Virus problem, kan ej surfa.

23 juli, 2010

Ah okay.

Nod32 är avinstallerat, körs Avast istället.

MBAM hittade nån trojan som den tog bort, men bror min han göra de utan min vetskap så har ingen log kvar, men verkar som att de är lite små dret kvar. Återkommer!

24 juli, 2010

Kolla på fliken Loggar i MBAM om inte loggen finns kvar där.

Har du sökt igenom datorn med Avast? Hittades något och i så fall vad?

6 augusti, 2010

Sådär, tillbaka till verkligheten efter att ha varit bortrest ett tag.

Vi har nu skannat datorn med alla samma program igen.

Malaware har hittat en massa men det har tagits bort nu enligt programmet.

Men ändå nåt skit kvar som kopplar upp sig till vissa sidor av nån anledning, hoppar till vissa andra sidor (kommer upp som en ny flik hela tiden i Mozilla Firefox.

Här är lite loggar på programmen vi kört igen efter att kommit hem tillbaka;

Combofix igen;

ComboFix 10-08-02.03 - Anvädaren 2010-08-04 19:53:50.7.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2047.1649 [GMT 2:00]

Körs från: c:\documents and settings\Anvädaren\Mina dokument\Hämtade filer\ComboFix.exe

.

(((((((((((((((((((((((( Filer Skapade från 2010-07-04 till 2010-08-04 ))))))))))))))))))))))))))))))

.

2010-08-03 17:34 . 2010-08-03 17:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-08-03 17:33 . 2010-08-03 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-08-03 17:33 . 2010-08-03 17:33 -------- d-----w- c:\program\Hitman Pro 3.5

2010-08-03 06:03 . 2010-08-03 06:03 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-02 14:53 . 2010-08-02 14:53 0 ----a-w- c:\windows\nsreg.dat

2010-08-02 06:31 . 2010-08-02 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-02 06:31 . 2010-08-02 06:37 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-08-02 06:16 . 2010-08-02 06:16 -------- d-----w- c:\program\Delade filer\Java

2010-08-02 06:16 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-01 15:48 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-08-01 15:48 . 2010-08-01 15:48 -------- d-----w- c:\program\Panda Security

2010-07-29 12:03 . 2010-07-29 12:03 -------- d-----r- c:\documents and settings\NetworkService\Favoriter

2010-07-24 11:09 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

2010-07-24 11:01 . 2010-07-24 11:09 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-07-23 11:53 . 2010-07-23 11:53 -------- d-----w- c:\program\Alwil Software

2010-07-23 11:53 . 2010-07-23 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-07-21 16:58 . 2010-07-21 16:58 -------- d-----w- c:\windows\system32\wbem\Repository

2010-07-19 20:22 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-07-19 19:41 . 2010-07-19 19:47 -------- d-----w- c:\windows\SxsCaPendDel

2010-07-19 19:16 . 2010-07-19 19:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-04 17:50 . 2009-12-09 19:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

2010-08-02 07:06 . 2009-11-18 12:17 67072 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-08-02 06:19 . 2009-11-03 19:43 -------- d-----w- c:\program\HP

2010-08-02 06:17 . 2009-11-03 19:51 -------- d-----w- c:\program\Delade filer\HP

2010-08-02 06:15 . 2009-10-26 08:11 -------- d-----w- c:\program\Java

2010-07-31 07:46 . 2009-10-30 09:38 -------- d-----w- c:\program\BitComet

2010-07-21 16:47 . 2010-07-21 16:55 214694 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1053.dat

2010-07-20 08:30 . 2009-12-31 16:55 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 04:41 . 2009-10-28 17:21 -------- d-----w- c:\program\Norman

2010-07-19 20:04 . 2009-10-31 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-07-12 08:55 . 2010-03-25 06:40 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-06-23 20:49 . 2008-04-15 12:00 92094 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-23 20:49 . 2008-04-15 12:00 463742 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-23 18:52 . 2009-12-02 19:07 -------- d-----w- c:\program\Tablet

2010-06-16 19:25 . 2010-06-16 19:25 -------- d-----w- c:\program\iTunes

2010-06-16 19:25 . 2010-06-16 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-06-16 19:25 . 2010-06-16 19:25 -------- d-----w- c:\program\iPod

2010-06-16 19:25 . 2009-10-31 08:10 -------- d-----w- c:\program\Delade filer\Apple

2010-06-16 19:23 . 2009-10-31 12:17 -------- d-----w- c:\program\QuickTime

2010-06-16 19:21 . 2010-06-16 19:21 -------- d-----w- c:\program\Bonjour

2010-06-16 19:16 . 2009-10-28 18:30 -------- d-----w- c:\program\VideoLAN

2010-06-16 19:16 . 2010-06-16 19:16 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

2010-06-14 14:31 . 2009-10-22 12:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-05-23 06:12 . 2009-11-10 06:59 8 ----a-w- c:\windows\system32\nvModes.dat

.

((((((((((((((((((((((((((((( SnapShot@2010-07-20_11.40.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2010-08-04 17:50 . 2010-08-04 17:50 16384 c:\windows\temp\Perflib_Perfdata_770.dat

+ 2010-07-24 11:22 . 2010-07-12 08:55 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys

+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 begin_of_the_skype_highlighting 02 653120 end_of_the_skype_highlighting begin_of_the_skype_highlighting 02 653120 end_of_the_skype_highlighting c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-11-13 14:56 . 2010-07-21 17:13 144476 c:\windows\system32\Restore\rstrlog.dat

+ 2010-07-24 05:44 . 2010-07-24 05:44 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe

+ 2010-08-02 06:16 . 2010-07-17 03:00 153376 c:\windows\system32\javaws.exe

- 2009-10-26 08:38 . 2009-07-25 04:23 145184 c:\windows\system32\javaw.exe

+ 2010-08-02 06:16 . 2010-07-17 03:00 145184 c:\windows\system32\javaw.exe

+ 2010-08-02 06:15 . 2010-07-17 03:00 145184 c:\windows\system32\java.exe

- 2009-10-26 08:38 . 2009-07-25 04:23 145184 c:\windows\system32\java.exe

+ 2010-07-23 11:53 . 2010-07-23 11:53 219648 c:\windows\Installer\a68730.msi

+ 2010-08-02 06:16 . 2010-08-02 06:16 180224 c:\windows\Installer\1ca14.msi

+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2010-07-24 05:44 . 2010-07-24 05:44 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2009-10-22 14:15 . 2010-08-02 06:26 3488384 c:\windows\system32\FNTCACHE.DAT

+ 2010-07-24 11:09 . 2010-07-24 11:09 1866752 c:\windows\Installer\1b4db.msi

+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\145356.msp

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]

"nwiz"="nwiz.exe" [2007-11-06 1626112]

"VolPanel"="c:\program\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AdobeCS4ServiceManager"="c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2010-03-17 421888]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\

Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-30 110592]

Windows Search.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program\\BitComet\\BitComet.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\Warcraft II BNE\\Warcraft II BNE.exe"=

"c:\\Program\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program\\DC++\\DCPlusPlus.exe"=

"c:\\Program\\Tablet\\Wacom\\PrefUtil.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"7303:TCP"= 7303:TCP:BitComet 7303 TCP

"7303:UDP"= 7303:UDP:BitComet 7303 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-03-25 64288]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-08-01 28552]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-12-02 5010288]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-10-23 39424]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-06-04 171032]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-06-04 1324056]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-06-04 72728]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-11-18 16168]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program\Delade filer\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-23 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-06-04 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-06-04 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-06-04 72728]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-02 691696]

.

Innehållet i mappen 'Schemalagda aktiviteter':

2010-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

2010-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2010-08-04 c:\windows\Tasks\User_Feed_Synchronization-{8549F50F-53DC-4CE4-A61C-F9C05D34D743}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

mWindow Title = Erhållen av Wermlandsdata

uInternet Settings,ProxyOverride = <local>

IE: &D&ownload &with BitComet - c:\program\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program\BitComet\BitComet.exe/AddAllLink.htm

DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} - hxxp://www.commandondemand.com/eval/cod/cabs/cssweb.cab

DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab

FF - ProfilePath - c:\documents and settings\Anvädaren\Application Data\Mozilla\Firefox\Profiles\40amxa4k.default\

FF - plugin: c:\program\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program\TabletPlugins\npwacom.dll

FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-04 20:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys >>UNKNOWN [0x8A871A17]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f37852

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9e30bb0

PacketIndicateHandler -> NDIS.sys @ 0xb9e1fa0d

SendHandler -> NDIS.sys @ 0xb9e33b40

user & kernel MBR OK

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(520)

c:\program\Delade filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Sluttid: 2010-08-04 20:04:56

ComboFix-quarantined-files.txt 2010-08-04 18:04

ComboFix2.txt 2010-07-22 17:27

ComboFix3.txt 2010-07-22 16:13

ComboFix4.txt 2010-07-22 12:58

ComboFix5.txt 2010-08-03 17:43

Före genomsökningen: 17 727 574 016 byte ledigt

Efter genomsökningen: 17 713 582 080 byte ledigt

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - 750D04794E57FFD8D8EFA56611B55705

Combofix karantän filer;

2010-07-22 12:47:57 . 2010-07-22 12:47:57 1,432 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_yvtikpdt.reg.dat

2010-07-22 12:47:56 . 2010-07-22 12:47:56 1,220 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_yvtikpdt.reg.dat

2010-07-20 14:00:07 . 2010-07-20 14:00:07 2,168 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bjbrqlbu.reg.dat

2010-07-20 14:00:06 . 2010-07-20 14:00:06 1,088 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BJBRQLBU.reg.dat

2010-07-20 13:51:51 . 2010-07-20 13:51:51 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt

2010-07-20 11:45:34 . 2010-07-20 11:45:34 2,818 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.reg.dat

2010-07-20 11:45:34 . 2010-07-20 11:45:34 608 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steinberg Cubase SX v2.2.0.33.reg.dat

2010-07-20 11:45:34 . 2010-07-20 11:45:34 616 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Native Instruments Battery v2.1.reg.dat

2010-07-20 11:44:30 . 2010-07-20 11:44:30 130 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-dfttuyox.reg.dat

2010-07-20 11:44:30 . 2010-07-20 11:44:30 117 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-sta.reg.dat

2010-07-20 11:44:21 . 2010-07-20 11:44:22 1,997 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{B26DA910-F1DE-426A-8282-5B55958E11B6}.reg.dat

2010-07-20 11:44:19 . 2010-07-20 11:44:20 2,143 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{1D0B2E83-D473-4E1F-B213-AA7BC759DE20}.reg.dat

2010-07-20 11:44:18 . 2010-07-20 11:44:18 2,000 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{E309578C-8EDE-4731-99FA-6810B408B1BC}.reg.dat

2010-07-20 11:35:51 . 2010-07-20 11:35:51 14,778 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\_yhhjmjti_.sys.zip

2010-07-20 11:35:41 . 2010-07-20 11:35:41 1,640 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_gajnzinf.reg.dat

2010-07-20 11:35:41 . 2010-07-20 11:35:41 1,276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_gajnzinf.reg.dat

2010-07-20 11:34:04 . 2010-08-04 17:58:52 6,440 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2010-07-20 11:11:10 . 2010-08-04 17:50:54 1,282 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-07-20 09:56:37 . 2010-07-20 10:19:51 1,772 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dfttuyo.txt.vir

2010-07-20 09:56:09 . 2010-07-20 09:56:09 40 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\service.sys.vir

2010-07-19 19:04:23 . 2010-07-20 18:07:18 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\yvtikpdt.sys.vir

2009-11-03 19:52:08 . 2009-11-03 19:52:08 915 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start-meny\HP Image Zone .lnk.vir

2008-04-15 12:00:00 . 2008-04-15 12:00:00 9 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\comsats.sys.vir

2008-04-15 12:00:00 . 2008-04-15 12:00:00 239 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Install.txt.vir

2008-04-15 12:00:00 . 2008-04-15 12:00:00 26,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir

2008-04-15 12:00:00 . 2008-04-15 12:00:00 23,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\gajnzinf.sys.vir

2008-04-15 12:00:00 . 2008-04-15 12:00:00 23,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\yhhjmjti.sys.vir

Nånting som man kan ta bort?

Gmer;

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-04 22:20:13

Windows 5.1.2600 Service Pack 3

Running: 93u6mbnh.exe; Driver: C:\DOCUME~1\ANVDAR~1\LOKALA~1\Temp\fwnyyaod.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB96A3360, 0x3441C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A

.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A0000A

.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009E000C

.text C:\WINDOWS\System32\svchost.exe[1028] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00E9000A

.text C:\WINDOWS\system32\SearchIndexer.exe[1056] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD000A

.text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CB000A

.text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BC000C

.text C:\WINDOWS\system32\wuauclt.exe[2188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A

.text C:\WINDOWS\system32\wuauclt.exe[2188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A0000A

.text C:\WINDOWS\system32\wuauclt.exe[2188] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003F000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdlhhlggibr.sys

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTd

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTc

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTsrcr

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtserf

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0xFB 0x63 0x48 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x3B 0x41 0xA8 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x73 0x1F 0xF8 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x35 0xDE 0xD0 0x99 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xCD 0x6B 0xBE ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x3B 0x41 0xA8 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x73 0x1F 0xF8 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0xD8 0xB3 0xB0 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x0C 0xBB 0x12 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x3B 0x41 0xA8 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x73 0x1F 0xF8 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0xD8 0xB3 0xB0 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x0C 0xBB 0x12 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x3B 0x41 0xA8 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x73 0x1F 0xF8 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0xD8 0xB3 0xB0 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x0C 0xBB 0x12 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x3B 0x41 0xA8 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x73 0x1F 0xF8 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0xD8 0xB3 0xB0 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x0C 0xBB 0x12 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x3B 0x41 0xA8 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x73 0x1F 0xF8 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0xD8 0xB3 0xB0 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x0C 0xBB 0x12 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x3B 0x41 0xA8 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x73 0x1F 0xF8 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0xD8 0xB3 0xB0 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x0C 0xBB 0x12 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x3B 0x41 0xA8 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x73 0x1F 0xF8 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0xD8 0xB3 0xB0 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x0C 0xBB 0x12 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x3B 0x41 0xA8 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x73 0x1F 0xF8 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0xD8 0xB3 0xB0 ...

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x0C 0xBB 0x12 ...

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x3B 0x41 0xA8 ...

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x73 0x1F 0xF8 ...

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0xD8 0xB3 0xB0 ...

---- EOF - GMER 1.0.15 ----

och Rootrepeal;

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/08/04 20:44

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xA896D000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA63A000 Size: 8192 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA7607000 Size: 49152 File Visible: No Signed: -

Status: -

SSDT

-------------------

#: 041 Function Name: NtCreateKey

Status: Hooked by "Lbd.sys" at address 0xba0f887e

#: 247 Function Name: NtSetValueKey

Status: Hooked by "Lbd.sys" at address 0xba0f8bfe

==EOF==

Tack för all hjälp so far Cecilia!

6 augusti, 2010

Kan du klistra in dagens logg från MBAM? Du hittar den på fliken Loggar i MBAM.

Sök igenom datorn med Avast och klistra in loggen om något hittas.

Klistra in loggen C:\Qoobox\ComboFix5.txt för den skapades för tre dagar sedan så den har jag inte sett.

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här.

c:\windows\pchealth\helpctr\binaries\helpsvc.exe

Avinstallera det som finns med Panda i Lägg till och ta bort program. Starta sedan om datorn och kör ComboFix igen och klistra in dess logg.

6 augusti, 2010

Har skannat med Avast och den hittar nåt som är satt i karantän, men varken jag eller brorsan lyckas hitta några loggar.

Skickar båda Malaware, före och efter;

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databasversion: 4393

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2010-08-05 17:56:03

mbam-log-2010-08-05 (17-56-03).txt

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 254151

Förfluten tid: 51 minut(er), 35 sekund(er)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

C:\System Volume Information\_restore{EF285882-231C-4C1A-A3D4-3944938805B3}\RP13\A0006366.exe (Malware.Packer.Gen) -> No action taken.

Efter;

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databasversion: 4393

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2010-08-05 18:54:18

mbam-log-2010-08-05 (18-54-18).txt

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 253957

Förfluten tid: 49 minut(er), 14 sekund(er)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

(Inga illasinnade poster hittades)

http://www.virustotal.com/sv/reanalisis.html?adbf3948908ab0c487d2b536e2f8e0c0803ef2bde109ac525677582549f7a7e2-1281116365

Avast verkar hindra Combofix från att söka(trots att vi stängt av som guiden hänvisar till), så brorsan ska avinstallera de och skanna nu så kommer loggen imorn.

6 augusti, 2010

Länken till virustotal fungerar inte. Du får klicka på knappen "Visa senaste rapport" innan du kopierar länken.

Du klistrade in tre ComboFix-länkar som redan är inklistrade i tråden i stället för den som gjordes för tre dagar sedan, ComboFix5.txt 2010-08-03 17:43

I Avast kan du hitta loggar genom att välja "Skanna dator" till vänster och sedan "Skanningslogg". Markera en logg och klicka sedan på en knapp för att visa resultatet.

7 augusti, 2010

Nån annan CombiFix5.txt finns inte längre från den tredje augusti, måste ha blivit ersatt?

Här är nya länken, nu bör den funka iaf;

http://www.virustotal.com/sv/analisis/adbf3948908ab0c487d2b536e2f8e0c0803ef2bde109ac525677582549f7a7e2-1281082415

Avast har han avinstallerat för att kunna köra Combofix för tillfället, programmet blockar Comobofix även om man stängt av allt som man ska nämligen.

Men Avast är installerat igen och hittar nu inte dom filerna som låg i karantän dock, så dom ligegr väl å spökar nånstans.

Jäkla avancerade datorer, haha!

7 augusti, 2010

När man avinstallerar ett antivirusprogram kan det vara så att det som finns i karantänen tas bort helt från datorn.

Hittar Avast något vid en skanning av datorn? I så fall klistra in den loggen.

Spara GooredFix på Skrivbordet, från en av länkarna:

http://jpshortstuff.247fixes.com/GooredFix.exe

http://downloads.securitycadets.com/GooredFix.exe

Dubbelklicka på programmet för att starta det.

Klicka på Yes för att starta skanningen.

Kopiera innehållet i loggen som kommer upp och den finns även på skrivbordet med namnet GooredFix.txt.

11 augusti, 2010

Tjo, här är senaste loggen;

GooredFix by jpshortstuff (03.07.10.1)

Log created at 18:44 on 07/08/2010 (Anvädaren)

Firefox version 3.6.6 (sv-SE)

========== GooredScan ==========

========== GooredLog ==========

C:\Program\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:53 02/08/2010]

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [06:16 02/08/2010]

C:\Documents and Settings\Anvädaren\Application Data\Mozilla\Firefox\Profiles\40amxa4k.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b} [18:19 03/08/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:43 23/10/2009]

"jqs@sun.com"="C:\Program\Java\jre6\lib\deploy\jqs\ff" [08:11 26/10/2009]

-=E.O.F=-

11 augusti, 2010

Inget konstigt där.

Spara MBRCheck.exe av a_d_13 på Skrivbordet.

Kör programmet.

Vänta tills programmet är klart eller till texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. I det senare fallet tryck på N följt av Enter.

När det är klart skapas en loggfil på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Öppna loggen i Anteckningar genom att dubbelklicka på loggen och klistra in innehållet i ditt svar.

Samt dags för en ny ComboFix-logg eftersom det gått flera dagar. Ta bort den du har och hämta en ny. Kör på samma sätt som tidigare. http://download.bleepingcomputer.com/sUBs/ComboFix.exe

16 augusti, 2010

Jäkla envisa rackare på datan.

MBRCheck, version 1.2.3

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000007fc

Kernel Drivers (total 135):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E4000 \WINDOWS\system32\hal.dll

0x8A710000 \WINDOWS\system32\KDCOM.DLL

0xBA4BC000 \WINDOWS\system32\BOOTVID.dll

0xB9F79000 ACPI.sys

0xBA5A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0A8000 isapnp.sys

0xBA5AA000 avgarkt.sys

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xBA0B8000 MountMgr.sys

0xB9F49000 ftdisk.sys

0xBA330000 PartMgr.sys

0xBA0C8000 VolSnap.sys

0xB9F31000 atapi.sys

0xBA0D8000 disk.sys

0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9F11000 fltMgr.sys

0xB9EFF000 sr.sys

0xBA0F8000 Lbd.sys

0xBA108000 PxHelp20.sys

0xB9EE8000 KSecDD.sys

0xB9ED5000 WudfPf.sys

0xB9E48000 Ntfs.sys

0xB9E1B000 NDIS.sys

0xB9E01000 Mup.sys

0xBA208000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB96A3000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB968F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB9667000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xBA218000 \SystemRoot\system32\DRIVERS\l151x86.sys

0xBA3B8000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB9643000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA3C0000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB95C4000 \SystemRoot\system32\drivers\ctaud2k.sys

0xB95A0000 \SystemRoot\system32\drivers\portcls.sys

0xBA228000 \SystemRoot\system32\drivers\drmk.sys

0xB957D000 \SystemRoot\system32\drivers\ks.sys

0xB9548000 \SystemRoot\system32\drivers\ctoss2k.sys

0xBA3C8000 \SystemRoot\system32\drivers\ctprxy2k.sys

0xBA238000 \SystemRoot\system32\DRIVERS\serial.sys

0xBA56C000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB9534000 \SystemRoot\system32\DRIVERS\parport.sys

0xBA5CA000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0xBA248000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA258000 \SystemRoot\system32\DRIVERS\redbook.sys

0xBA3D8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xBA268000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA5CC000 \SystemRoot\system32\DRIVERS\wacomvhid.sys

0xBA278000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xBA3E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBA5CE000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys

0xBA7F1000 \SystemRoot\system32\DRIVERS\audstub.sys

0xBA288000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA580000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB951D000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xBA298000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xBA2A8000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xBA3E8000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB9444000 \SystemRoot\system32\DRIVERS\psched.sys

0xBA2B8000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA3F0000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA3F8000 \SystemRoot\system32\DRIVERS\raspti.sys

0xBA2C8000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA400000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA408000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA5D0000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB93E6000 \SystemRoot\system32\DRIVERS\update.sys

0xBA58C000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xBA5A0000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xBA410000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys

0xB9DD9000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xBA2D8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB6E90000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xBA2E8000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xBA5E8000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xB2ADD000 \SystemRoot\system32\drivers\ha20x2k.sys

0xB2AAD000 \SystemRoot\system32\drivers\emupia2k.sys

0xB2A84000 \SystemRoot\system32\drivers\ctsfm2k.sys

0xB29E8000 \SystemRoot\system32\drivers\ctac32k.sys

0xB29D3000 \SystemRoot\System32\drivers\CTHWIUT.SYS

0xB29A7000 \SystemRoot\System32\drivers\CT20XUT.SYS

0xB2860000 \SystemRoot\System32\drivers\CTEXFIFX.SYS

0xBA5EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA7FA000 \SystemRoot\System32\Drivers\Null.SYS

0xBA5EC000 \SystemRoot\System32\Drivers\Beep.SYS

0xBA7FD000 \SystemRoot\System32\DRIVERS\AvgArCln.sys

0xBA430000 \SystemRoot\System32\drivers\vga.sys

0xBA5EE000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA5F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA438000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA440000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB945D000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB282D000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB27D4000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xBA308000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xB2786000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB275E000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB273C000 \SystemRoot\System32\drivers\afd.sys

0xBA318000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB2711000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB26A1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xBA148000 \SystemRoot\System32\Drivers\Fips.SYS

0xB267A000 \SystemRoot\System32\Drivers\aswSP.SYS

0xBA340000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xBA380000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xBA178000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xBA188000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB6E70000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xBA390000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xBA398000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys

0xB259A000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xBA600000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB6E20000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA3B0000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA707000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xB2376000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0xB950D000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys

0xB235A000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB1FEB000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xB11E0000 \SystemRoot\system32\drivers\wdmaud.sys

0xB25E2000 \SystemRoot\system32\drivers\sysaudio.sys

0xB0F05000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xBA5FC000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xB0EF4000 \SystemRoot\System32\Drivers\adfs.SYS

0xB0E4D000 \SystemRoot\system32\DRIVERS\srv.sys

0xB0454000 \SystemRoot\System32\Drivers\HTTP.sys

0xB1F73000 \SystemRoot\System32\Drivers\aswRdr.SYS

0xACE6C000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):

0 System Idle Process

4 System

448 C:\WINDOWS\system32\smss.exe

672 csrss.exe

696 C:\WINDOWS\system32\winlogon.exe

744 C:\WINDOWS\system32\services.exe

756 C:\WINDOWS\system32\lsass.exe

932 C:\WINDOWS\system32\svchost.exe

1004 svchost.exe

1120 C:\WINDOWS\system32\svchost.exe

1192 C:\WINDOWS\system32\svchost.exe

1348 svchost.exe

1468 svchost.exe

1532 C:\Program\Lavasoft\Ad-Aware\AAWService.exe

1660 C:\WINDOWS\explorer.exe

1768 C:\Program\Alwil Software\Avast5\AvastSvc.exe

1892 C:\WINDOWS\RTHDCPL.exe

1920 C:\Program\Creative\Volume Panel\VolPanlu.exe

1928 C:\WINDOWS\system32\Ctxfihlp.exe

1936 C:\Program\Delade filer\Java\Java Update\jusched.exe

2024 C:\Program\iTunes\iTunesHelper.exe

2032 C:\Program\ALWILS~1\Avast5\AvastUI.exe

128 C:\WINDOWS\system32\ctfmon.exe

144 C:\Program\Windows Desktop Search\WindowsSearch.exe

1216 C:\WINDOWS\system32\spoolsv.exe

1336 C:\Program\Creative\Shared Files\CTAudSvc.exe

1876 C:\WINDOWS\system32\CTxfispi.exe

1544 svchost.exe

1076 C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2056 C:\Program\Bonjour\mDNSResponder.exe

2080 C:\WINDOWS\system32\CTSVCCDA.EXE

2188 C:\Program\Java\jre6\bin\jqs.exe

2292 C:\WINDOWS\system32\nvsvc32.exe

2376 C:\WINDOWS\system32\HPZipm12.exe

2412 C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2644 C:\WINDOWS\system32\svchost.exe

2692 C:\WINDOWS\system32\Wacom_Tablet.exe

2740 C:\WINDOWS\system32\searchindexer.exe

2840 C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

3000 C:\WINDOWS\system32\Wacom_Tablet.exe

3300 unsecapp.exe

3380 C:\Program\iPod\bin\iPodService.exe

3456 wmiprvse.exe

3784 alg.exe

220 C:\WINDOWS\system32\nvcplui.exe

3792 C:\WINDOWS\system32\svchost.exe

1948 C:\Program\Internet Explorer\iexplore.exe

812 C:\Program\Internet Explorer\iexplore.exe

2996 C:\Program\Lavasoft\Ad-Aware\AAWService.exe

1036 C:\Documents and Settings\Anvädaren\Skrivbord\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: ST3250824AS, Rev: 3.AAE

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AAE

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive1 MBR Code Faked!

SHA1: 73D0B9F01FD4F36F44A5EDC33E3160FB277FCB92

232 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: EEC098E77D0529BD75F64F7B26552C1BA4417B73

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

ComboFix 10-08-10.07 - Anvädaren 2010-08-15 11:44:12.9.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2047.1591 [GMT 2:00]

Körs från: c:\documents and settings\Anvädaren\Skrivbord\ComboFix.exe

.

(((((((((((((((((((((((( Filer Skapade från 2010-07-15 till 2010-08-15 ))))))))))))))))))))))))))))))

.

2010-08-12 05:08 . 2010-08-15 09:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

2010-08-11 10:06 . 2007-02-15 14:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys

2010-08-11 10:06 . 2008-07-11 09:16 13352 ----a-w- c:\windows\system32\drivers\wacomvhid.sys

2010-08-11 10:06 . 2007-02-16 09:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys

2010-08-11 10:05 . 2010-08-11 10:05 -------- d-----w- c:\windows\system32\WTablet

2010-08-11 10:05 . 2009-03-26 15:15 2789672 ----a-w- c:\windows\system32\Wacom_Tablet.exe

2010-08-11 10:05 . 2009-03-26 14:40 213288 ----a-w- c:\windows\system32\Wacom_Tablet.dll

2010-08-11 10:05 . 2009-03-26 14:10 172840 ----a-w- c:\windows\system32\Wintab32.dll

2010-08-11 10:05 . 2010-08-11 10:06 -------- d-----w- c:\program\Tablet

2010-08-03 17:34 . 2010-08-03 17:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-08-03 17:33 . 2010-08-03 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-08-03 17:33 . 2010-08-03 17:33 -------- d-----w- c:\program\Hitman Pro 3.5

2010-08-03 06:03 . 2010-08-11 09:59 664 ----a-w- c:\windows\system32\d3d9caps.dat