Just nu i M3-nätverket
Jump to content
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Windows virus

jonzzon

By jonzzon,
in Virus, skadliga program & botemedel

Recommended Posts

jonzzon

jonzzon

Posted
Posted

Får under användning upp en ruta för inloggning i Windows XP där jag uppmanas skriva in lösenord. Om jag inte gör det kommer datornb stängas ned, vad gör jag?

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Spara RKill av Grinler på Skrivbordet. Ladda ner det från den första av dessa länkar:

http://download.bleepingcomputer.com/grinler/rkill.com

http://download.bleepingcomputer.com/grinler/rkill.pif

http://download.bleepingcomputer.com/grinler/rkill.scr

http://download.bleepingcomputer.com/grinler/rkill.exe

http://download.bleepingcomputer.com/grinler/iExplore.exe

 

Starta Rkill (i Vista och Windows 7 genom att högerklicka på filen och välj Kör som administratör om det valet finns).

Det blir ett svart fönster/ruta en stund om programmet lyckades köra.

Om det inte blev något svart fönster/ruta så ta bort den RKill-varianten och upprepa med nästa RKill.

 

Om du får ett meddelande om att RKill är skadligt så bry dig inte om det. Det är det skadliga programmen som inte vill bli stoppat. Lämna kvar varningen på skärmen och kör RKill en gång till.

 

Kör RKill flera gånger efter varandra tills du inte ser till det skadliga programmet längre, dock max 10 gånger. Fortsätt med resten sedan. Om du redan från början inte ser till det skadliga programmet så räcker det med 3 gånger.

 

Om inte någon av program-varianterna kan köra så berätta det.

 

Vi ser vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites
jonzzon

jonzzon

Posted
  • Author
Posted

Har provat att köra olika varianter på rkill men meddelandet kommer tillbaka.

 

Menar du att jag ska bifoga de olika txt-meddelanden och bifoga här?

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Kan du köra DDS?

För det är resultaten (loggfilerna, txt-filerna) från det programmet som är intressanta för att kunna se vad du har drabbats av och därmed kunna hitta en lösning.

 

Har det skadliga program som du råkat ut för något namn i de fönster som visas, t ex Personal Security, XP Antivirus Pro?

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Kan du eller kan du inte köra DDS? Om du inte kan köra DDS även efter några körningar av RKill så får vi försöka med något annat.

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Är du intresserad av att jag tittar på loggarna från DDS och försöker hjälpa dig att bli av med de skadliga filerna?

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Jag klistrar in loggen så att det blir lättare att läsa den i fortsättningen. Det tar en stund att gå igenom den men sedan återkommer jag.

 

DDS (Ver_09-12-01.01) - NTFSx86

Run by Johanna at 17:52:00,12 on 2010-03-13

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1007.452 [GMT 1:00]

 

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

 

============== Running Processes ===============

 

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Analog Devices\SoundMAX\Smax4.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program\McAfee\Common Framework\UdaterUI.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Voddler\service\VNetManager.exe

C:\Program\Net iD\iid.exe

C:\Program\McAfee\Common Framework\McTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\windows\bill103.exe

C:\Program\Personal\bin\Personal.exe

F:\dds.scr

F:\dds.scr

 

============== Pseudo HJT Report ===============

 

mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program\winamp toolbar\winamptb.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program\winamp toolbar\winamptb.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program\mcafee\virusscan enterprise\scriptcl.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Bredbandsbolaget Servicecenter Plugin: {db87cde1-ef9c-44eb-a42f-6d0b3c72c516} - c:\program\bredbandsbolaget\servicecenter\IEFixItNowPlugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program\winamp toolbar\winamptb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [soundMAXPnP] c:\program\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] "c:\program\analog devices\soundmax\Smax4.exe" /tray

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [RemoteControl] c:\program\cyberlink\powerdvd\PDVDServ.exe

mRun: [Acrobat Assistant 8.0] "c:\program\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [shStatEXE] "c:\program\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfeeUpdaterUI] "c:\program\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey

mRun: [bredbandsbolaget Servicecenter] "c:\program\bredbandsbolaget\servicecenter\Bredbandsbolaget.exe"

mRun: [Google Desktop Search] "c:\program\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe

mRun: [Net iD] "c:\program\net id\iid.exe"

mRun: [sysfbtray] c:\windows\bill103.exe

mRunOnce: [symLnch] "c:\documents and settings\henrik\application data\symantec\layouts\norton antivirus\15.0\symalllanguages\nav_esd\20070829\support\symlnch\symlnch.exe" "c:\documents and settings\henrik\application data\symantec\layouts\norton antivirus\15.0\symalllanguages\nav_esd\20070829\Setup.exe" "/UPREBOOT /temp /patched"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL

DPF: DirectEdit - hxxp://support.itsolutions.no/browsertest/components/DirectEdit.CAB

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {4F56AFAB-9893-4500-8F5D-16EA8CA9115B} - hxxp://www.solidedge.com/evaluationlicense/download/SEEvalVolExt.cab

DPF: {5BF56AD2-E297-416E-BC49-000004040507} - hxxps://cve.trust.telia.com/TeliaEleg/iidsetup.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177665183093

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177686431562

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.postfoto.se/aurigma/ImageUploader4.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://snabbt.bredband.com/check/fscax.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.170.248.13/activex/AMC.cab

Notify: igfxcui - igfxsrvc.dll

AppInit_DLLs: c:\program\google\google~2\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

============= SERVICES / DRIVERS ===============

 

R1 apto6ko;Print search Property Remote Thumbnail;c:\windows\system32\drivers\imapioko.sys [2007-4-12 32768]

R1 mferkdk;VSCore mferkdk;c:\program\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]

R2 captcha;captcha;c:\windows\system32\svchost.exe -k captcha [2004-8-4 14336]

R2 cpqoko6;Secondary Compressed Sheet;c:\windows\system32\svchost.exe -k tapisrvs [2004-8-4 14336]

R2 McAfeeFramework;McAfee Framework Service;c:\program\mcafee\common framework\FrameworkService.exe [2008-4-1 104000]

R2 McShield;McAfee McShield;c:\program\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]

R2 McTaskManager;McAfee Task Manager;c:\program\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]

R2 webserver;webserver;c:\program\webserver\webserver.exe [2010-3-12 15360]

R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2010-2-23 1236176]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-4-1 72264]

R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-4-1 34152]

R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-4-1 168776]

R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-22 42368]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\symantec\liveupdate\aluschedulersvc.exe" --> c:\program\symantec\liveupdate\ALUSchedulerSvc.exe [?]

S2 gupdate1ca0eb7fa3d1d96;Tjänsten Google Update (gupdate1ca0eb7fa3d1d96);c:\program\google\update\GoogleUpdate.exe [2009-7-27 133104]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program\google\google desktop search\GoogleDesktop.exe [2008-9-29 30192]

S3 Symantec Core LC;Symantec Core LC;c:\program\delade filer\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-27 1251720]

 

=============== Created Last 30 ================

 

2010-03-13 07:34:11 1 ----a-w- c:\windows\lgo

2010-03-12 18:05:39 1 ---h--w- c:\windows\bk23567.dat

2010-03-12 18:05:39 1 ----a-w- c:\windows\fdgg34353edfgdfdf

2010-03-12 18:05:27 18944 ----a-w- c:\windows\system32\captcha.dll

2010-03-12 18:05:22 0 d-----w- c:\program\webserver

2010-03-12 17:59:43 1 ----a-w- c:\windows\ligh

2010-03-12 17:59:28 68096 ---h--w- c:\windows\bill103.exe

 

==================== Find3M ====================

 

2009-12-27 11:28:58 7378 ----a-w- c:\program\uninstal.log

2009-12-21 19:09:46 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 07:42:44 343552 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll

2007-12-03 19:21:55 289 ----a-w- c:\program\SELicense.dat

2007-12-03 19:21:29 33749 ----a-w- c:\program\ReadMessageLight.htm

 

============= FINISH: 17:52:43,54 ===============

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Link to comment
Share on other sites
jonzzon

jonzzon

Posted
  • Author
Posted

Jag körde igång Combofix men det verkar ha hängt sig.

Finns ett fönster där det står Combofix med en stapel under.

Men så har det sett ut under hela natten.

Ska jag köra om?

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

ComboFix ska inte ta så lång tid på sig. Om den tar mer än 20 minuter så kan man nog anta att den inte fungerar som den ska. Se om det här hjälper i första hand:

Öppna Aktivitetshanteraren, fliken Processer. Leta efter processer som heter findstr, find, sed eller swreg, markera sådana processer och tryck på Avsluta process.

 

Om inte heller det hjälper så stäng av ComboFix. Sedan kan du starta datorn datorn i felsäkert läge, tryck F8 upprepade gånger under uppstarten och välj felsäkert i menyn som kommer upp, och se om det går bättre att köra ComboFix då.

Link to comment
Share on other sites
jonzzon

jonzzon

Posted
  • Author
Posted

Här kommer loggen:

 

ComboFix 10-03-13.01 - Henrik 2010-03-14 18:27:15.1.2 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1007.714 [GMT 1:00]

Körs från: c:\documents and settings\Henrik\Skrivbord\ComboFix.exe

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

 

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Henrik\Application Data\inst.exe

c:\program\webserver

c:\program\webserver\webserver.exe

c:\windows\bill103.exe

c:\windows\bk23567.dat

c:\windows\fdgg34353edfgdfdf

c:\windows\lgo

c:\windows\ligh

c:\windows\system32\drivers\imapioko.sys

c:\windows\system32\erokosvc.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_APTO6KO

-------\Legacy_CAPTCHA

-------\Legacy_CPQOKO6

-------\Legacy_WEBSERVER

-------\Service_apto6ko

-------\Service_captcha

-------\Service_cpqoko6

-------\Service_webserver

 

 

(((((((((((((((((((((((( Filer Skapade från 2010-02-14 till 2010-03-14 ))))))))))))))))))))))))))))))

.

 

2010-03-14 17:23 . 2010-03-14 17:23 -------- d-----w- c:\documents and settings\Administratör

2010-03-13 19:39 . 2010-03-13 19:39 -------- d-sh--w- c:\documents and settings\Johanna\PrivacIE

2010-03-13 19:32 . 2010-03-13 19:32 55184 ----a-w- c:\windows\system32\PxSecure.dll

2010-03-13 19:32 . 2010-03-13 19:32 50504 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-03-13 19:32 . 2010-03-13 19:32 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-03-13 19:32 . 2010-03-13 19:32 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2010-03-13 19:32 . 2010-03-13 19:32 -------- d-----w- c:\program\Prevx

2010-03-13 19:31 . 2010-03-13 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI

2010-03-12 18:05 . 2010-03-12 18:05 18944 ----a-w- c:\windows\system32\captcha.dll

2010-03-11 05:24 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-02-23 17:58 . 2010-02-23 17:58 11592912 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\VoddlerPlayer.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-13 16:50 . 2007-05-06 04:24 -------- d-----w- c:\documents and settings\Johanna\Application Data\Personal

2010-03-13 16:50 . 2008-03-11 13:50 -------- d-----w- c:\documents and settings\Johanna\Application Data\iid

2010-03-10 22:09 . 2007-06-14 19:10 -------- d-----w- c:\documents and settings\Henrik\Application Data\uTorrent

2010-03-04 19:55 . 2009-01-09 21:46 -------- d-----w- c:\documents and settings\Henrik\Application Data\Spotify

2010-02-24 04:29 . 2009-12-27 14:19 520340 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\Uninstall.exe

2010-02-23 17:58 . 2010-02-23 17:58 11592912 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\VoddlerPlayer.exe

2010-02-12 05:08 . 2007-05-05 04:04 -------- d-----w- c:\program\Google

2010-02-02 14:32 . 2008-03-10 13:11 -------- d-----w- c:\documents and settings\Henrik\Application Data\iid

2010-02-02 14:32 . 2010-02-02 14:32 -------- d-----w- c:\program\Net iD

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-27 11:28 . 2009-12-27 11:27 7378 ----a-w- c:\program\uninstal.log

2009-12-21 19:09 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 11:39 . 2009-12-17 11:39 499712 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\MSVCP71.DLL

2009-12-17 11:39 . 2009-12-17 11:39 348160 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\msvcr71.dll

2009-12-17 11:39 . 2009-12-17 11:39 339968 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\SDL.dll

2009-12-17 11:39 . 2009-12-17 11:39 212992 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\glew32.dll

2009-12-17 07:42 . 2007-04-27 09:00 343552 ----a-w- c:\windows\system32\mspaint.exe

2007-12-03 19:21 . 2007-12-03 19:21 289 ----a-w- c:\program\SELicense.dat

2007-12-03 19:21 . 2007-12-03 19:21 33749 ----a-w- c:\program\ReadMessageLight.htm

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program\Winamp Toolbar\winamptb.dll" [2008-07-02 1267040]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]

"SoundMAXPnP"="c:\program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"Acrobat Assistant 8.0"="c:\program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

"ShStatEXE"="c:\program\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

"McAfeeUpdaterUI"="c:\program\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]

"Bredbandsbolaget Servicecenter"="c:\program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" [2008-04-21 443752]

"Google Desktop Search"="c:\program\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-06 30192]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-02-23 573640]

"Net iD"="c:\program\Net iD\iid.exe" [2009-01-09 95472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SymLnch"="c:\documents and settings\Henrik\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 687976]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-11-15 939920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\program\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\utorrent\\utorrent.exe"=

"c:\\Program\\Bredbandsbolaget\\Servicecenter\\Bredbandsbolaget.exe"=

"c:\\Program\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8085:TCP"= 8085:TCP:OKOToGate

"53:TCP"= 53:TCP:webserver

 

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-03-13 30280]

R2 CSIScanner;CSIScanner;c:\program\Prevx\prevx.exe [2010-03-13 6300592]

R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-03-13 50504]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-02-23 1236176]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-03-13 24368]

R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-09-22 42368]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

S2 gupdate1ca0eb7fa3d1d96;Tjänsten Google Update (gupdate1ca0eb7fa3d1d96);c:\program\Google\Update\GoogleUpdate.exe [2009-07-27 133104]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-29 30192]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

tapisrvs REG_MULTI_SZ cpqoko6

captcha REG_MULTI_SZ captcha

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

 

2010-03-14 c:\windows\Tasks\Google Software Updater.job

- c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-05 12:43]

 

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2009-07-27 12:44]

 

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2009-07-27 12:44]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.svttext.se/

uInternet Settings,ProxyOverride = *.local

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: handelsbanken.se

DPF: DirectEdit - hxxp://support.itsolutions.no/browsertest/components/DirectEdit.CAB

DPF: {4F56AFAB-9893-4500-8F5D-16EA8CA9115B} - hxxp://www.solidedge.com/evaluationlicense/download/SEEvalVolExt.cab

DPF: {5BF56AD2-E297-416E-BC49-000004040507} - hxxps://cve.trust.telia.com/TeliaEleg/iidsetup.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://snabbt.bredband.com/check/fscax.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.170.248.13/activex/AMC.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-14 18:38

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-57989841-2052111302-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(2428)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program\WinRAR\rarext.dll

c:\program\McAfee\VirusScan Enterprise\shext.dll

c:\program\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll

c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

c:\program\McAfee\VirusScan Enterprise\scriptcl.dll

c:\windows\system32\VBScript.dll

c:\program\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll

c:\program\Delade filer\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\McAfee\Common Framework\FrameworkService.exe

c:\program\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program\McAfee\Common Framework\naPrdMgr.exe

c:\program\Analog Devices\SoundMAX\SMAgent.exe

c:\program\McAfee\Common Framework\McTray.exe

c:\windows\system32\WgaTray.exe

c:\program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Sluttid: 2010-03-14 18:44:17 - datorn startades om.

ComboFix-quarantined-files.txt 2010-03-14 17:44

 

Före genomsökningen: 20 441 657 344 byte ledigt

Efter genomsökningen: 21 245 464 576 byte ledigt

 

- - End Of File - - E5E817C0C88F509A73F6420E6B42C87F

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Jag ser att du har installerat PrevX. Har det hittat något?

 

Kan du ta bort filen:

2010-03-12 18:05 . 2010-03-12 18:05 18944 ----a-w- c:\windows\system32\captcha.dll

 

Följande är två portar som har öppnats i Windows-brandväggen:

"8085:TCP"= 8085:TCP:OKOToGate

"53:TCP"= 53:TCP:webserver

Det innebär att det via de två portarna går att komma åt din dator från internet.

Det sista hör definitivt ihop med det skadliga programmet och ska tas bort. Känner du till det första? Om inte så ta bort det också.

 

När du har fixat ovanstående så starta om datorn och kör ComboFix en gång till. Klistra in loggen.

Link to comment
Share on other sites
jonzzon

jonzzon

Posted
  • Author
Posted

Se svar nedan

 

Jag ser att du har installerat PrevX. Har det hittat något?

Det gjorde det men jag kommer inte ihåg vad.

 

Kan du ta bort filen:

2010-03-12 18:05 . 2010-03-12 18:05 18944 ----a-w- c:\windows\system32\captcha.dll

Ja.

 

Följande är två portar som har öppnats i Windows-brandväggen:

"8085:TCP"= 8085:TCP:OKOToGate

"53:TCP"= 53:TCP:webserver

Det innebär att det via de två portarna går att komma åt din dator från internet.

Det sista hör definitivt ihop med det skadliga programmet och ska tas bort. Känner du till det första? Om inte så ta bort det också.

Tog bort båda.

 

När du har fixat ovanstående så starta om datorn och kör ComboFix en gång till. Klistra in loggen.

 

Här kommer uppdaterad logg:

 

ComboFix 10-03-13.01 - Henrik 2010-03-14 19:53:17.2.2 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1007.713 [GMT 1:00]

Körs från: c:\documents and settings\Henrik\Skrivbord\ComboFix.exe

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

 

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-02-14 till 2010-03-14 ))))))))))))))))))))))))))))))

.

 

2010-03-14 17:23 . 2010-03-14 17:23 -------- d-----w- c:\documents and settings\Administratör

2010-03-13 19:39 . 2010-03-13 19:39 -------- d-sh--w- c:\documents and settings\Johanna\PrivacIE

2010-03-13 19:32 . 2010-03-13 19:32 55184 ----a-w- c:\windows\system32\PxSecure.dll

2010-03-13 19:32 . 2010-03-13 19:32 50504 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-03-13 19:32 . 2010-03-13 19:32 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-03-13 19:32 . 2010-03-13 19:32 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2010-03-13 19:32 . 2010-03-13 19:32 -------- d-----w- c:\program\Prevx

2010-03-13 19:31 . 2010-03-13 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI

2010-03-11 05:24 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-02-23 17:58 . 2010-02-23 17:58 11592912 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\VoddlerPlayer.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-13 16:50 . 2007-05-06 04:24 -------- d-----w- c:\documents and settings\Johanna\Application Data\Personal

2010-03-13 16:50 . 2008-03-11 13:50 -------- d-----w- c:\documents and settings\Johanna\Application Data\iid

2010-03-10 22:09 . 2007-06-14 19:10 -------- d-----w- c:\documents and settings\Henrik\Application Data\uTorrent

2010-03-04 19:55 . 2009-01-09 21:46 -------- d-----w- c:\documents and settings\Henrik\Application Data\Spotify

2010-02-24 04:29 . 2009-12-27 14:19 520340 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\Uninstall.exe

2010-02-23 17:58 . 2010-02-23 17:58 11592912 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\VoddlerPlayer.exe

2010-02-12 05:08 . 2007-05-05 04:04 -------- d-----w- c:\program\Google

2010-02-02 14:32 . 2008-03-10 13:11 -------- d-----w- c:\documents and settings\Henrik\Application Data\iid

2010-02-02 14:32 . 2010-02-02 14:32 -------- d-----w- c:\program\Net iD

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-27 11:28 . 2009-12-27 11:27 7378 ----a-w- c:\program\uninstal.log

2009-12-21 19:09 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-12-17 11:39 . 2009-12-17 11:39 499712 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\MSVCP71.DLL

2009-12-17 11:39 . 2009-12-17 11:39 348160 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\msvcr71.dll

2009-12-17 11:39 . 2009-12-17 11:39 339968 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\SDL.dll

2009-12-17 11:39 . 2009-12-17 11:39 212992 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\glew32.dll

2009-12-17 07:42 . 2007-04-27 09:00 343552 ----a-w- c:\windows\system32\mspaint.exe

2007-12-03 19:21 . 2007-12-03 19:21 289 ----a-w- c:\program\SELicense.dat

2007-12-03 19:21 . 2007-12-03 19:21 33749 ----a-w- c:\program\ReadMessageLight.htm

.

 

((((((((((((((((((((((((((((( SnapShot@2010-03-14_17.39.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-14 19:00 . 2010-03-14 19:00 16384 c:\windows\temp\Perflib_Perfdata_664.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program\Winamp Toolbar\winamptb.dll" [2008-07-02 1267040]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]

"SoundMAXPnP"="c:\program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"Acrobat Assistant 8.0"="c:\program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

"ShStatEXE"="c:\program\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

"McAfeeUpdaterUI"="c:\program\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]

"Bredbandsbolaget Servicecenter"="c:\program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" [2008-04-21 443752]

"Google Desktop Search"="c:\program\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-06 30192]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-02-23 573640]

"Net iD"="c:\program\Net iD\iid.exe" [2009-01-09 95472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SymLnch"="c:\documents and settings\Henrik\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 687976]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-11-15 939920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\utorrent\\utorrent.exe"=

"c:\\Program\\Bredbandsbolaget\\Servicecenter\\Bredbandsbolaget.exe"=

"c:\\Program\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8085:TCP"= 8085:TCP:*:Disabled:OKOToGate

"53:TCP"= 53:TCP:*:Disabled:webserver

 

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-03-13 30280]

R2 CSIScanner;CSIScanner;c:\program\Prevx\prevx.exe [2010-03-13 6300592]

R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-03-13 50504]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-02-23 1236176]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-03-13 24368]

R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-09-22 42368]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

S2 gupdate1ca0eb7fa3d1d96;Tjänsten Google Update (gupdate1ca0eb7fa3d1d96);c:\program\Google\Update\GoogleUpdate.exe [2009-07-27 133104]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-29 30192]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

tapisrvs REG_MULTI_SZ cpqoko6

captcha REG_MULTI_SZ captcha

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

 

2010-03-14 c:\windows\Tasks\Google Software Updater.job

- c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-05 12:43]

 

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2009-07-27 12:44]

 

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2009-07-27 12:44]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.svttext.se/

uInternet Settings,ProxyOverride = *.local

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: handelsbanken.se

DPF: DirectEdit - hxxp://support.itsolutions.no/browsertest/components/DirectEdit.CAB

DPF: {4F56AFAB-9893-4500-8F5D-16EA8CA9115B} - hxxp://www.solidedge.com/evaluationlicense/download/SEEvalVolExt.cab

DPF: {5BF56AD2-E297-416E-BC49-000004040507} - hxxps://cve.trust.telia.com/TeliaEleg/iidsetup.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://snabbt.bredband.com/check/fscax.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.170.248.13/activex/AMC.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-14 20:03

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-57989841-2052111302-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(1544)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\McAfee\Common Framework\FrameworkService.exe

c:\program\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program\McAfee\Common Framework\naPrdMgr.exe

c:\program\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\WgaTray.exe

c:\program\McAfee\Common Framework\McTray.exe

c:\program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Sluttid: 2010-03-14 20:07:39 - datorn startades om.

ComboFix-quarantined-files.txt 2010-03-14 19:07

ComboFix2.txt 2010-03-14 17:44

 

Före genomsökningen: 21 294 051 328 byte ledigt

Efter genomsökningen: 21 198 667 776 byte ledigt

 

- - End Of File - - 792BC249E4796F389A2F6CD461524F6F

Link to comment
Share on other sites
jonzzon

jonzzon

Posted
  • Author
Posted

Här kommer DDS-loggen:

 

DDS (Ver_09-12-01.01) - NTFSx86

Run by Henrik at 6:22:04,40 on 2010-03-15

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1007.518 [GMT 1:00]

 

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Prevx\prevx.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\McAfee\Common Framework\FrameworkService.exe

C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Program\Prevx\prevx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program\McAfee\Common Framework\UdaterUI.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\McAfee\Common Framework\McTray.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Voddler\service\VNetManager.exe

C:\Program\Net iD\iid.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\ctfmon.exe

F:\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.svttext.se/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program\winamp toolbar\winamptb.dll

mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program\winamp toolbar\winamptb.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program\winamp toolbar\winamptb.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program\mcafee\virusscan enterprise\scriptcl.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Bredbandsbolaget Servicecenter Plugin: {db87cde1-ef9c-44eb-a42f-6d0b3c72c516} - c:\program\bredbandsbolaget\servicecenter\IEFixItNowPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program\winamp toolbar\winamptb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [soundMAXPnP] c:\program\analog devices\soundmax\SMax4PNP.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [RemoteControl] c:\program\cyberlink\powerdvd\PDVDServ.exe

mRun: [Acrobat Assistant 8.0] "c:\program\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [shStatEXE] "c:\program\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfeeUpdaterUI] "c:\program\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey

mRun: [bredbandsbolaget Servicecenter] "c:\program\bredbandsbolaget\servicecenter\Bredbandsbolaget.exe"

mRun: [Google Desktop Search] "c:\program\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe

mRun: [Net iD] "c:\program\net id\iid.exe"

mRunOnce: [symLnch] "c:\documents and settings\henrik\application data\symantec\layouts\norton antivirus\15.0\symalllanguages\nav_esd\20070829\support\symlnch\symlnch.exe" "c:\documents and settings\henrik\application data\symantec\layouts\norton antivirus\15.0\symalllanguages\nav_esd\20070829\Setup.exe" "/UPREBOOT /temp /patched"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL

Trusted Zone: handelsbanken.se

DPF: DirectEdit - hxxp://support.itsolutions.no/browsertest/components/DirectEdit.CAB

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {4F56AFAB-9893-4500-8F5D-16EA8CA9115B} - hxxp://www.solidedge.com/evaluationlicense/download/SEEvalVolExt.cab

DPF: {5BF56AD2-E297-416E-BC49-000004040507} - hxxps://cve.trust.telia.com/TeliaEleg/iidsetup.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177665183093

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177686431562

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.postfoto.se/aurigma/ImageUploader4.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://snabbt.bredband.com/check/fscax.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.170.248.13/activex/AMC.cab

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

============= SERVICES / DRIVERS ===============

 

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-3-13 30280]

R1 mferkdk;VSCore mferkdk;c:\program\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]

R2 CSIScanner;CSIScanner;c:\program\prevx\prevx.exe [2010-3-13 6300592]

R2 McAfeeFramework;McAfee Framework Service;c:\program\mcafee\common framework\FrameworkService.exe [2008-4-1 104000]

R2 McShield;McAfee McShield;c:\program\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]

R2 McTaskManager;McAfee Task Manager;c:\program\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]

R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-3-13 50504]

R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2010-2-23 1236176]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-4-1 72264]

R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-4-1 34152]

R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-4-1 168776]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-3-13 24368]

R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-22 42368]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\symantec\liveupdate\aluschedulersvc.exe" --> c:\program\symantec\liveupdate\ALUSchedulerSvc.exe [?]

S2 gupdate1ca0eb7fa3d1d96;Tjänsten Google Update (gupdate1ca0eb7fa3d1d96);c:\program\google\update\GoogleUpdate.exe [2009-7-27 133104]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program\google\google desktop search\GoogleDesktop.exe [2008-9-29 30192]

 

=============== Created Last 30 ================

 

2010-03-14 17:25:33 98816 ----a-w- c:\windows\sed.exe

2010-03-14 17:25:33 77312 ----a-w- c:\windows\MBR.exe

2010-03-14 17:25:33 261632 ----a-w- c:\windows\PEV.exe

2010-03-14 17:25:33 161792 ----a-w- c:\windows\SWREG.exe

2010-03-13 19:32:22 55184 ----a-w- c:\windows\system32\PxSecure.dll

2010-03-13 19:32:21 50504 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-03-13 19:32:21 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-03-13 19:32:20 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2010-03-13 19:32:19 0 d-----w- c:\program\Prevx

2010-03-13 19:31:52 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI

2010-03-13 19:31:51 49 ----a-w- c:\windows\wininit.ini

2010-03-11 05:24:09 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

 

==================== Find3M ====================

 

2009-12-27 11:28:58 7378 ----a-w- c:\program\uninstal.log

2009-12-21 19:09:46 916480 ------w- c:\windows\system32\wininet.dll

2009-12-17 07:42:44 343552 ----a-w- c:\windows\system32\mspaint.exe

2007-12-03 19:21:55 289 ----a-w- c:\program\SELicense.dat

2007-12-03 19:21:29 33749 ----a-w- c:\program\ReadMessageLight.htm

2008-10-06 20:37:21 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012008100620081007\index.dat

 

============= FINISH: 6:22:46,25 ===============

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Varför har du valt att ha ett antivirusprogram som är avpassat för företag? Det innebär sämre säkerhet när man använder datorn som privatperson.

 

Jag kan bedöma säkerheten i datorn bättre om jag även får se Attach-loggen från DDS.

 

Kopiera alla rader i rutan:

DDS::
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program\winamp toolbar\winamptb.dll
S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\symantec\liveupdate\aluschedulersvc.exe" --> c:\program\symantec\liveupdate\ALUSchedulerSvc.exe [?]

och klistra in i Anteckningar.

Kontrollera att det är exakt 4 rader text ordnade precis som här.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Link to comment
Share on other sites
jonzzon

jonzzon

Posted
  • Author
Posted

Anledning till att jag använder McAfee företag, vi får använda den gratis och

den rekommenderades av IT-avdelningen på vårt företag, intressant att den är sämre...

 

ComboFix 10-03-13.01 - Henrik 2010-03-15 19:34:44.3.2 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1007.808 [GMT 1:00]

Körs från: c:\documents and settings\Henrik\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Henrik\Skrivbord\CFScript.txt

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

 

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-02-15 till 2010-03-15 ))))))))))))))))))))))))))))))

.

 

2010-03-14 17:23 . 2010-03-14 17:23 -------- d-----w- c:\documents and settings\Administratör

2010-03-13 19:39 . 2010-03-13 19:39 -------- d-sh--w- c:\documents and settings\Johanna\PrivacIE

2010-03-13 19:32 . 2010-03-13 19:32 55184 ----a-w- c:\windows\system32\PxSecure.dll

2010-03-13 19:32 . 2010-03-13 19:32 50504 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-03-13 19:32 . 2010-03-13 19:32 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-03-13 19:32 . 2010-03-13 19:32 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2010-03-13 19:32 . 2010-03-13 19:32 -------- d-----w- c:\program\Prevx

2010-03-13 19:31 . 2010-03-13 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI

2010-03-11 05:24 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-02-23 17:58 . 2010-02-23 17:58 11592912 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\VoddlerPlayer.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-15 05:12 . 2007-04-27 15:48 -------- d-----w- c:\program\Delade filer\Symantec Shared

2010-03-13 16:50 . 2007-05-06 04:24 -------- d-----w- c:\documents and settings\Johanna\Application Data\Personal

2010-03-13 16:50 . 2008-03-11 13:50 -------- d-----w- c:\documents and settings\Johanna\Application Data\iid

2010-03-10 22:09 . 2007-06-14 19:10 -------- d-----w- c:\documents and settings\Henrik\Application Data\uTorrent

2010-03-04 19:55 . 2009-01-09 21:46 -------- d-----w- c:\documents and settings\Henrik\Application Data\Spotify

2010-02-24 04:29 . 2009-12-27 14:19 520340 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\Uninstall.exe

2010-02-23 17:58 . 2010-02-23 17:58 11592912 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\VoddlerPlayer.exe

2010-02-12 05:08 . 2007-05-05 04:04 -------- d-----w- c:\program\Google

2010-02-02 14:32 . 2008-03-10 13:11 -------- d-----w- c:\documents and settings\Henrik\Application Data\iid

2010-02-02 14:32 . 2010-02-02 14:32 -------- d-----w- c:\program\Net iD

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-27 11:28 . 2009-12-27 11:27 7378 ----a-w- c:\program\uninstal.log

2009-12-21 19:09 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-12-17 11:39 . 2009-12-17 11:39 499712 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\MSVCP71.DLL

2009-12-17 11:39 . 2009-12-17 11:39 348160 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\msvcr71.dll

2009-12-17 11:39 . 2009-12-17 11:39 339968 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\SDL.dll

2009-12-17 11:39 . 2009-12-17 11:39 212992 ----a-w- c:\documents and settings\All Users\Application Data\Voddler\glew32.dll

2009-12-17 07:42 . 2007-04-27 09:00 343552 ----a-w- c:\windows\system32\mspaint.exe

2007-12-03 19:21 . 2007-12-03 19:21 289 ----a-w- c:\program\SELicense.dat

2007-12-03 19:21 . 2007-12-03 19:21 33749 ----a-w- c:\program\ReadMessageLight.htm

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program\Winamp Toolbar\winamptb.dll" [2008-07-02 1267040]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]

"SoundMAXPnP"="c:\program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"Acrobat Assistant 8.0"="c:\program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

"ShStatEXE"="c:\program\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

"McAfeeUpdaterUI"="c:\program\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]

"Bredbandsbolaget Servicecenter"="c:\program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" [2008-04-21 443752]

"Google Desktop Search"="c:\program\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-06 30192]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-02-23 573640]

"Net iD"="c:\program\Net iD\iid.exe" [2009-01-09 95472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SymLnch"="c:\documents and settings\Henrik\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 687976]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-11-15 939920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\utorrent\\utorrent.exe"=

"c:\\Program\\Bredbandsbolaget\\Servicecenter\\Bredbandsbolaget.exe"=

"c:\\Program\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"53:TCP"= 53:TCP:*:Disabled:webserver

 

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-03-13 30280]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-03-13 24368]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

S2 CSIScanner;CSIScanner;c:\program\Prevx\prevx.exe [2010-03-13 6300592]

S2 gupdate1ca0eb7fa3d1d96;Tjänsten Google Update (gupdate1ca0eb7fa3d1d96);c:\program\Google\Update\GoogleUpdate.exe [2009-07-27 133104]

S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-03-13 50504]

S2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-02-23 1236176]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-29 30192]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-09-22 42368]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

tapisrvs REG_MULTI_SZ cpqoko6

captcha REG_MULTI_SZ captcha

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

 

2010-03-15 c:\windows\Tasks\Google Software Updater.job

- c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-05 12:43]

 

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2009-07-27 12:44]

 

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2009-07-27 12:44]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.svttext.se/

uInternet Settings,ProxyOverride = *.local

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: handelsbanken.se

DPF: DirectEdit - hxxp://support.itsolutions.no/browsertest/components/DirectEdit.CAB

DPF: {4F56AFAB-9893-4500-8F5D-16EA8CA9115B} - hxxp://www.solidedge.com/evaluationlicense/download/SEEvalVolExt.cab

DPF: {5BF56AD2-E297-416E-BC49-000004040507} - hxxps://cve.trust.telia.com/TeliaEleg/iidsetup.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://snabbt.bredband.com/check/fscax.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.170.248.13/activex/AMC.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-15 19:40

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-57989841-2052111302-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Sluttid: 2010-03-15 19:43:17

ComboFix-quarantined-files.txt 2010-03-15 18:43

ComboFix2.txt 2010-03-14 19:07

ComboFix3.txt 2010-03-14 17:44

 

Före genomsökningen: 21 209 092 096 byte ledigt

Efter genomsökningen: 21 187 596 288 byte ledigt

 

- - End Of File - - 4A5BB10C459148C9B4F9ABDE431EF8F4

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Får du använda McAfee gratis så förstår jag dig. Man kan se att McAfee för företag har ett separat antispionprogram medan alla antivirusprogram för privatanvändare numera är ett program som skyddar mot både virus och spionprogram. Det var det jag reagerade på.

 

Om du nu öppnar filen CFScript.txt (dubbelklicka på den). Ser den då ut precis som jag skrev förut med 4 rader?

För ComboFix tycks inte ha förstått vad den skulle göra.

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Okej, då får vi fixa det på ett annat sätt.

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp Automatisk LiveUpdate-schemaläggare i listan, dubbelklicka och välj Startmetod Inaktiverad.

 

Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in i ditt svar.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing


×
×
  • Create New...