Just nu i M3-nätverket
Gå till innehåll

Virus problem, kan ej surfa.


AstroCreep

Rekommendera Poster

  • Svars 110
  • Skapad
  • Senaste svar

Kool, här kommer loggarna;

 

 

ComboFix 10-09-08.01 - Anvädaren 2010-09-08 22:11:50.12.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2047.1401 [GMT 2:00]

Körs från: c:\documents and settings\Anvädaren\Skrivbord\ComboFix.exe

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-08-08 till 2010-09-08 ))))))))))))))))))))))))))))))

.

 

2010-09-01 18:09 . 2010-09-01 18:09 61116 ----a-w- c:\documents and settings\NetworkService\Application Data\SYSTEM3SQLite3.dll

2010-09-01 04:54 . 2010-09-08 20:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

2010-08-30 09:37 . 2007-02-16 08:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys

2010-08-30 09:37 . 2009-05-20 09:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys

2010-08-30 09:36 . 2010-08-30 09:36 -------- d-----w- c:\windows\system32\WTablet

2010-08-30 09:36 . 2009-11-24 09:25 4463400 ----a-w- c:\windows\system32\Wacom_Tablet.exe

2010-08-30 09:36 . 2009-11-24 09:25 412456 ----a-w- c:\windows\system32\Wacom_Tablet.dll

2010-08-30 09:36 . 2009-11-24 09:20 285184 ----a-w- c:\windows\system32\Wintab32.dll

2010-08-30 09:36 . 2010-08-30 09:37 -------- d-----w- c:\program\Tablet

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-07 15:22 . 2009-10-30 09:38 -------- d-----w- c:\program\BitComet

2010-09-05 18:59 . 2009-11-10 06:59 8 ----a-w- c:\windows\system32\nvModes.dat

2010-09-04 04:34 . 2009-11-18 12:17 67696 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-09-01 19:42 . 2005-08-19 21:21 191 ---ha-w- c:\documents and settings\NetworkService\Application Data\SYSTEMlog.dat

2010-08-30 09:38 . 2009-12-02 17:24 -------- d-----w- c:\program\TabletPlugins

2010-08-19 19:02 . 2010-07-23 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-08-11 09:59 . 2010-08-03 06:03 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-03 17:34 . 2010-08-03 17:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-08-03 17:33 . 2010-08-03 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-08-03 17:33 . 2010-08-03 17:33 -------- d-----w- c:\program\Hitman Pro 3.5

2010-08-02 14:53 . 2010-08-02 14:53 0 ----a-w- c:\windows\nsreg.dat

2010-08-02 07:26 . 2010-08-02 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-02 06:37 . 2010-08-02 06:31 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-08-02 06:19 . 2009-11-03 19:43 -------- d-----w- c:\program\HP

2010-08-02 06:17 . 2009-11-03 19:51 -------- d-----w- c:\program\Delade filer\HP

2010-08-02 06:16 . 2010-08-02 06:16 -------- d-----w- c:\program\Delade filer\Java

2010-08-02 06:15 . 2009-10-26 08:11 -------- d-----w- c:\program\Java

2010-07-24 11:09 . 2010-07-24 11:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-07-23 11:53 . 2010-07-23 11:53 -------- d-----w- c:\program\Alwil Software

2010-07-20 08:30 . 2009-12-31 16:55 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 04:41 . 2009-10-28 17:21 -------- d-----w- c:\program\Norman

2010-07-19 20:04 . 2009-10-31 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-07-17 03:00 . 2010-08-02 06:16 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-12 08:56 . 2010-07-24 11:09 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

2010-07-12 08:55 . 2010-03-25 06:40 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-07-12 08:55 . 2010-07-19 20:22 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-23 20:49 . 2008-04-15 12:00 92094 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-23 20:49 . 2008-04-15 12:00 463742 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-16 19:16 . 2010-06-16 19:16 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

2010-06-14 14:31 . 2009-10-22 12:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2010-07-20_11.40.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2010-09-08 20:04 . 2010-09-08 20:04 16384 c:\windows\temp\Perflib_Perfdata_69c.dat

+ 2010-07-24 11:22 . 2010-07-12 08:55 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys

- 2009-11-18 11:52 . 2010-01-24 12:32 16168 c:\windows\system32\drivers\wacmoumonitor.sys

+ 2009-11-18 11:52 . 2009-08-27 13:06 16168 c:\windows\system32\drivers\wacmoumonitor.sys

+ 2001-09-06 19:55 . 2001-09-06 17:55 12160 c:\windows\system32\drivers\mouhid.sys

- 2001-09-06 19:55 . 2001-09-06 18:55 12160 c:\windows\system32\drivers\mouhid.sys

+ 2008-04-14 21:03 . 2008-04-14 19:03 23296 c:\windows\system32\drivers\mouclass.sys

- 2008-04-14 21:03 . 2008-04-14 20:03 23296 c:\windows\system32\drivers\mouclass.sys

- 2001-09-06 19:55 . 2001-09-06 18:55 12160 c:\windows\system32\dllcache\mouhid.sys

+ 2001-09-06 19:55 . 2001-09-06 17:55 12160 c:\windows\system32\dllcache\mouhid.sys

- 2008-04-14 21:03 . 2008-04-14 20:03 23296 c:\windows\system32\dllcache\mouclass.sys

+ 2008-04-14 21:03 . 2008-04-14 19:03 23296 c:\windows\system32\dllcache\mouclass.sys

+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

- 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2009-11-13 14:56 . 2010-07-21 17:13 144476 c:\windows\system32\Restore\rstrlog.dat

+ 2010-07-24 05:44 . 2010-07-24 05:44 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe

+ 2010-08-02 06:16 . 2010-07-17 03:00 153376 c:\windows\system32\javaws.exe

- 2009-10-26 08:38 . 2009-07-25 04:23 145184 c:\windows\system32\javaw.exe

+ 2010-08-02 06:16 . 2010-07-17 03:00 145184 c:\windows\system32\javaw.exe

- 2009-10-26 08:38 . 2009-07-25 04:23 145184 c:\windows\system32\java.exe

+ 2010-08-02 06:15 . 2010-07-17 03:00 145184 c:\windows\system32\java.exe

+ 2010-07-23 11:53 . 2010-07-23 11:53 219648 c:\windows\Installer\a68730.msi

+ 2010-08-02 06:16 . 2010-08-02 06:16 180224 c:\windows\Installer\1ca14.msi

+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2010-08-30 09:36 . 2009-11-24 09:25 1823528 c:\windows\system32\WTablet\Wacom_TabletUser.exe

+ 2010-07-24 05:44 . 2010-07-24 05:44 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2009-10-22 14:15 . 2010-09-04 15:10 3496168 c:\windows\system32\FNTCACHE.DAT

+ 2010-07-24 11:09 . 2010-07-24 11:09 1866752 c:\windows\Installer\1b4db.msi

+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\145356.msp

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]

"nwiz"="nwiz.exe" [2007-11-06 1626112]

"VolPanel"="c:\program\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AdobeCS4ServiceManager"="c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2010-03-17 421888]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2010-04-28 142120]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-30 110592]

Windows Search.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ lsdelete

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program\\BitComet\\BitComet.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\Warcraft II BNE\\Warcraft II BNE.exe"=

"c:\\Program\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program\\DC++\\DCPlusPlus.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"7303:TCP"= 7303:TCP:BitComet 7303 TCP

"7303:UDP"= 7303:UDP:BitComet 7303 UDP

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-03-25 64288]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-08-30 4463400]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-10-23 39424]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-06-04 171032]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-06-04 1324056]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-06-04 72728]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1355928]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program\Delade filer\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-23 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-06-04 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-06-04 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-06-04 72728]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program\Lavasoft\Ad-Aware\kernexplorer.sys [2010-08-12 15008]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-11-18 16168]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-02 691696]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 20:10]

 

2010-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

 

2010-09-08 c:\windows\Tasks\User_Feed_Synchronization-{8549F50F-53DC-4CE4-A61C-F9C05D34D743}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

mWindow Title = Erhållen av Wermlandsdata

uInternet Settings,ProxyOverride = <local>

IE: &D&ownload &with BitComet - c:\program\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program\BitComet\BitComet.exe/AddAllLink.htm

DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} - hxxp://www.commandondemand.com/eval/cod/cabs/cssweb.cab

DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab

FF - ProfilePath - c:\documents and settings\Anvädaren\Application Data\Mozilla\Firefox\Profiles\40amxa4k.default\

FF - plugin: c:\program\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program\TabletPlugins\npwacom.dll

FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-08 22:15

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(516)

c:\program\Delade filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

 

- - - - - - - > 'explorer.exe'(3892)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Sluttid: 2010-09-08 22:16:36

ComboFix-quarantined-files.txt 2010-09-08 20:16

ComboFix2.txt 2010-08-20 14:22

ComboFix3.txt 2010-08-19 06:29

ComboFix4.txt 2010-08-15 09:55

ComboFix5.txt 2010-09-08 20:09

 

Före genomsökningen: 11 699 822 592 byte ledigt

Efter genomsökningen: 14 975 672 320 byte ledigt

 

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - F739E5C72113BFFAF21DAA7AE0E83967

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB96A3000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 7430144 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 169.06 )

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5771264 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 169.06 )

0xB6E68000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4546560 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT:s kernel och system)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Win32-drivrutin för flera användare)

0xB2860000 C:\WINDOWS\System32\drivers\CTEXFIFX.SYS 1339392 bytes (Creative Technology Ltd., Creative XFi Effects)

0xB2ADD000 C:\WINDOWS\system32\drivers\ha20x2k.sys 1191936 bytes (Creative Technology Ltd, Creative 20X HAL (WDM))

0xB29E8000 C:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))

0xB9E48000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xB95C4000 C:\WINDOWS\system32\drivers\ctaud2k.sys 520192 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)

0xB26A1000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB93E6000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xB27D4000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB1EA4000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB1560000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB9548000 C:\WINDOWS\system32\drivers\ctoss2k.sys 217088 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))

0xB2AAD000 C:\WINDOWS\system32\drivers\emupia2k.sys 196608 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))

0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-drivrutin för NT)

0xB2024000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB9E1B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB29A7000 C:\WINDOWS\System32\drivers\CT20XUT.SYS 180224 bytes (Creative Technology Ltd., Creative 20X Utility Effects)

0xB082F000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xB2711000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB2A84000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))

0xB9667000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xB275E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB2786000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xB95A0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB9643000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB957D000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xB273C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB9F11000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, Drivrutin för FT Disk)

0xB9E01000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB9F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB2661000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xB9EE8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB951D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xB29D3000 C:\WINDOWS\System32\drivers\CTHWIUT.SYS 86016 bytes (Creative Technology Ltd., Creative Utility Effects)

0xB1DC7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB9534000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Drivrutin för parallellport)

0xB968F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xB282D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xB9ED5000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xB9EFF000 sr.sys 73728 bytes (Microsoft Corporation, Filterdrivrutin för Systemåterställning)

0xB1FC3000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)

0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare)

0xB9444000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xBA188000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xBA248000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xBA238000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Seriell drivrutin)

0xBA228000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xBA0F8000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)

0xBA258000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Drivrutin för Redbook-ljudfilter)

0xB1F83000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xBA2E8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBA218000 C:\WINDOWS\system32\DRIVERS\l151x86.sys 57344 bytes (Atheros Communications Inc., Atheros L1 Gigabit Ethernet 10/100/1000Base-T Driver)

0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xBA288000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Drivrutin för ögonblicksbilder av volymer)

0xB22D9000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))

0xBA2A8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xBA168000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Drivrutin för FIPS-krypto)

0xBA268000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA298000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xBA208000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Drivrutin för processor)

0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bussdrivrutin)

0xBA2D8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA108000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xBA2C8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xBA278000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xBA2B8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xBA158000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB1F53000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xBA318000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xBA398000 C:\DOCUME~1\ANVDAR~1\LOKALA~1\Temp\catchme.sys 32768 bytes

0xBA3C8000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))

0xBA458000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xBA460000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xBA410000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)

0xBA3E0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xBA400000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin)

0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xBA480000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xBA3D8000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xBA478000 C:\DOCUME~1\ANVDAR~1\LOKALA~1\Temp\mbr.sys 24576 bytes

0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Musklassdrivrutin)

0xBA3B8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xBA448000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xBA450000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xBA3F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xBA3F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xBA3E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xBA488000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xB6E08000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus)

0xBA588000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xB23A9000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA568000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xB9459000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xB6E24000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xBA594000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus)

0xBA57C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xBA59C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xBA578000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)

0xBA5C6000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)

0xBA5E2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xBA5FC000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xBA5E0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xBA5E4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xBA5BA000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Parallellportsdrivrutin för VDM)

0xBA5EE000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes

0xBA5E6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xBA5C8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xBA5D8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA791000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA758000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xBA78F000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE-bussdrivrutin)

==============================================

>Stealth

==============================================

Länk till kommentar
Dela på andra webbplatser

Nu ser loggen från Rootkit Unhooker jättefin ut! :)

 

Uppdatera MBAM och gör en snabbskanning. Du behöver bara klistra in loggen om något hittas.

 

Installera ett antivirusprogram och sök igenom datorn med det. Om något hittas så klistra in loggen.

 

Klistra in nya DDS-loggar för en sista genomgång.

Länk till kommentar
Dela på andra webbplatser

Han körde en MBAM på en gång efter igår och då hittade den en fil som den tog bort, och idag hittade den ingenting.

 

 

 

 

 

 

 

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Anv„daren at 17:24:25,06 on 2010-09-09

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2047.1157 [GMT 2:00]

 

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\Program\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Creative\Volume Panel\VolPanlu.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\ALWILS~1\Avast5\avastUI.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\Shared Files\CTAudSvc.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Anvädaren\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

mWindow Title = Erhållen av Wermlandsdata

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program\bitcomet\tools\BitCometBHO_1.3.7.16.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot - search & destroy\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [spybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Creative AutoUpdate v1.40.01)" -"http://www.blip.se/rsbitch/bitch_v3.asp"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [VolPanel] "c:\program\creative\volume panel\VolPanlu.exe" /r

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [AdobeCS4ServiceManager] "c:\program\delade filer\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [avast5] c:\program\alwils~1\avast5\avastUI.exe /nogui

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\windows desktop search\WindowsSearch.exe

IE: &D&ownload &with BitComet - c:\program\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program\bitcomet\BitComet.exe/AddAllLink.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot - search & destroy\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} - hxxp://www.commandondemand.com/eval/cod/cabs/cssweb.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256545002890

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15109/CTPID.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\anvdar~1\applic~1\mozilla\firefox\profiles\40amxa4k.default\

FF - plugin: c:\documents and settings\anvã¤daren\lokala instã¤llningar\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\mpcstar\codecs\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program\mpcstar\codecs\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program\tabletplugins\npwacom.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-25 64288]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-8 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-8 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-26 54752]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355928]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-8-30 4463400]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-10-23 39424]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program\delade filer\creative labs shared\service\CTAELicensing.exe [2009-10-23 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-11-18 16168]

 

=============== Created Last 30 ================

 

2010-09-08 20:24:35 38848 ----a-w- c:\windows\avastSS.scr

2010-09-01 19:46:51 61263 ----a-w- c:\docume~1\anvdar~1\applic~1\Anvädaren3SQLite3.dll

2010-08-30 09:38:49 0 d-----w- c:\docume~1\anvdar~1\applic~1\WTablet

2010-08-30 09:38:33 7892776 ----a-w- c:\windows\system32\WacomTablet.cpl

2010-08-30 09:38:33 1653980 ----a-w- c:\windows\system32\WacomTablet.znc

2010-08-30 09:37:49 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys

2010-08-30 09:37:33 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys

2010-08-30 09:36:49 0 d-----w- c:\windows\system32\WTablet

2010-08-30 09:36:37 4463400 ----a-w- c:\windows\system32\Wacom_Tablet.exe

2010-08-30 09:36:37 412456 ----a-w- c:\windows\system32\Wacom_Tablet.dll

2010-08-30 09:36:37 285184 ----a-w- c:\windows\system32\Wintab32.dll

2010-08-30 09:36:32 0 d-----w- c:\program\Tablet

 

==================== Find3M ====================

 

2010-09-09 06:23:22 12845056 ----a-w- c:\documents and settings\anvädaren\ntuser.dat

2010-09-08 20:32:09 92094 ----a-w- c:\windows\system32\perfc01D.dat

2010-09-08 20:32:09 463742 ----a-w- c:\windows\system32\perfh01D.dat

2010-09-04 18:53:29 1413 ---ha-w- c:\docume~1\anvdar~1\applic~1\Anvädarenlog.dat

2010-09-04 04:34:43 67696 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-08-03 17:34:03 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-12 08:55:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-30 12:33:09 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:27:44 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02:52 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:51 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:43:35 1172480 ----a-w- c:\windows\system32\msxml3.dll

2006-06-23 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

2009-12-31 15:26:12 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

 

============= FINISH: 17:24:45,51 ===============

 

 

 

 

 

 

 

 

 

 

 

 

 

 

och

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4572

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-09-08 20:58:15

mbam-log-2010-09-08 (20-58-15).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 267531

Förfluten tid: 1 timme(ar), 5 minut(er), 37 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Documents and Settings\Anvädaren\Skrivbord\Virus Attack\dumpfiles\ldr32 (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Länk till kommentar
Dela på andra webbplatser

MBAM hittade ju en av dumpfilerna så det gör ju ingenting. Har Avast hittat något vid en ordentlig genomsökning?

 

Klistra in Attach-loggen som DDS skapar också.

 

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg9\avgssie.dll

Något kvar av AVG att avinstallera i Lägg till och ta bort program?

Kör därefter AVG Remover (32 bit), som finns på http://www.avg.com/us-en/download-tools , för att ta bort rester som kan finnas kvar.

Länk till kommentar
Dela på andra webbplatser

Avast hittade en grej;

 

C:\System Volume Information\_restore{EF285882-231C-4C1A-A3D4-3944938805B3}\RP57\A0025989.exe

Hot: Win32:Rootkit-gen [Rtk]

 

 

Han har kört AVG resnings programmet men kunde inte se att de tog bort nåt, som han märkte iaf.

Attach.txt

Länk till kommentar
Dela på andra webbplatser

Om mappen c:\program\avg fortfarande finns kvar så ta bort den.

 

Det som Avast hittade var inte aktivt i datorn utan låg bland systemåterställningspunkterna.

 

Nu återstår bara en sista städomgång:

 

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

XP:

Start - Program- Tillbehör - Systemverktyg - Systemåterställning

Välj att skapa en ny återställningspunkt och tryck på Nästa.

Vista och Windows 7:

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

 

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och ComboFix m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

 

3. Spara TFC av OldTimer på Skrivbordet.

http://oldtimer.geekstogo.com/TFC.exe

 

Stäng alla program och fönster.

Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).

Klicka på Start-knappen för att starta städningen.

Det kan ta några minuter och låt datorn vara ifred under tiden.

 

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv. Ta bort TFC-filen.

 

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

5. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://sites.google.com/site/ceblstockholm/home

Det är viktigt att du kör Secunias kontroll som jag skriver om för det finns en del gamla programversioner med säkerhetshål i datorn.

Länk till kommentar
Dela på andra webbplatser

Sådär, nu har han kommit hem från sin affärs dret han varit på och fixat alla stegen.

 

Då är allt klart nu? :)

Länk till kommentar
Dela på andra webbplatser

Oj, otroligt tuuuuuuuuuuuuuuuuuuuuuusen tack för all din enastående hjälp och tålamod!! :)

Både jag och framför allt speciellt min bror är så oerhört tacksamma!

Du har räddat massa viktiga filer kan jag säga. :)

 

 

Tusen tack igen, mega tack från oss båda. :)

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...