Virusvarning som visar på samma angrepp men inte försvinner

1 oktober, 2010

Det går inte att uppdatera Kaspersky. Det kommer upp en felmeddelande efter att jag laddade ned dem och det tog väldigt lång tid att göra det. Comodo är avstängt.

1 oktober, 2010

Försök med en annan online-skanning http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet "Remove found threats"

Bocka för "Scan Archives

Klicka på "Advanced Settings"

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Tryck på Scan

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

2 oktober, 2010

Inget av online skanningssidorna har funkat och jag har gjort den här skanningen i felsäkert läge. Kanske det inte påverkar något.

scan.txt

2 oktober, 2010

Hej,

postar din logg här.

Mvh

Mats H

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=5afe2cbcbdce714f8c1fe447db31dbd0

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-10-02 03:11:26

# local_time=2010-10-02 05:11:26 (+0100, W. Europe Daylight Time)

# country="Sweden"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=3073 16777174 80 92 0 278144 0 0

# compatibility_mode=8192 67108863 100 0 334 334 0 0

# scanned=87311

# found=3

# cleaned=0

# scan_time=16487

C:\rld-shal.iso probably a variant of Win32/Agent.JLJQET trojan 00000000000000000000000000000000 I

C:\Documents and Settings\Thomas\Application Data\BitTorrent\Deamon (DAEMON) Tools Pro 4.30.305 32&64bit Latest.rar NSIS/TrojanDownloader.Agent.NCA trojan 00000000000000000000000000000000 I

C:\Program Files\rld-shal.iso probably a variant of Win32/Agent.JLJQET trojan 00000000000000000000000000000000 I

2 oktober, 2010

Hej,

du har ju en del "crackad" programvara installerad.

Avinstallera de programmen vilka i sig, antagligen är roten till bekymren,

så kan vi, Cecilia och jag koncentrera oss på att rensa din dator på ett bra sätt,

och försöka få Windows rent.

Efter borttag av de programmen, kör en ny DDS, och sedan Combofix.

Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Mvh

Mats H

2 oktober, 2010

Precis som med virusprogrammen på nätet kommer det upp en varning när jag ska starta combofix om att jag inte har tillåtelse att öppna programmen. Är det ett virus som hindrar eller vad beror det på? Ska jag alltid starta i felsäkert läge?

2 oktober, 2010

Nu var det ju länge sedan jag hade Comodo men om Comodo är inställt för högsta säkerhet måste man väl godkänna allt som ska köras. Kan du göra det eller sänka säkerheten i Comodo?

ComboFix fungerar bäst i normalt läge men visst går det att köra den i felsäkert.

2 oktober, 2010

Men det är inte comodo som kommer med varningen utan windows. Jag kör det i felsäkert läge nu med.

2 oktober, 2010

Hej,

prova att ignorera varningen, eller kör i Felsäkert läge.

Mvh

Mats H

2 oktober, 2010

ComboFix 10-10-01.07 - Thomas 2010-10-02 19:34:56.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1485 [GMT 2:00]

Running from: c:\documents and settings\Thomas\My Documents\Hämtade filer\ComboFix.exe

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Thomas\Application Data\inst.exe

c:\windows\Tasks\Acrobat Update.job

.

((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))

.

2010-10-01 22:31 . 2010-10-01 22:31 -------- d-----w- c:\program files\ESET

2010-10-01 18:55 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-09-30 19:51 . 2010-09-24 14:43 618128 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-09-30 19:51 . 2010-09-24 14:42 644384 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-09-29 19:26 . 2010-09-28 22:41 998400 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc\components\lpxpcom_x86_64.dll

2010-09-29 19:26 . 2010-09-28 22:41 834048 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

2010-09-20 00:05 . 2010-09-20 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-09-15 18:03 . 2010-09-15 18:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-09-14 09:05 . 2010-09-14 09:05 -------- d-----w- c:\program files\iPod

2010-09-14 09:05 . 2010-09-14 09:05 -------- d-----w- c:\program files\iTunes

2010-09-14 08:57 . 2010-09-14 08:57 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-08 19:04 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll

2010-09-08 19:03 . 2010-09-08 19:03 -------- d-----w- c:\windows\Logs

2010-09-07 18:52 . 2010-09-14 00:32 -------- d-----w- c:\program files\The Adventure Company

2010-09-07 18:29 . 2010-09-07 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Net

2010-09-07 18:29 . 2010-09-07 18:49 -------- d-----w- c:\documents and settings\Thomas\Application Data\DAEMON Tools Net

2010-09-07 18:28 . 2010-09-07 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro

2010-09-05 22:49 . 2010-09-05 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages

2010-09-05 09:26 . 2010-09-05 22:44 -------- d-----w- c:\documents and settings\Thomas\Application Data\Games

2010-09-04 23:04 . 2010-09-15 18:04 -------- d-----w- c:\program files\AGEIA Technologies

2010-09-04 23:04 . 2010-09-15 18:04 -------- d-----w- c:\windows\system32\AGEIA

2010-09-04 23:04 . 2010-09-04 23:04 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-09-04 23:04 . 2010-09-04 23:04 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2010-09-04 21:58 . 2010-09-07 18:29 445936 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-09-04 21:58 . 2010-09-04 21:58 -------- d-----w- c:\documents and settings\Thomas\Application Data\DAEMON Tools Pro

2010-09-04 09:00 . 2010-09-04 09:00 -------- d-----w- c:\program files\ASIO4ALL v2

2010-09-04 08:47 . 2005-11-09 13:23 14336 ----a-w- c:\windows\system32\drivers\madfu804.sys

2010-09-04 08:47 . 2005-11-09 13:20 6010 ----a-r- c:\windows\system32\drivers\ma004103.bin

2010-09-04 08:47 . 2005-11-09 15:00 32000 ----a-w- c:\windows\system32\drivers\MA763004.sys

2010-09-04 08:47 . 2005-11-09 13:26 49152 ----a-w- c:\windows\system32\MPInstFix.dll

2010-09-04 08:47 . 2005-11-09 13:29 163840 ----a-w- c:\windows\system32\mausbasi.dll

2010-09-04 08:46 . 2010-09-04 08:46 -------- d-----w- c:\program files\M-Audio MobilePre

2010-09-04 08:27 . 2009-09-02 12:29 158344 ----a-w- c:\windows\system32\drivers\MAudioMobilePre.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-02 17:18 . 2010-04-02 20:45 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-10-02 12:13 . 2010-05-25 20:52 -------- d-----w- c:\program files\Common Files\CyberLink

2010-10-02 12:13 . 2010-05-25 20:51 -------- d-----w- c:\program files\CyberLink

2010-10-02 12:12 . 2010-05-25 21:25 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

2010-10-01 22:28 . 2010-04-21 21:26 -------- d-----w- c:\documents and settings\Thomas\Application Data\BitTorrent

2010-09-30 22:59 . 2010-06-02 23:15 -------- d-----w- c:\documents and settings\Thomas\Application Data\vlc

2010-09-30 20:49 . 2010-05-24 16:17 -------- d-----w- c:\documents and settings\Thomas\Application Data\dvdcss

2010-09-30 00:10 . 2010-04-02 21:33 -------- d-----w- c:\documents and settings\Thomas\Application Data\QuickScan

2010-09-29 09:48 . 2010-04-02 20:29 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-28 17:22 . 2010-04-02 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO

2010-09-28 17:21 . 2010-03-03 15:54 285480 ----a-w- c:\windows\system32\guard32.dll

2010-09-28 17:21 . 2010-03-03 15:54 91560 ----a-w- c:\windows\system32\drivers\inspect.sys

2010-09-28 17:21 . 2010-03-03 15:54 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-09-28 17:21 . 2010-03-23 16:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2010-09-28 17:21 . 2010-03-03 15:54 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys

2010-09-22 20:38 . 2010-04-02 19:14 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-14 09:06 . 2010-04-02 21:39 -------- d-----w- c:\program files\QT Lite

2010-09-14 09:05 . 2010-08-13 09:51 -------- d-----w- c:\program files\Common Files\Apple

2010-09-06 22:42 . 2010-04-02 21:44 -------- d-----w- c:\program files\Elaborate Bytes

2010-09-04 23:06 . 2010-09-04 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2010-09-04 23:02 . 2010-04-02 19:11 -------- d-----w- c:\program files\Common Files\InstallShield

2010-09-01 09:03 . 2010-04-21 21:26 -------- d-----w- c:\program files\BitTorrent

2010-08-29 22:05 . 2010-08-29 21:33 1515134079 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Setup.exe

2010-08-29 21:46 . 2010-08-30 18:30 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46 . 2010-08-30 18:26 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46 . 2010-08-29 21:33 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Live 8.1.1.exe

2010-08-29 20:47 . 2010-08-29 20:47 -------- d-----w- c:\program files\Ableton

2010-08-29 20:25 . 2010-04-30 09:30 -------- d-----w- c:\documents and settings\Thomas\Application Data\Ableton

2010-08-29 11:31 . 2010-08-29 11:31 -------- d-----w- c:\documents and settings\Thomas\Application Data\PACE Anti-Piracy

2010-08-29 11:30 . 2010-08-29 11:30 10710528 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXY\L6TWXY.DLL

2010-08-29 11:30 . 2010-08-29 11:30 1534464 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXY\data\twx\L6TWX.DLL

2010-08-29 11:30 . 2010-08-29 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Line 6

2010-08-29 11:30 . 2010-08-29 11:30 606208 ----a-w- c:\windows\system32\REX Shared Library.dll

2010-08-29 11:30 . 2010-08-29 11:30 2771968 ----a-w- c:\windows\system32\ReWire.dll

2010-08-29 11:30 . 2010-04-07 17:44 -------- d-----w- c:\documents and settings\Thomas\Application Data\Propellerhead Software

2010-08-29 11:29 . 2010-08-29 11:29 8192 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29 . 2010-08-29 11:29 30208 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29 . 2010-08-29 11:29 14848 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe

2010-08-29 11:28 . 2010-08-29 11:28 -------- d-----w- c:\program files\CodeMeter

2010-08-29 11:28 . 2010-04-29 21:56 -------- d-----w- c:\program files\Propellerhead

2010-08-25 20:27 . 2010-08-13 09:53 -------- d-----w- c:\documents and settings\Thomas\Application Data\Apple Computer

2010-08-22 12:04 . 2010-08-22 12:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-21 12:37 . 2010-08-20 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2010-08-20 19:57 . 2010-04-02 16:36 25128 ----a-w- c:\documents and settings\Thomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-20 19:49 . 2010-04-24 20:37 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-20 19:48 . 2010-08-20 19:48 -------- d-----w- c:\program files\Adobe Media Player

2010-08-20 19:47 . 2010-08-20 19:47 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-14 09:35 . 2010-08-14 09:35 -------- d-----w- c:\program files\Common Files\Java

2010-08-14 09:35 . 2010-05-09 14:40 -------- d-----w- c:\program files\Java

2010-08-13 09:53 . 2010-08-13 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-13 09:52 . 2010-04-02 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\program files\Apple Software Update

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\program files\Bonjour

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-08-12 12:16 . 2010-08-22 12:04 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-12 12:15 . 2010-05-28 10:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-12 12:15 . 2010-04-28 17:26 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-04 17:07 . 2010-08-04 17:07 61440 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-sse.dll

2010-08-04 17:07 . 2010-08-04 17:07 503808 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcp71.dll

2010-08-04 17:07 . 2010-08-04 17:07 499712 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\jmc.dll

2010-08-04 17:07 . 2010-08-04 17:07 348160 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcr71.dll

2010-08-04 17:07 . 2010-08-04 17:07 12800 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-d3d.dll

2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2010-04-02 20:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-17 03:00 . 2010-05-09 14:40 423656 ----a-w- c:\windows\system32\deployJava1.dll

2007-12-28 22:04 . 2010-09-15 22:23 1270409216 ----a-w- c:\program files\rld-shal.iso

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-05-10 102400]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-07-12 24576]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-12 311350]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-30 28739]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-28 2500552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2009-09-02 643592]

"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BankID Security Application.lnk - c:\program files\Personal\bin\Personal.exe [2010-4-26 939920]

P†minnelser f”r Kalendern i Microsoft Works.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-12 24633]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-04-28 64288]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-03-03 15592]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-03-03 25240]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-09-04 445936]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-03-23 239240]

S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2009-04-03 1680704]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-04-24 233472]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1356952]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-04-24 36608]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [2010-08-12 15008]

S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\drivers\MAudioMobilePre.sys [2010-09-04 158344]

S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\DRIVERS\mausbmp.sys --> c:\windows\system32\DRIVERS\mausbmp.sys [?]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-04-24 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-04-24 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-04-24 121856]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

.

Contents of the 'Scheduled Tasks' folder

2010-10-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 19:08]

2010-10-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-EZRA-Thomas.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-20 01:44]

2010-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\

FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Personal\bin\np_prsnl.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin2.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin3.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin4.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin5.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin6.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin7.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-NPSStartup - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-02 19:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-10-02 19:39:49

ComboFix-quarantined-files.txt 2010-10-02 17:39

Pre-Run: 146 419 888 128 bytes free

Post-Run: 146 489 577 472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 168C206FF5518040FDC326629D44B2AB

2 oktober, 2010

Hej,

kör en Combofix till.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja/yes.

Mvh

Mats H

2 oktober, 2010

Jag stöter på en hel del problem. Trots att jag har stängt av både ad aware och comodo fick jag varning från combofix att de båda var på. Dessutom stängde datorn av sig två gånger när jag skannade datorn med combofix och jag fick ett blått felmeddelande. Detta har jag fått tidigare men då har det varit i anslutning till en av mina dvdspelare.

Här är i alla fall loggen:

ComboFix 10-10-01.07 - Thomas 2010-10-02 21:07:28.3.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1731 [GMT 2:00]

Running from: c:\documents and settings\Thomas\My Documents\Hämtade filer\ComboFix.exe

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}