Just nu i M3-nätverket
Gå till innehåll

En massa virus på en gång


Ziner

Rekommendera Poster

Ta det lugnt, du behöver inte stressa upp dig. :)

Det är bara att frågan om det är något du inte tycker stämmer.

 

uInternet Settings,ProxyServer = http=127.0.0.1:5643

Ändrade du proxyserver-inställningen förut?

Har den ändrats tillbaka?

 

Om du har startat om datorn efter att du körde ComboFix kan inte ComboFix hålla kvar i

drivrutinen till Daemon Tools. Om Defogger inte verkar fungera så bry dig inte om det.

 

Ta bort den ComboFix du har och ladda ner en ny:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Kopiera alla rader i rutan:

Killall::
Rootkit::
c:\windows\system32\drivers\cqaanwgy.sys

och klistra in i Anteckningar. Se till att det ser likadant ut som här, t ex tre rader.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Länk till kommentar
Dela på andra webbplatser

  • Svars 195
  • Skapad
  • Senaste svar

Nej, jag har inte mixtrat med proxyinställningarna, och när jag kollar inställningarna ser det ok ut nu, dvs proxy är inte förbockat. Ingenting är markerat rättare sagt. Det är en bärbar märkesdator, Fujitsu, ocg den är drygt 3 år, kanske 4. Grafikkort är bytt en gång men inget annat. Har alltid kört windows. Nä, jag får fortsätta i morgon. Jag är inte alltför uppstressad. Det verkar ju gå åt rätt håll. Vi hörs! Tack så här långt!

Länk till kommentar
Dela på andra webbplatser

Jag är inte alltför uppstressad.
Bra! :)

 

Den nya versionen av MBRCheck har just lämnat beta-stadiet så nu finns den nya versionen på den normala länken http://ad13.geekstogo.com/MBRCheck.exe

 

MBRCheck rapporterade förut

\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive1

\\.\J: --> \\.\PhysicalDrive2

C: är hårddisken där Windows ligger. Är D: och J: externa hårddiskar eller är D: en till intern hårddisk?

Länk till kommentar
Dela på andra webbplatser

Jaha, jag har nu kört nya Combofix med det där scriptet.

C och D är hårddiskarna i datorn. J är extern. Ska köra ny MBRcheck snart.

 

ComboFix 10-08-01.02 - Fam. 2010-08-02 15:21:51.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1584 [GMT 2:00]

Körs från: c:\documents and settings\Fam.Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Fam.\Skrivbord\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-07-02 till 2010-08-02 ))))))))))))))))))))))))))))))

.

 

2010-07-31 08:36 . 2010-07-31 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\Fam.\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-20 11:05 . 2010-07-20 11:05 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-----r- c:\documents and settings\LocalService\Favoriter

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-20 10:58 . 2010-07-20 12:59 -------- d-----w- c:\documents and settings\Fam.\Application Data\ECBA931296363342F00047F686F43CA9

2010-07-17 07:07 . 2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-05 20:11 . 2010-07-05 20:11 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-01 06:56 . 2006-09-15 08:08 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-07-31 21:03 . 2006-09-15 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-31 06:40 . 2009-06-22 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-07-30 18:19 . 2007-12-03 17:32 10134 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe

2010-07-30 17:57 . 2006-05-14 22:15 -------- d-----w- c:\documents and settings\Fam.\Application Data\uTorrent

2010-07-21 11:11 . 2009-11-29 15:02 -------- d-----w- c:\documents and settings\Fam.\Application Data\Spotify

2010-07-21 06:59 . 2010-07-21 06:59 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 06:59 . 2010-07-21 06:59 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 06:59 . 2010-07-21 06:59 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-21 04:19 . 2006-09-28 19:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-20 15:51 . 2009-11-03 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-17 07:08 . 2010-07-17 07:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-17 07:08 . 2010-07-17 07:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-17 07:07 . 2009-06-22 08:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 07:07 . 2009-06-22 08:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-17 07:06 . 2010-07-17 07:06 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-17 07:06 . 2010-07-17 07:06 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-17 07:06 . 2010-07-17 07:06 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-17 07:06 . 2010-07-17 07:06 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-06-27 17:58 . 2010-06-27 17:58 -------- d-----w- c:\documents and settings\Fam.\Application Data\Sonic Solutions

2010-06-25 18:03 . 2006-04-19 17:02 465410 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-25 18:03 . 2006-04-19 17:02 101610 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 12:15 . 2006-05-15 11:34 7516 ----a-w- c:\documents and settings\Fam.\Application Data\wklnhst.dat

2010-06-14 14:30 . 2006-04-19 15:25 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 20:03 . 2010-06-11 20:03 -------- d-----w- c:\program\FLV Player

2010-06-06 14:50 . 2007-11-17 21:53 -------- d-----w- c:\program\Pettson3

2010-06-02 14:07 . 2009-06-22 08:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 11:12 . 2010-05-25 11:12 503808 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcp71.dll

2010-05-25 11:12 . 2010-05-25 11:12 499712 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\jmc.dll

2010-05-25 11:12 . 2010-05-25 11:12 348160 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcr71.dll

2010-05-07 11:02 . 2010-05-07 11:02 655360 ----a-w- c:\documents and settings\Fam.Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-05-07 11:02 . 2010-05-07 11:02 282624 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-05-07 11:02 . 2010-05-07 11:02 208896 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_dsp.dll

2010-05-06 10:36 . 2006-04-19 17:02 916480 ----a-w- c:\windows\system32\wininet.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="c:\program\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Polar Sync"="" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-19 7405568]

"nwiz"="nwiz.exe" [2008-05-19 1519616]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]

"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-15 57344]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]

"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 364544]

"Bredbandscenter"="c:\program\Glocalnet\Bredbandscenter\Launcher.exe" [2008-01-29 808104]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-09 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Fam.\Start-meny\Program\Autostart\

Last.fm Helper.lnk - c:\program\Last.fm\LastFMHelper.exe [2008-1-5 106496]

Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

Picture Motion Browser verktyg f”r mediekontroll.lnk - c:\program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-5 385024]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-4 939920]

WD Backup Monitor.lnk - c:\program\My Book\WD Backup\uBBMonitor.exe [2007-12-3 98304]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-4-5 494920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\utorrent.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\Fam.\Skrivbord\\Spotify Installer.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-22 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-22 243024]

R1 NGS;Norman General Security Driver;c:\norman\NVC\Bin\ngs.sys [2009-02-28 22712]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe [2008-01-17 1055912]

R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2010-02-25 18240]

R2 GlocalnetBredbandClientService;Glocalnet Bredband;c:\program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe [2007-07-25 1034240]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-04-09 867536]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

S2 gztlxuyx;IP Traffic Filter Support;c:\windows\System32\svchost.exe -k netsvcs [2006-04-19 14336]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2010-04-06 20736]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-04 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-04 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-04 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-04 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-04 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-04 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-04 90800]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-01-25 163840]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-06 643072]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

gztlxuyx

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

 

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:5643

IE: &Yahoo! Search - file:///c:\program\Yahoo!\Common/ycsrch.htm

IE: E&xportera till Microsoft Excel - c:\program\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program\Yahoo!\Common/ycsms.htm

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://hembanken.danskebank.se/html/activex/OEB/Menu.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-02 15:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A2DB4C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f377b4

\Driver\iaStor -> iaStor.sys @ 0xb9e6db58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0

PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21

SendHandler -> NDIS.sys @ 0xb9d0387b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-667845635-2202822803-230670660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,da,6a,1f,18,4e,79,a5,b3,e0,fa,c5,00,be,95,3a,95,1f,e6,2a,43,16,b0,

0b,b7,15,6e,ad,1d,0a,f6,46,98,3e,9e,e1,e6,45,98,21,40,77,c2,47,8e,ff,b9,bd,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(3616)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\AVG\AVG9\avgchsvx.exe

c:\program\AVG\AVG9\avgrsx.exe

c:\program\AVG\AVG9\avgcsrvx.exe

c:\program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Delade filer\EPSON\EBAPI\SAgent2.exe

c:\program\AVG\AVG9\avgnsx.exe

c:\program\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\SOUNDMAN.EXE

c:\windows\sm56hlpr.exe

c:\windows\system32\WDBtnMgr.exe

c:\program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Sluttid: 2010-08-02 15:48:37 - datorn startades om.

ComboFix-quarantined-files.txt 2010-08-02 13:48

ComboFix2.txt 2010-08-01 18:43

ComboFix3.txt 2010-08-01 15:30

ComboFix4.txt 2010-08-01 13:38

ComboFix5.txt 2010-08-02 12:44

 

Före genomsökningen: 10 263 392 256 byte ledigt

Efter genomsökningen: 10 271 895 552 byte ledigt

 

- - End Of File - - E5802B050CD109A2F95962FD702C45D0

ComboFix.txt

 

Ser det bättre ut? Hittade rootkitaktivitet igen.

Länk till kommentar
Dela på andra webbplatser

Har du en dator med dual-boot eller har du haft något annat än Windows, t ex Linux i datorn (eller på den hårddisken) förut?

 

Det var inte C:\mbrziner.dmp1 du laddade upp utan loggfilen som du också bifogade. Så ladda upp dumpfilen i stället :)

 

---------------------

 

Vad är "Polar Sync" för program?

Länk till kommentar
Dela på andra webbplatser

Aldrig haft annat än windows. Vet inte ens vad "dual boot" är.

http://www.sendspace.com/file/frqlha'>http://www.sendspace.com/file/frqlha

<a href='http://www.sendspace.com/file/frqlha'>http://www.sendspace.com/file/frqlha</a>

http://www.sendspace.com/file/frqlha

 

Såja, det var nog bättre.

 

Polar sync är ett program från Polar. Ansluter pulsklockan till datorn. Inget skumt.

Länk till kommentar
Dela på andra webbplatser

Log- och dumpfilerna från MBRCheck har jag skickat vidare till a_d_13.

 

Dags för nästa rensningsomgång. Kopiera alla rader i rutan:

Killall::
Driver::
gztlxuyx
Netsvc::
gztlxuyx
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643
Folder::
c:\documents and settings\Fam.Zingmark.Terning\Application Data\ECBA931296363342F00047F686F43CA9

och klistra in i Anteckningar. Kontrollera att det ser likadant ut.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Länk till kommentar
Dela på andra webbplatser

Jaha. Så var det dags igen. Fascinerande allt detta. Det här är långt över mitt huvud.

 

ComboFix.txt

ComboFix 10-08-01.02 - Fam. 2010-08-03 9:20.6.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1579 [GMT 2:00]

Körs från: c:\documents and settings\Fam.\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Fam.\Skrivbord\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GZTLXUYX

-------\Service_gztlxuyx

 

 

(((((((((((((((((((((((( Filer Skapade från 2010-07-03 till 2010-08-03 ))))))))))))))))))))))))))))))

.

 

2010-07-31 08:36 . 2010-07-31 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-07-21 06:59 . 2010-07-21 06:59 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 06:59 . 2010-07-21 06:59 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 06:59 . 2010-07-21 06:59 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\Fam.\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-20 11:05 . 2010-07-20 11:05 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-----r- c:\documents and settings\LocalService\Favoriter

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-20 10:58 . 2010-07-20 12:59 -------- d-----w- c:\documents and settings\Fam.\Application Data\ECBA931296363342F00047F686F43CA9

2010-07-17 07:08 . 2010-07-17 07:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-17 07:08 . 2010-07-17 07:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-17 07:07 . 2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 07:06 . 2010-07-17 07:06 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-17 07:06 . 2010-07-17 07:06 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-17 07:06 . 2010-07-17 07:06 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-17 07:06 . 2010-07-17 07:06 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-07-05 20:11 . 2010-07-05 20:11 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-03 04:43 . 2006-09-28 19:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-01 06:56 . 2006-09-15 08:08 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-07-31 21:03 . 2006-09-15 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-31 06:40 . 2009-06-22 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-07-30 18:19 . 2007-12-03 17:32 10134 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe

2010-07-30 17:57 . 2006-05-14 22:15 -------- d-----w- c:\documents and settings\Fam.\Application Data\uTorrent

2010-07-21 11:11 . 2009-11-29 15:02 -------- d-----w- c:\documents and settings\Fam.\Application Data\Spotify

2010-07-20 15:51 . 2009-11-03 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-17 07:07 . 2009-06-22 08:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 07:07 . 2009-06-22 08:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-27 17:58 . 2010-06-27 17:58 -------- d-----w- c:\documents and settings\Fam.\Application Data\Sonic Solutions

2010-06-25 18:03 . 2006-04-19 17:02 465410 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-25 18:03 . 2006-04-19 17:02 101610 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 12:15 . 2006-05-15 11:34 7516 ----a-w- c:\documents and settings\Fam.\Application Data\wklnhst.dat

2010-06-14 14:30 . 2006-04-19 15:25 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 20:03 . 2010-06-11 20:03 -------- d-----w- c:\program\FLV Player

2010-06-06 14:50 . 2007-11-17 21:53 -------- d-----w- c:\program\Pettson3

2010-06-02 14:07 . 2009-06-22 08:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 11:12 . 2010-05-25 11:12 503808 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcp71.dll

2010-05-25 11:12 . 2010-05-25 11:12 499712 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\jmc.dll

2010-05-25 11:12 . 2010-05-25 11:12 348160 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcr71.dll

2010-05-07 11:02 . 2010-05-07 11:02 655360 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-05-07 11:02 . 2010-05-07 11:02 282624 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-05-07 11:02 . 2010-05-07 11:02 208896 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_dsp.dll

2010-05-06 10:36 . 2006-04-19 17:02 916480 ----a-w- c:\windows\system32\wininet.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="c:\program\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Polar Sync"="" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-19 7405568]

"nwiz"="nwiz.exe" [2008-05-19 1519616]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]

"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-15 57344]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]

"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 364544]

"Bredbandscenter"="c:\program\Glocalnet\Bredbandscenter\Launcher.exe" [2008-01-29 808104]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-09 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Fam.\Start-meny\Program\Autostart\

Last.fm Helper.lnk - c:\program\Last.fm\LastFMHelper.exe [2008-1-5 106496]

Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

Picture Motion Browser verktyg f”r mediekontroll.lnk - c:\program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-5 385024]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-4 939920]

WD Backup Monitor.lnk - c:\program\My Book\WD Backup\uBBMonitor.exe [2007-12-3 98304]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-4-5 494920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\utorrent.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\Fam.\\Skrivbord\\Spotify Installer.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-22 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-22 243024]

R1 NGS;Norman General Security Driver;c:\norman\NVC\Bin\ngs.sys [2009-02-28 22712]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe [2008-01-17 1055912]

R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2010-02-25 18240]

R2 GlocalnetBredbandClientService;Glocalnet Bredband;c:\program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe [2007-07-25 1034240]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-04-09 867536]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2010-04-06 20736]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-04 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-04 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-04 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-04 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-04 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-04 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-04 90800]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-01-25 163840]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-06 643072]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

 

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

IE: &Yahoo! Search - file:///c:\program\Yahoo!\Common/ycsrch.htm

IE: E&xportera till Microsoft Excel - c:\program\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program\Yahoo!\Common/ycsms.htm

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://hembanken.danskebank.se/html/activex/OEB/Menu.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-03 09:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A2AB4C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f377b4

\Driver\iaStor -> iaStor.sys @ 0xb9e6db58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0

PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21

SendHandler -> NDIS.sys @ 0xb9d0387b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-667845635-2202822803-230670660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,da,6a,1f,18,4e,79,a5,b3,e0,fa,c5,00,be,95,3a,95,1f,e6,2a,43,16,b0,

0b,b7,15,6e,ad,1d,0a,f6,46,98,3e,9e,e1,e6,45,98,21,40,77,c2,47,8e,ff,b9,bd,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(3092)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program\Bonjour\mdnsNSP.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\AVG\AVG9\avgchsvx.exe

c:\program\AVG\AVG9\avgrsx.exe

c:\program\AVG\AVG9\avgcsrvx.exe

c:\program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Delade filer\EPSON\EBAPI\SAgent2.exe

c:\program\AVG\AVG9\avgnsx.exe

c:\program\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\SOUNDMAN.EXE

c:\windows\sm56hlpr.exe

c:\windows\system32\WDBtnMgr.exe

c:\program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Sluttid: 2010-08-03 09:45:25 - datorn startades om.

ComboFix-quarantined-files.txt 2010-08-03 07:45

ComboFix2.txt 2010-08-02 13:48

ComboFix3.txt 2010-08-01 18:43

ComboFix4.txt 2010-08-01 15:30

ComboFix5.txt 2010-08-02 14:23

 

Före genomsökningen: 10 114 994 176 byte ledigt

Efter genomsökningen: 10 110 185 472 byte ledigt

 

- - End Of File - - 4B25782F3252B94A9036A5E4C5E4AF03

Länk till kommentar
Dela på andra webbplatser

Är SoftICE något du använder?

http://sv.wikipedia.org/wiki/SoftICE

 

Kör Normans städprogram för det finns rester av Norman i datorn.

http://www.norman.com/support/support_issue_archive/67798/se

 

Starta om datorn.

 

Kopiera alla rader i rutan:

Folder::
c:\documents and settings\Fam.Zingmark.Terning\Application Data\ECBA931296363342F00047F686F43CA9
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Länk till kommentar
Dela på andra webbplatser

¨Kunde tyvärr inte köra det där lilla programmet som skulle ta bort resterna av Norman. När jag försökte stod det att det inte kunde hitta någon Norman virus control.

Vet inte vad Soft Ice är. Använder det i alla fall inte. Tack för all hjälp så här långt. :thumbsup: Hur ser det ut nu?

 

 

ComboFix 10-08-01.02 - Fam.2010-08-04 9:40.7.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1590 [GMT 2:00]

Körs från: c:\documents and settings\Fam.Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Fam.Skrivbord\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-07-04 till 2010-08-04 ))))))))))))))))))))))))))))))

.

 

2010-07-31 08:36 . 2010-07-31 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-07-21 06:59 . 2010-07-21 06:59 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 06:59 . 2010-07-21 06:59 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 06:59 . 2010-07-21 06:59 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\Fam.\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-20 11:05 . 2010-07-20 11:05 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-----r- c:\documents and settings\LocalService\Favoriter

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-20 10:58 . 2010-07-20 12:59 -------- d-----w- c:\documents and settings\Fam.\Application Data\ECBA931296363342F00047F686F43CA9

2010-07-17 07:08 . 2010-07-17 07:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-17 07:08 . 2010-07-17 07:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-17 07:07 . 2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 07:06 . 2010-07-17 07:06 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-17 07:06 . 2010-07-17 07:06 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-17 07:06 . 2010-07-17 07:06 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-17 07:06 . 2010-07-17 07:06 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-07-05 20:11 . 2010-07-05 20:11 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-03 04:43 . 2006-09-28 19:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-01 06:56 . 2006-09-15 08:08 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-07-31 21:03 . 2006-09-15 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-31 06:40 . 2009-06-22 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-07-30 18:19 . 2007-12-03 17:32 10134 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe

2010-07-30 17:57 . 2006-05-14 22:15 -------- d-----w- c:\documents and settings\Fam.Application Data\uTorrent

2010-07-21 11:11 . 2009-11-29 15:02 -------- d-----w- c:\documents and settings\Fam.\Application Data\Spotify

2010-07-20 15:51 . 2009-11-03 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-17 07:07 . 2009-06-22 08:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 07:07 . 2009-06-22 08:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-27 17:58 . 2010-06-27 17:58 -------- d-----w- c:\documents and settings\Fam.\Application Data\Sonic Solutions

2010-06-25 18:03 . 2006-04-19 17:02 465410 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-25 18:03 . 2006-04-19 17:02 101610 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 12:15 . 2006-05-15 11:34 7516 ----a-w- c:\documents and settings\Fam.\Application Data\wklnhst.dat

2010-06-14 14:30 . 2006-04-19 15:25 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 20:03 . 2010-06-11 20:03 -------- d-----w- c:\program\FLV Player

2010-06-06 14:50 . 2007-11-17 21:53 -------- d-----w- c:\program\Pettson3

2010-06-02 14:07 . 2009-06-22 08:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 11:12 . 2010-05-25 11:12 503808 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcp71.dll

2010-05-25 11:12 . 2010-05-25 11:12 499712 ----a-w- c:\documents and settings\Fam.Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\jmc.dll

2010-05-25 11:12 . 2010-05-25 11:12 348160 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcr71.dll

2010-05-07 11:02 . 2010-05-07 11:02 655360 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-05-07 11:02 . 2010-05-07 11:02 282624 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-05-07 11:02 . 2010-05-07 11:02 208896 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_dsp.dll

2010-05-06 10:36 . 2006-04-19 17:02 916480 ----a-w- c:\windows\system32\wininet.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-08-01_15.26.27 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-08-04 07:35 . 2010-08-04 07:35 16384 c:\windows\temp\Perflib_Perfdata_604.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="c:\program\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Polar Sync"="" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-19 7405568]

"nwiz"="nwiz.exe" [2008-05-19 1519616]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]

"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-15 57344]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]

"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 364544]

"Bredbandscenter"="c:\program\Glocalnet\Bredbandscenter\Launcher.exe" [2008-01-29 808104]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-09 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Fam.\Start-meny\Program\Autostart\

Last.fm Helper.lnk - c:\program\Last.fm\LastFMHelper.exe [2008-1-5 106496]

Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

Picture Motion Browser verktyg f”r mediekontroll.lnk - c:\program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-5 385024]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-4 939920]

WD Backup Monitor.lnk - c:\program\My Book\WD Backup\uBBMonitor.exe [2007-12-3 98304]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-4-5 494920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\utorrent.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\Fam.\Skrivbord\\Spotify Installer.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-22 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-22 243024]

R1 NGS;Norman General Security Driver;c:\norman\NVC\Bin\ngs.sys [2009-02-28 22712]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe [2008-01-17 1055912]

R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2010-02-25 18240]

R2 GlocalnetBredbandClientService;Glocalnet Bredband;c:\program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe [2007-07-25 1034240]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-04-09 867536]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2010-04-06 20736]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-04 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-04 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-04 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-04 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-04 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-04 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-04 90800]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-01-25 163840]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-06 643072]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

 

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

IE: &Yahoo! Search - file:///c:\program\Yahoo!\Common/ycsrch.htm

IE: E&xportera till Microsoft Excel - c:\program\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program\Yahoo!\Common/ycsms.htm

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://hembanken.danskebank.se/html/activex/OEB/Menu.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-04 09:52

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89985B4C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f377b4

\Driver\iaStor -> iaStor.sys @ 0xb9e6db58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0

PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21

SendHandler -> NDIS.sys @ 0xb9d0387b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-667845635-2202822803-230670660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,da,6a,1f,18,4e,79,a5,b3,e0,fa,c5,00,be,95,3a,95,1f,e6,2a,43,16,b0,

0b,b7,15,6e,ad,1d,0a,f6,46,98,3e,9e,e1,e6,45,98,21,40,77,c2,47,8e,ff,b9,bd,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Sluttid: 2010-08-04 09:56:14

ComboFix-quarantined-files.txt 2010-08-04 07:56

ComboFix2.txt 2010-08-03 07:45

ComboFix3.txt 2010-08-02 13:48

ComboFix4.txt 2010-08-01 18:43

ComboFix5.txt 2010-08-04 07:28

 

Före genomsökningen: 9 788 870 656 byte ledigt

Efter genomsökningen: 9 838 555 136 byte ledigt

 

- - End Of File - - 92FF49AD9A50FEA9139C4C903EF32B69

Länk till kommentar
Dela på andra webbplatser

Kopiera alla rader i rutan:

Killall::
Driver::
NGS
DbgMsg
Folder::
c:\documents and settings\Fam.Zingmark.Terning\Application Data\ECBA931296363342F00047F686F43CA9
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

och klistra in i Anteckningar. Var noga med att det ser likadant ut som här i rutan, lika många rader och att du har fått med allt på raderna.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Länk till kommentar
Dela på andra webbplatser

Ok. Så här ser det ut nu.

 

ComboFix 10-08-01.02 - 2010-08-04 11:54:26.8.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1582 [GMT 2:00]

Körs från: c:\documents and settings\Fam.\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Fam.\Skrivbord\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DBGMSG

-------\Legacy_NGS

-------\Service_DbgMsg

-------\Service_NGS

 

 

(((((((((((((((((((((((( Filer Skapade från 2010-07-04 till 2010-08-04 ))))))))))))))))))))))))))))))

.

 

2010-07-31 08:36 . 2010-07-31 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-07-21 06:59 . 2010-07-21 06:59 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 06:59 . 2010-07-21 06:59 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 06:59 . 2010-07-21 06:59 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\Fam.\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-20 11:05 . 2010-07-20 11:05 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-----r- c:\documents and settings\LocalService\Favoriter

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-20 10:58 . 2010-07-20 12:59 -------- d-----w- c:\documents and settings\Fam.\Application Data\ECBA931296363342F00047F686F43CA9

2010-07-17 07:08 . 2010-07-17 07:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-17 07:08 . 2010-07-17 07:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-17 07:07 . 2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 07:06 . 2010-07-17 07:06 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-17 07:06 . 2010-07-17 07:06 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-17 07:06 . 2010-07-17 07:06 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-17 07:06 . 2010-07-17 07:06 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-07-05 20:11 . 2010-07-05 20:11 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-03 04:43 . 2006-09-28 19:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-01 06:56 . 2006-09-15 08:08 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-07-31 21:03 . 2006-09-15 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-31 06:40 . 2009-06-22 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-07-30 18:19 . 2007-12-03 17:32 10134 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe

2010-07-30 17:57 . 2006-05-14 22:15 -------- d-----w- c:\documents and settings\Fam.\Application Data\uTorrent

2010-07-21 11:11 . 2009-11-29 15:02 -------- d-----w- c:\documents and settings\Fam.\Application Data\Spotify

2010-07-20 15:51 . 2009-11-03 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-17 07:07 . 2009-06-22 08:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 07:07 . 2009-06-22 08:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-27 17:58 . 2010-06-27 17:58 -------- d-----w- c:\documents and settings\Fam.\Application Data\Sonic Solutions

2010-06-25 18:03 . 2006-04-19 17:02 465410 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-25 18:03 . 2006-04-19 17:02 101610 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 12:15 . 2006-05-15 11:34 7516 ----a-w- c:\documents and settings\Fam.\Application Data\wklnhst.dat

2010-06-14 14:30 . 2006-04-19 15:25 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 20:03 . 2010-06-11 20:03 -------- d-----w- c:\program\FLV Player

2010-06-06 14:50 . 2007-11-17 21:53 -------- d-----w- c:\program\Pettson3

2010-06-02 14:07 . 2009-06-22 08:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 11:12 . 2010-05-25 11:12 503808 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcp71.dll

2010-05-25 11:12 . 2010-05-25 11:12 499712 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\jmc.dll

2010-05-25 11:12 . 2010-05-25 11:12 348160 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcr71.dll

2010-05-07 11:02 . 2010-05-07 11:02 655360 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-05-07 11:02 . 2010-05-07 11:02 282624 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-05-07 11:02 . 2010-05-07 11:02 208896 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_dsp.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="c:\program\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Polar Sync"="" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-19 7405568]

"nwiz"="nwiz.exe" [2008-05-19 1519616]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]

"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-15 57344]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]

"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 364544]

"Bredbandscenter"="c:\program\Glocalnet\Bredbandscenter\Launcher.exe" [2008-01-29 808104]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-09 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Fam.\Start-meny\Program\Autostart\

Last.fm Helper.lnk - c:\program\Last.fm\LastFMHelper.exe [2008-1-5 106496]

Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

Picture Motion Browser verktyg f”r mediekontroll.lnk - c:\program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-5 385024]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-4 939920]

WD Backup Monitor.lnk - c:\program\My Book\WD Backup\uBBMonitor.exe [2007-12-3 98304]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-4-5 494920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\utorrent.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\Fam.\\Skrivbord\\Spotify Installer.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-22 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-22 243024]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe [2008-01-17 1055912]

R2 GlocalnetBredbandClientService;Glocalnet Bredband;c:\program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe [2007-07-25 1034240]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-04-09 867536]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2010-04-06 20736]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-04 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-04 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-04 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-04 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-04 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-04 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-04 90800]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-01-25 163840]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-06 643072]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

 

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

IE: &Yahoo! Search - file:///c:\program\Yahoo!\Common/ycsrch.htm

IE: E&xportera till Microsoft Excel - c:\program\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program\Yahoo!\Common/ycsms.htm

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://hembanken.danskebank.se/html/activex/OEB/Menu.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-04 13:14

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A12B4C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f377b4

\Driver\iaStor -> iaStor.sys @ 0xb9e6db58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0

PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21

SendHandler -> NDIS.sys @ 0xb9d0387b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-667845635-2202822803-230670660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,da,6a,1f,18,4e,79,a5,b3,e0,fa,c5,00,be,95,3a,95,1f,e6,2a,43,16,b0,

0b,b7,15,6e,ad,1d,0a,f6,46,98,3e,9e,e1,e6,45,98,21,40,77,c2,47,8e,ff,b9,bd,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(2340)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\AVG\AVG9\avgchsvx.exe

c:\program\AVG\AVG9\avgrsx.exe

c:\program\AVG\AVG9\avgcsrvx.exe

c:\program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Delade filer\EPSON\EBAPI\SAgent2.exe

c:\program\AVG\AVG9\avgnsx.exe

c:\program\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\windows\SOUNDMAN.EXE

c:\windows\sm56hlpr.exe

c:\windows\system32\WDBtnMgr.exe

c:\program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Sluttid: 2010-08-04 13:23:21 - datorn startades om.

ComboFix-quarantined-files.txt 2010-08-04 11:23

ComboFix2.txt 2010-08-04 07:56

ComboFix3.txt 2010-08-03 07:45

ComboFix4.txt 2010-08-02 13:48

ComboFix5.txt 2010-08-04 09:43

 

Före genomsökningen: 9 959 464 960 byte ledigt

Efter genomsökningen: 9 934 036 992 byte ledigt

 

- - End Of File - - 458C96156E817D7649A8E2BA09F70DB7

Länk till kommentar
Dela på andra webbplatser

De första raderna i CFScript har ComboFix förstått och åtgärdat men inte de andra raderna. Är du säker på att du har fått med hela de långa raderna i CFScript?

Länk till kommentar
Dela på andra webbplatser

Jag tyckte jag gjorde rätt första gången. Jag gjorde om allt en gång till.

 

 

ComboFix 10-08-01.02 - Fam. 2010-08-04 14:58:11.9.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1582 [GMT 2:00]

Körs från: c:\documents and settings\Fam.\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Fam.\Skrivbord\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-07-04 till 2010-08-04 ))))))))))))))))))))))))))))))

.

 

2010-07-31 08:36 . 2010-07-31 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-07-21 06:59 . 2010-07-21 06:59 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 06:59 . 2010-07-21 06:59 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 06:59 . 2010-07-21 06:59 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\Fam.\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-20 11:05 . 2010-07-20 11:05 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-----r- c:\documents and settings\LocalService\Favoriter

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-20 10:58 . 2010-07-20 12:59 -------- d-----w- c:\documents and settings\Fam.Application Data\ECBA931296363342F00047F686F43CA9

2010-07-17 07:08 . 2010-07-17 07:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-17 07:08 . 2010-07-17 07:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-17 07:07 . 2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 07:06 . 2010-07-17 07:06 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-17 07:06 . 2010-07-17 07:06 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-17 07:06 . 2010-07-17 07:06 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-17 07:06 . 2010-07-17 07:06 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-07-05 20:11 . 2010-07-05 20:11 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-03 04:43 . 2006-09-28 19:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-01 06:56 . 2006-09-15 08:08 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-07-31 21:03 . 2006-09-15 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-31 06:40 . 2009-06-22 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-07-30 18:19 . 2007-12-03 17:32 10134 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe

2010-07-30 17:57 . 2006-05-14 22:15 -------- d-----w- c:\documents and settings\Fam.\Application Data\uTorrent

2010-07-21 11:11 . 2009-11-29 15:02 -------- d-----w- c:\documents and settings\Fam.\Application Data\Spotify

2010-07-20 15:51 . 2009-11-03 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-17 07:07 . 2009-06-22 08:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 07:07 . 2009-06-22 08:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-27 17:58 . 2010-06-27 17:58 -------- d-----w- c:\documents and settings\Fam.\Application Data\Sonic Solutions

2010-06-25 18:03 . 2006-04-19 17:02 465410 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-25 18:03 . 2006-04-19 17:02 101610 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 12:15 . 2006-05-15 11:34 7516 ----a-w- c:\documents and settings\Fam.\Application Data\wklnhst.dat

2010-06-14 14:30 . 2006-04-19 15:25 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 20:03 . 2010-06-11 20:03 -------- d-----w- c:\program\FLV Player

2010-06-06 14:50 . 2007-11-17 21:53 -------- d-----w- c:\program\Pettson3

2010-06-02 14:07 . 2009-06-22 08:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 11:12 . 2010-05-25 11:12 503808 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcp71.dll

2010-05-25 11:12 . 2010-05-25 11:12 499712 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\jmc.dll

2010-05-25 11:12 . 2010-05-25 11:12 348160 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcr71.dll

2010-05-07 11:02 . 2010-05-07 11:02 655360 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-05-07 11:02 . 2010-05-07 11:02 282624 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-05-07 11:02 . 2010-05-07 11:02 208896 ----a-w- c:\documents and settings\Fam.Application Data\Spotify\Gracenote\gnsdk_dsp.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="c:\program\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Polar Sync"="" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-19 7405568]

"nwiz"="nwiz.exe" [2008-05-19 1519616]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]

"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-15 57344]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]

"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 364544]

"Bredbandscenter"="c:\program\Glocalnet\Bredbandscenter\Launcher.exe" [2008-01-29 808104]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-09 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Fam.\Start-meny\Program\Autostart\

Last.fm Helper.lnk - c:\program\Last.fm\LastFMHelper.exe [2008-1-5 106496]

Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

Picture Motion Browser verktyg f”r mediekontroll.lnk - c:\program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-5 385024]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-4 939920]

WD Backup Monitor.lnk - c:\program\My Book\WD Backup\uBBMonitor.exe [2007-12-3 98304]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-4-5 494920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\utorrent.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\Fam.\\Skrivbord\\Spotify Installer.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-22 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-22 243024]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe [2008-01-17 1055912]

R2 GlocalnetBredbandClientService;Glocalnet Bredband;c:\program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe [2007-07-25 1034240]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-04-09 867536]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2010-04-06 20736]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-04 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-04 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-04 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-04 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-04 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-04 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-04 90800]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-01-25 163840]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-06 643072]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

 

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

IE: &Yahoo! Search - file:///c:\program\Yahoo!\Common/ycsrch.htm

IE: E&xportera till Microsoft Excel - c:\program\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program\Yahoo!\Common/ycsms.htm

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://hembanken.danskebank.se/html/activex/OEB/Menu.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-04 15:39

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A26B4C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f377b4

\Driver\iaStor -> iaStor.sys @ 0xb9e6db58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0

PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21

SendHandler -> NDIS.sys @ 0xb9d0387b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-667845635-2202822803-230670660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,da,6a,1f,18,4e,79,a5,b3,e0,fa,c5,00,be,95,3a,95,1f,e6,2a,43,16,b0,

0b,b7,15,6e,ad,1d,0a,f6,46,98,3e,9e,e1,e6,45,98,21,40,77,c2,47,8e,ff,b9,bd,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(2732)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\AVG\AVG9\avgchsvx.exe

c:\program\AVG\AVG9\avgrsx.exe

c:\program\AVG\AVG9\avgcsrvx.exe

c:\program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Delade filer\EPSON\EBAPI\SAgent2.exe

c:\program\AVG\AVG9\avgnsx.exe

c:\program\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\windows\SOUNDMAN.EXE

c:\windows\sm56hlpr.exe

c:\windows\system32\WDBtnMgr.exe

c:\program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Sluttid: 2010-08-04 15:47:53 - datorn startades om.

ComboFix-quarantined-files.txt 2010-08-04 13:47

ComboFix2.txt 2010-08-04 11:23

ComboFix3.txt 2010-08-04 07:56

ComboFix4.txt 2010-08-03 07:45

ComboFix5.txt 2010-08-04 12:50

 

Före genomsökningen: 9 925 398 528 byte ledigt

Efter genomsökningen: 9 921 019 904 byte ledigt

 

- - End Of File - - 9A636FA352E96535EB07C196DBE1C582

Länk till kommentar
Dela på andra webbplatser

Vet inte vad det är som strular, men jag bifogar en CFScript.txt. Ta bort den du har och spara den nya på Skrivbordet. Starta om datorn innan du använder den med ComboFix (vanliga ComboFix-förberedelser förstås).

CFScript.txt

Länk till kommentar
Dela på andra webbplatser

Körde med den fil som du bifogade. Nån skillnad?

 

 

ComboFix 10-08-03.04 - Fam.2010-08-04 17:03:19.10.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1589 [GMT 2:00]

Körs från: c:\documents and settings\Fam.\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Fam.\Skrivbord\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-07-04 till 2010-08-04 ))))))))))))))))))))))))))))))

.

 

2010-07-31 08:36 . 2010-07-31 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-07-21 06:59 . 2010-07-21 06:59 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 06:59 . 2010-07-21 06:59 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 06:59 . 2010-07-21 06:59 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\Fam.\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-20 11:05 . 2010-07-20 11:05 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-----r- c:\documents and settings\LocalService\Favoriter

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-20 10:58 . 2010-07-20 12:59 -------- d-----w- c:\documents and settings\Fam.\Application Data\ECBA931296363342F00047F686F43CA9

2010-07-17 07:08 . 2010-07-17 07:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-17 07:08 . 2010-07-17 07:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-17 07:07 . 2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 07:06 . 2010-07-17 07:06 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-17 07:06 . 2010-07-17 07:06 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-17 07:06 . 2010-07-17 07:06 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-17 07:06 . 2010-07-17 07:06 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-07-05 20:11 . 2010-07-05 20:11 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-03 04:43 . 2006-09-28 19:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-01 06:56 . 2006-09-15 08:08 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-07-31 21:03 . 2006-09-15 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-31 06:40 . 2009-06-22 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-07-30 18:19 . 2007-12-03 17:32 10134 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe

2010-07-30 17:57 . 2006-05-14 22:15 -------- d-----w- c:\documents and settings\Fam.\Application Data\uTorrent

2010-07-21 11:11 . 2009-11-29 15:02 -------- d-----w- c:\documents and settings\Fam.\Application Data\Spotify

2010-07-20 15:51 . 2009-11-03 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-17 07:07 . 2009-06-22 08:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 07:07 . 2009-06-22 08:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-27 17:58 . 2010-06-27 17:58 -------- d-----w- c:\documents and settings\Fam.Application Data\Sonic Solutions

2010-06-25 18:03 . 2006-04-19 17:02 465410 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-25 18:03 . 2006-04-19 17:02 101610 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 12:15 . 2006-05-15 11:34 7516 ----a-w- c:\documents and settings\Fam.Application Data\wklnhst.dat

2010-06-14 14:30 . 2006-04-19 15:25 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 20:03 . 2010-06-11 20:03 -------- d-----w- c:\program\FLV Player

2010-06-06 14:50 . 2007-11-17 21:53 -------- d-----w- c:\program\Pettson3

2010-06-02 14:07 . 2009-06-22 08:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 11:12 . 2010-05-25 11:12 503808 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcp71.dll

2010-05-25 11:12 . 2010-05-25 11:12 499712 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\jmc.dll

2010-05-25 11:12 . 2010-05-25 11:12 348160 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcr71.dll

2010-05-07 11:02 . 2010-05-07 11:02 655360 ----a-w- c:\documents and settings\Fam.Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-05-07 11:02 . 2010-05-07 11:02 282624 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-05-07 11:02 . 2010-05-07 11:02 208896 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_dsp.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-08-01_15.26.27 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-08-04 14:58 . 2010-08-04 14:58 16384 c:\windows\temp\Perflib_Perfdata_304.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="c:\program\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Polar Sync"="" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-19 7405568]

"nwiz"="nwiz.exe" [2008-05-19 1519616]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]

"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-15 57344]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]

"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 364544]

"Bredbandscenter"="c:\program\Glocalnet\Bredbandscenter\Launcher.exe" [2008-01-29 808104]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-09 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Fam.\Start-meny\Program\Autostart\

Last.fm Helper.lnk - c:\program\Last.fm\LastFMHelper.exe [2008-1-5 106496]

Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

Picture Motion Browser verktyg f”r mediekontroll.lnk - c:\program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-5 385024]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-4 939920]

WD Backup Monitor.lnk - c:\program\My Book\WD Backup\uBBMonitor.exe [2007-12-3 98304]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-4-5 494920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\utorrent.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\Fam.\\Skrivbord\\Spotify Installer.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-22 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-22 243024]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe [2008-01-17 1055912]

R2 GlocalnetBredbandClientService;Glocalnet Bredband;c:\program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe [2007-07-25 1034240]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-04-09 867536]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2010-04-06 20736]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-04 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-04 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-04 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-04 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-04 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-04 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-04 90800]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-01-25 163840]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-06 643072]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

 

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

IE: &Yahoo! Search - file:///c:\program\Yahoo!\Common/ycsrch.htm

IE: E&xportera till Microsoft Excel - c:\program\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program\Yahoo!\Common/ycsms.htm

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://hembanken.danskebank.se/html/activex/OEB/Menu.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-04 17:14

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A1EB4C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f377b4

\Driver\iaStor -> iaStor.sys @ 0xb9e6db58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0

PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21

SendHandler -> NDIS.sys @ 0xb9d0387b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-667845635-2202822803-230670660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,da,6a,1f,18,4e,79,a5,b3,e0,fa,c5,00,be,95,3a,95,1f,e6,2a,43,16,b0,

0b,b7,15,6e,ad,1d,0a,f6,46,98,3e,9e,e1,e6,45,98,21,40,77,c2,47,8e,ff,b9,bd,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Sluttid: 2010-08-04 17:19:58

ComboFix-quarantined-files.txt 2010-08-04 15:19

ComboFix2.txt 2010-08-04 13:47

ComboFix3.txt 2010-08-04 11:23

ComboFix4.txt 2010-08-04 07:56

ComboFix5.txt 2010-08-04 14:51

 

Före genomsökningen: 9 895 157 760 byte ledigt

Efter genomsökningen: 9 896 869 888 byte ledigt

 

- - End Of File - - 955E07DE76ACFDA3F562FCCAC04F41C6

Länk till kommentar
Dela på andra webbplatser

Nu gick det igenom som det skulle :)

 

Däremot så ser det ut att vara något kvar i datorn i alla fall.

 

Uppdatera MBAM och skanna datorn igen med det. Om något hittas så klistra in loggen.

 

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Högerklicka och välj Extrahera alla. Se till att uppackningen sker till Skrivbordet. Alternativt så kan du använda ditt eget program för att packa upp zip-filer, se bara till att filen tdsskiller.exe hamnar på Skrivbordet.

 

Start - Kör

Kopiera raden som är i rutan

"%userprofile%\skrivbord\TDSSKiller.exe" -l rapport.txt -v

Öppna filen "rapport" som skapades i C:\ eller på Skrivbordet och klistra in innehållet i ditt svar.

Länk till kommentar
Dela på andra webbplatser

Jag hajade inte riktigt det sista. Jag ska altså köra TDSSKiller som jag lagt på skrivbordet. Vad gör jag med den där raden som jag kopierar?

Förresten ser jag att Malwarebytes hittat virus. Scanningen är inte klar än. Är det nåt extra ondskefullt virus jag råkat ut för?

Länk till kommentar
Dela på andra webbplatser

När MBAM är klar ska TDSSKiller köras på detta särskilda sätt:

 

Stäng av så många program som möjligt.

I Start-menyn väljer du Kör.

I fältet som visas då skriver du in (eller kopierar):

 

"%userprofile%\skrivbord\TDSSKiller.exe" -l rapport.txt -v

 

När programmet är klart öppnar du filen "rapport" som skapades i C:\ eller på Skrivbordet och klistra in innehållet i ditt svar.

Länk till kommentar
Dela på andra webbplatser

Ser ut som att TDSSKiller är lite ändrat. Använd det här kommandot i Kör-fältet i stället:

 

"%userprofile%\skrivbord\TDSSKiller.exe" -l rapport.txt

 

Det är ett litet L och inte ett stort i efter bindestrecket.

 

Loggen från MBAM:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databasversion: 4388

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

2010-08-04 21:11:27

mbam-log-2010-08-04 (21-11-27).txt

Skanningstyp: Fullständig skanning (C:\|D:\|J:\|)

Antal skannade objekt: 300758

Förfluten tid: 2 timme(ar), 20 minut(er), 31 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Program\Voddler\plugin\voddlerhelper.exe (Malware.Packer.Gen) -> No action taken.

 

Tillägg:

Om engelska är okej så kan du rapportera falsklarmet (false positive) till Malwarebytes här: http://forums.malwarebytes.org/index.php?showforum=42 De kommer då att uppdatera databasen så att MBAM slutar detektera filen.

Länk till kommentar
Dela på andra webbplatser

Ja, nu gick det att köra. Verkade inte hitta något.

 

2010/08/04 22:56:03.0281 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41

2010/08/04 22:56:03.0281 ================================================================================

2010/08/04 22:56:03.0281 SystemInfo:

2010/08/04 22:56:03.0281

2010/08/04 22:56:03.0281 OS Version: 5.1.2600 ServicePack: 2.0

2010/08/04 22:56:03.0281 Product type: Workstation

2010/08/04 22:56:03.0281 ComputerName: NYDATORN

2010/08/04 22:56:03.0281 UserName: Fam.

2010/08/04 22:56:03.0281 Windows directory: C:\WINDOWS

2010/08/04 22:56:03.0281 System windows directory: C:\WINDOWS

2010/08/04 22:56:03.0281 Processor architecture: Intel x86

2010/08/04 22:56:03.0281 Number of processors: 1

2010/08/04 22:56:03.0281 Page size: 0x1000

2010/08/04 22:56:03.0281 Boot type: Normal boot

2010/08/04 22:56:03.0281 ================================================================================

2010/08/04 22:56:03.0843 Initialize success

2010/08/04 22:56:31.0453 ================================================================================

2010/08/04 22:56:31.0453 Scan started

2010/08/04 22:56:31.0453 Mode: Manual;

2010/08/04 22:56:31.0453 ================================================================================

2010/08/04 22:56:31.0875 ACPI (d51b4fd79d252851a8f13cfe9404cd2b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/08/04 22:56:31.0953 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/08/04 22:56:32.0093 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2010/08/04 22:56:32.0250 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys

2010/08/04 22:56:32.0703 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/08/04 22:56:32.0937 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/08/04 22:56:33.0062 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/08/04 22:56:33.0234 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/08/04 22:56:33.0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/08/04 22:56:33.0453 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/08/04 22:56:33.0500 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/08/04 22:56:33.0640 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys

2010/08/04 22:56:33.0750 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/08/04 22:56:33.0968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/08/04 22:56:34.0109 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/08/04 22:56:34.0296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/08/04 22:56:34.0359 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/08/04 22:56:34.0468 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/08/04 22:56:34.0625 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/08/04 22:56:34.0765 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/08/04 22:56:35.0078 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/08/04 22:56:35.0187 dmboot (80bad99bf48053d32309afa3e8112de9) C:\WINDOWS\system32\drivers\dmboot.sys

2010/08/04 22:56:35.0281 dmio (33824764d4161c320ad7b56b6fa5f053) C:\WINDOWS\system32\drivers\dmio.sys

2010/08/04 22:56:35.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/08/04 22:56:35.0453 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/08/04 22:56:35.0578 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/08/04 22:56:35.0703 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys

2010/08/04 22:56:35.0875 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/08/04 22:56:35.0953 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2010/08/04 22:56:36.0015 Fips (725ba8685312faf7ff7b2aa7eb32ae57) C:\WINDOWS\system32\drivers\Fips.sys

2010/08/04 22:56:36.0062 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/08/04 22:56:36.0187 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/08/04 22:56:36.0296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/08/04 22:56:36.0406 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/08/04 22:56:36.0500 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/08/04 22:56:36.0593 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/08/04 22:56:36.0687 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys

2010/08/04 22:56:36.0828 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/08/04 22:56:36.0921 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/08/04 22:56:37.0062 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/08/04 22:56:37.0296 i8042prt (fb251fb7a44e34f3b9721472493d7992) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/08/04 22:56:37.0515 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\drivers\iaStor.sys

2010/08/04 22:56:37.0656 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/08/04 22:56:37.0968 IntcAzAudAddService (e7d8f417a4cfe7f1eaca6ae6256347e8) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/08/04 22:56:38.0109 IntelIde (cabeb91f29698183a6b03a1265fa99ba) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/08/04 22:56:38.0171 intelppm (50272dadb0cabd79ac86f221e0e0b46c) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/08/04 22:56:38.0250 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/08/04 22:56:38.0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/08/04 22:56:38.0437 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/08/04 22:56:38.0500 IpNat (d58ecd3b3969a670e68588f1640920b6) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/08/04 22:56:38.0625 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/08/04 22:56:38.0734 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys

2010/08/04 22:56:38.0796 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/08/04 22:56:38.0921 isapnp (303640835cb95b00590b962283570648) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/08/04 22:56:39.0046 Kbdclass (ce96bfa4af66a2fe61982093bd1d8ffb) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/08/04 22:56:39.0156 kbdhid (8414f174d2199730d06f309389d2da02) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/08/04 22:56:39.0250 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2010/08/04 22:56:39.0359 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/08/04 22:56:39.0546 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/08/04 22:56:39.0640 Modem (16482d7667fb6783108bbd90ad36b159) C:\WINDOWS\system32\drivers\Modem.sys

2010/08/04 22:56:39.0734 MosIrUsb (5bbe28f4188e98ebf8b7bcd9f30caa5b) C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys

2010/08/04 22:56:39.0828 Mouclass (91460066455e77da014cd5ef45b150e2) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/08/04 22:56:39.0921 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/08/04 22:56:40.0015 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/08/04 22:56:40.0140 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/08/04 22:56:40.0281 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/08/04 22:56:40.0375 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/08/04 22:56:40.0484 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/08/04 22:56:40.0546 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/08/04 22:56:40.0640 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/08/04 22:56:40.0718 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/08/04 22:56:40.0781 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/08/04 22:56:40.0843 Mup (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys

2010/08/04 22:56:40.0921 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/08/04 22:56:41.0000 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/08/04 22:56:41.0078 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/08/04 22:56:41.0140 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/08/04 22:56:41.0203 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/08/04 22:56:41.0296 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/08/04 22:56:41.0359 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/08/04 22:56:41.0484 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/08/04 22:56:41.0609 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/08/04 22:56:41.0765 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/08/04 22:56:41.0828 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/08/04 22:56:41.0890 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/08/04 22:56:42.0031 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/08/04 22:56:42.0296 nv (0bbd8ad87ddff5e374ca61b611072879) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/08/04 22:56:42.0500 nvatabus (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\drivers\nvatabus.sys

2010/08/04 22:56:42.0625 nvraid (a4f2a29b9d40f9ffbbb54e56ce483797) C:\WINDOWS\system32\drivers\nvraid.sys

2010/08/04 22:56:42.0718 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/08/04 22:56:42.0796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/08/04 22:56:42.0906 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/08/04 22:56:43.0015 Parport (fb0832a8cd0b3ea70d133768f551ae78) C:\WINDOWS\system32\drivers\Parport.sys

2010/08/04 22:56:43.0109 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/08/04 22:56:43.0203 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/08/04 22:56:43.0312 PCI (9554dd34eddafa76d502cb0ec439273d) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/08/04 22:56:43.0468 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/08/04 22:56:43.0562 Pcmcia (40b2b244caa60e60aceb54f01767b14d) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/08/04 22:56:43.0703 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/08/04 22:56:44.0109 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/08/04 22:56:44.0218 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/08/04 22:56:44.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/08/04 22:56:44.0359 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/08/04 22:56:44.0687 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/08/04 22:56:44.0812 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2010/08/04 22:56:44.0875 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/08/04 22:56:44.0953 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/08/04 22:56:45.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/08/04 22:56:45.0156 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/08/04 22:56:45.0234 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/08/04 22:56:45.0328 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/08/04 22:56:45.0437 redbook (6ab3e65a46fb2a6f21ba5acfdfa44fab) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/08/04 22:56:45.0562 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

2010/08/04 22:56:45.0687 sea1bus (d2654321192037bae90204e2fa6697ce) C:\WINDOWS\system32\DRIVERS\sea1bus.sys

2010/08/04 22:56:45.0812 sea1mdfl (8146d9ec5142bd364956d3807f09ca9a) C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys

2010/08/04 22:56:45.0906 sea1mdm (afe065da777dc4408c64df5c87472bb9) C:\WINDOWS\system32\DRIVERS\sea1mdm.sys

2010/08/04 22:56:45.0984 sea1mgmt (a0bbd60222ad053d52f3a5c4f79904c7) C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys

2010/08/04 22:56:46.0062 sea1nd5 (6549babfc3362f1621a8c0eff288fb14) C:\WINDOWS\system32\DRIVERS\sea1nd5.sys

2010/08/04 22:56:46.0140 sea1obex (957510ab44e84497733f53322351f6e8) C:\WINDOWS\system32\DRIVERS\sea1obex.sys

2010/08/04 22:56:46.0218 sea1unic (c1517e6a7ce1191ab076472bdf1b0e6e) C:\WINDOWS\system32\DRIVERS\sea1unic.sys

2010/08/04 22:56:46.0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/08/04 22:56:46.0468 Serial (6494c4e513795c363b20e0f2c9a2e9ab) C:\WINDOWS\system32\drivers\Serial.sys

2010/08/04 22:56:46.0578 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/08/04 22:56:46.0750 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\WINDOWS\system32\drivers\SiSRaid2.sys

2010/08/04 22:56:46.0812 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/08/04 22:56:46.0937 smserial (34d634366fc57524f5932eaec40e4fcb) C:\WINDOWS\system32\DRIVERS\smserial.sys

2010/08/04 22:56:47.0093 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2010/08/04 22:56:47.0218 sptd (915412475db4a2cb706019059c0a9fbe) C:\WINDOWS\System32\Drivers\sptd.sys

2010/08/04 22:56:47.0375 sr (125ccd7b6b7e4732a03b6f4d69f87f7b) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/08/04 22:56:47.0515 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/08/04 22:56:47.0656 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/08/04 22:56:47.0718 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/08/04 22:56:47.0781 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/08/04 22:56:48.0109 SynTP (59e9d90d6373f8ad4e3ebd0ecdedd35e) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/08/04 22:56:48.0218 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/08/04 22:56:48.0406 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/08/04 22:56:48.0500 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/08/04 22:56:48.0578 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/08/04 22:56:48.0703 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/08/04 22:56:48.0875 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/08/04 22:56:49.0015 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2010/08/04 22:56:49.0140 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/08/04 22:56:49.0218 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/08/04 22:56:49.0312 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/08/04 22:56:49.0406 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/08/04 22:56:49.0484 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/08/04 22:56:49.0562 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/08/04 22:56:49.0640 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/08/04 22:56:49.0750 V0250Dev (b2a9cefea4ae26161d53d48e7aa39765) C:\WINDOWS\system32\DRIVERS\V0250Dev.sys

2010/08/04 22:56:49.0890 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/08/04 22:56:50.0062 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\drivers\viamraid.sys

2010/08/04 22:56:50.0171 VolSnap (4d5f0d3eb992d4c2bfb59077d62240ba) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/08/04 22:56:50.0375 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys

2010/08/04 22:56:50.0484 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/08/04 22:56:50.0609 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/08/04 22:56:50.0781 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys

2010/08/04 22:56:50.0875 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys

2010/08/04 22:56:50.0968 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/08/04 22:56:51.0093 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys

2010/08/04 22:56:51.0171 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys

2010/08/04 22:56:51.0265 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/08/04 22:56:51.0375 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/08/04 22:56:51.0531 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/08/04 22:56:51.0625 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/08/04 22:56:51.0750 ================================================================================

2010/08/04 22:56:51.0750 Scan finished

2010/08/04 22:56:51.0750 ================================================================================

Länk till kommentar
Dela på andra webbplatser

När det gäller AVG så verkar det vara en webbplats som har blockerats. Hade du igång webbläsaren när meddelandet kom? Vad gjorde du i så fall?

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...