2 ETService;Empowering Technology Service;c:\program files\packard bell\packard bell recovery management\service\ETService.exe [2009-5-29 24576] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2009-2-19 3881472] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-2-19 54784] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-5-29 29736] R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2009-2-19 2473472] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-2 9216] S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-7 6656] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] S3 GoogleDesktopManager-092308-165331;Google Desktop-hanteraren 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-11 30192] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-7-19 103040] =============== Created Last 30 ================ 2010-08-22 19:23:43 0 d-----w- c:\users\simon\appdata\roaming\7B2C042F4BBD206FBF2F45F6660A7BBF 2010-08-14 14:48:13 0 d-----w- c:\windows\system32\20-20 Technologies 2010-08-13 16:07:48 0 d-----w- c:\users\simon\appdata\roaming\NAVIGON Fresh 2010-08-11 11:34:09 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-08-11 11:34:08 274944 ----a-w- c:\windows\system32\schannel.dll 2010-08-08 22:51:13 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode) ==================== Find3M ==================== 2010-08-22 22:01:55 600740 ----a-w- c:\windows\system32\perfh01D.dat 2010-08-22 22:01:55 118260 ----a-w- c:\windows\system32\perfc01D.dat 2010-08-22 21:53:35 2950 ----a-w- c:\windows\bthservsdp.dat 2010-07-19 18:57:15 86016 ----a-w- c:\windows\inf\infstor.dat 2010-07-19 18:57:15 51200 ----a-w- c:\windows\inf\infpub.dat 2010-07-19 18:57:15 143360 ----a-w- c:\windows\inf\infstrng.dat 2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-11 16:15:06 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-06-08 17:35:04 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-08 17:35:03 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-05-27 20:08:17 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-11-26 23:50:03 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-01-21 06:20:20 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat 2008-01-21 06:20:20 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat 2008-01-21 06:20:20 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat 2008-01-21 06:20:20 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-12-13 04:25:46 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-12-13 04:25:46 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-12-13 04:25:46 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-12-13 04:25:46 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat ============= FINISH: 0:08:55,16 =============== [/log]

 

 

[log] UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2009-05-29 20:00:41 System Uptime: 2010-08-22 23:53:57 (1 hours ago) Motherboard: Packard Bell BV | | H13VV Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | Socket 478 | 1600/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 453 GiB total, 76,279 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&1BBBB40E&0&002668920132_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&1BBBB40E&0&002668920132_C00000000 Service: Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&1BBBB40E&0&002668920132_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&1BBBB40E&0&002668920132_C00000000 Service: Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&1BBBB40E&0&002668920132_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&1BBBB40E&0&002668920132_C00000000 Service: ==== System Restore Points =================== ==== Installed Programs ====================== Ad-Aware SE Personal Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Linguistics CS4 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Photoshop Elements 6.0 Adobe Reader 9.3.4 - Svenska Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Antimalware Doctor Ashampoo Burning Studio 7.21 ATI Catalyst Install Manager ATK Hotkey µTorrent Audacity 1.3.12 (Unicode) BankID säkerhetsprogram 4.10.4 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Codec Pack - All In 1 6.0.3.0 Compatibility Pack för Office 2007-systemet Comviq Surf Connect Connect ConvertXtoDVD 3.3.4.106e CuteFTP 8 Professional EasyBits Magic Desktop ESET NOD32 Antivirus Facebook Plug-In Google Desktop HDRegSW Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Inloggningsassistent för Windows Live ID Intel PROSet Wireless Intel® Matrix Storage Manager Java™ 6 Update 14 Junk Mail filter update kuler Microsoft .NET Framework 3.5 Language Pack SP1 - sve Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel 2007 Help Uppdatering (KB963678) Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (Swedish) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office Home and Student Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (Swedish) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669) Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (Swedish) 2007 Microsoft Office PowerPoint Viewer 2007 (Swedish) Microsoft Office Proof (English) 2007 Microsoft Office Proof (Finnish) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Swedish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (Swedish) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (Swedish) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word 2007 Help Uppdatering (KB963665) Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (Swedish) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Microsoft Works 9.0 Mozilla Firefox (3.5.11) MSVC80_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Multimedia Card Reader neroxml Net iD 5.0 Nikon Message Center NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up Nokia Connectivity Cable Driver Norton Internet Security OGA Notifier 2.0.0048.0 Packard Bell ImageWriter Packard Bell Recovery Management Packard Bell Updator Packardbell_EcoBtn PDF-XChange 3.5 PDF Settings CS4 Photoshop Camera Raw PictureProject PowerXpressHybrid Programvara för Intel® PROSet/Wireless WiFi PX Profile Update Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB2277947) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB980376) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2251419) Setec SetWeb Setup My PC Skins Skype™ 4.1 Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve Suite Shared Configuration CS4 Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (kb2279264) WIDCOMM Bluetooth Software VideoLAN VLC media player 0.8.5 Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer WinRAR archiver Vista Manager ==== End Of File =========================== [/log]

[Cecilia]

Aldhissla, var snäll och starta en ny tråd genom att klicka på knappen "Starta en ny tråd". Det blir alldeles för rörigt men ytterligare en dator i den här tråden, dvs stor risk för att jag tittar på fel logg.

 

I ditt nya inlägg var vänlig och klistra in innehållet i DDS-loggarna utan att använda någon knapp för just nu är de oläsliga eftersom där inte är några radbrytningar.