Google Inloggningsalternativ
Kom ihåg mig
Detta rekommenderas inte för delade eller allmänna datorer

Logga in anonymt
Visa inte att jag är inloggad i listan över användare online

Personlig integritet
Logga in
Registrera konto

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan-Dropper.Win32.Boaxxe.bk

Startat av hubalon, jan 12 2010 12:32

Nästa

Den här tråden har arkiverats. Det innebär att du inte längre kan svara på inlägg i tråden. Vänligen starta en ny tråd vid behov.

25 svar i den här tråden

#1 hubalon

Medlem
65 inlägg

Skrivet 12 januari 2010 - 12:32

Mitt ZoneAlarm indikerar att Trojan-Dropper.Win32.Boaxxe.bk finns på datorn.
ZA sätter den i karantän och jag tar bort den.
Efter en stund dyker den upp igen (varje gång i en ny undermapp till C/Windows/Temp.
Finns det ngt "removal" verktyg ? Eller vad gör man ?

Till toppen av sidan

ANNONS:

Inte din sorts mobil? Jämför priser på fler hos

PriceRunner

#2 ture

Medlem
419 inlägg

Skrivet 12 januari 2010 - 12:56

testa Malwarebytes' Anti-Malware
ladda hem gratis ver,uppdatera programet innan du scannar

http://www.malwarebytes.org/

mvh
t

Windows XP Pro Sp3 Moderkort Shuttle AN50R::CPU AMD Athlon™ 64 Processor 3400+::minne 1536 MB (DDR SDRAM)::Grafikkort RADEON X850 Series (256MB):: LjudkortCreative SB X-Fi::Hd Maxtor (160 GB, 7200 RPM, Ultra-ATA/133)::Hd WDC (111 GB, IDE)::Optiarc DVD RW AD-7170A::Nätverkskort NVIDIA nForce MCP

Till toppen av sidan

#3 Cecilia

Hedersmedlem
3 431 inlägg

Skrivet 12 januari 2010 - 13:31

Om det inte räcker med MBAM så klistra in loggen från MBAM i ditt svar samt gör följande:
Spara DDS på Skrivbordet.
http://download.blee...om/sUBs/dds.scr

Starta programmet (i Vista högerklicka och Kör som administratör).
Tryck Yes/Ja om frågan om Optional Scan dyker upp.
I ditt svar bifogar du loggen DSS.txt, men inte Attach.txt utan den sparar du på Skrivbordet utifall att jag behöver se den senare.

Till toppen av sidan

#4 hubalon

Medlem
65 inlägg

Skrivet 12 januari 2010 - 13:42

Cecilia, den 12 januari 2010 - 13:31 , skrev:

Om det inte räcker med MBAM så klistra in loggen från MBAM i ditt svar samt gör följande:
Spara DDS på Skrivbordet.
http://download.blee...om/sUBs/dds.scr

Starta programmet (i Vista högerklicka och Kör som administratör).
Tryck Yes/Ja om frågan om Optional Scan dyker upp.
I ditt svar bifogar du loggen DSS.txt, men inte Attach.txt utan den sparar du på Skrivbordet utifall att jag behöver se den senare.

Det här inlägget har redigerats av hubalon: 12 januari 2010 - 14:17

Till toppen av sidan

#5 hubalon

Medlem
65 inlägg

Skrivet 12 januari 2010 - 13:45

DDS (Ver_09-12-01.01) - NTFSx86
Run by asta at 13:35:33,30 on 2010-01-12
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.46.1053.18.2038.1268 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxdjcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\asta\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Google Update] "c:\users\asta\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe"
mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\306313.lnk - c:\users\asta\appdata\local\temp\nvscv.exe
StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\asta\appdata\roaming\mozilla\firefox\profiles\yz26u1xf.default\
FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\users\asta\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color",               "#551A8B");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-29 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-29 8456]

=============== Created Last 30 ================

2010-01-12 12:00:25 0 d-----w- c:\users\asta\appdata\roaming\Malwarebytes
2010-01-12 12:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 12:00:13 0 d-----w- c:\programdata\Malwarebytes
2010-01-12 12:00:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 12:00:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 15:17:58 0 d-----w- c:\program files\MSXML 4.0
2009-12-30 11:06:58 0 d-----w- c:\users\asta\appdata\roaming\TeamViewer
2009-12-30 11:06:48 0 d-----w- c:\program files\TeamViewer
2009-12-30 11:05:32 0 d-----w- c:\users\asta\temp
2009-12-30 07:18:01 0 d-----w- c:\program files\Media Center Plugin
2009-12-29 09:50:24 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-12-29 09:50:24 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-12-29 09:50:24 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-12-29 09:50:24 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-12-29 09:50:24 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2009-12-29 09:34:27 0 d-----w- c:\program files\Speccy
2009-12-29 08:33:38 0 d-----w- c:\users\asta\appdata\roaming\Lexmark Imaging Studio
2009-12-29 08:30:05 0 d-----w- c:\program files\Lx_cats
2009-12-29 08:28:00 0 d-----w- c:\program files\Lexmark 1400 Series
2009-12-29 06:36:54 0 d-----w- c:\program files\uTorrent
2009-12-29 06:35:59 0 d-----w- c:\users\asta\appdata\roaming\uTorrent
2009-12-29 06:15:31 0 d-----w- c:\users\asta\.gimp-2.6
2009-12-29 06:14:20 0 d-----w- c:\program files\GIMP-2.0
2009-12-29 06:07:07 0 d-----w- c:\users\asta\appdata\roaming\Canneverbe_Limited
2009-12-29 06:07:03 0 d-----w- c:\programdata\Canneverbe Limited
2009-12-29 06:06:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-29 05:49:22 0 d-----w- c:\programdata\Nokia
2009-12-29 05:47:20 0 d-----w- c:\users\asta\appdata\roaming\Nokia Ovi Suite
2009-12-29 05:45:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-29 05:45:45 0 d-----w- c:\programdata\PC Suite
2009-12-29 05:44:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-29 05:42:21 0 d-----w- c:\program files\common files\Nokia
2009-12-29 05:42:00 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-29 05:41:51 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-29 05:41:26 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-29 05:40:30 0 d-----w- c:\programdata\OviInstallerCache
2009-12-29 05:40:29 0 d-----w- c:\program files\Nokia
2009-12-28 20:03:31 0 d-----w- c:\windows\Panther
2009-12-28 14:53:09 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-28 14:51:56 0 d-----r- c:\program files\Skype
2009-12-28 14:51:51 0 d-----w- c:\programdata\Skype
2009-12-28 14:32:02 689 ---ha-r- c:\windows\EPMBatch.ept
2009-12-28 14:30:53 11 ----a-w- c:\windows\EuBcd.ini
2009-12-28 14:28:52 0 d-----w- c:\program files\EASEUS
2009-12-28 14:06:54 0 d-----w- c:\program files\AskBarDis
2009-12-28 14:06:40 0 d-----w- c:\users\asta\appdata\roaming\Foxit
2009-12-28 14:06:39 0 d-----w- c:\program files\Foxit Software
2009-12-28 13:57:02 0 d-----w- c:\users\asta\appdata\roaming\OpenOffice.org
2009-12-28 13:55:52 0 d-----w- c:\program files\JRE
2009-12-28 13:55:49 0 d-----w- c:\program files\OpenOffice.org 3
2009-12-28 13:55:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 13:53:33 0 d-sh--w- c:\windows\Installer
2009-12-28 12:29:24 617232 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-28 12:29:24 37052 ----a-w- c:\windows\system32\perfd01D.dat
2009-12-28 12:29:24 294764 ----a-w- c:\windows\system32\perfi01D.dat
2009-12-28 12:29:24 120596 ----a-w- c:\windows\system32\perfc01D.dat
2009-12-28 12:28:34 0 d-----w- c:\windows\system32\XPSViewer
2009-12-28 12:28:34 0 d-----w- c:\windows\system32\sv
2009-12-28 12:28:32 0 d-----w- c:\windows\system32\drivers\sv-SE
2009-12-28 12:28:21 0 d-----w- c:\windows\system32\wbem\sv-SE
2009-12-28 12:27:56 0 d-----w- c:\windows\sv-SE
2009-12-28 12:16:11 44959992 ----a-w- C:\lp.cab
2009-12-28 12:01:52 0 d-----w- c:\programdata\Kaspersky SDK
2009-12-28 11:56:45 0 d-----w- c:\users\asta\appdata\roaming\MailFrontier
2009-12-28 11:52:16 72584 ----a-w- c:\windows\zllsputility.exe
2009-12-28 11:52:14 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-12-28 11:51:48 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-28 11:51:36 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-12-28 11:51:36 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-28 11:51:35 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-28 11:51:35 0 d-----w- c:\program files\Zone Labs
2009-12-28 11:50:45 0 d-----w- c:\programdata\CheckPoint
2009-12-28 11:50:44 0 d-----w- c:\windows\Internet Logs
2009-12-28 11:32:10 1002008 ----a-w- c:\windows\system32\igxpun.exe
2009-12-28 11:32:10 0 d-----w- c:\windows\system32\x64
2009-12-28 11:31:40 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-28 11:30:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-28 11:30:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-28 11:29:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 11:26:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-28 11:19:17 1442452 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-12-28 11:19:00 0 d-----w- c:\windows\system32\wbem\Performance
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr

==================== Find3M  ====================

2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:37:35,09 ===============

Till toppen av sidan

#6 hubalon

Medlem
65 inlägg

Skrivet 12 januari 2010 - 13:56

Glömde posta MBAM-loggen Här är den:
Malwarebytes' Anti-Malware 1.44
Databasversion: 3546
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2010-01-12 13:14:12
mbam-log-2010-01-12 (13-14-12).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 98106
Förfluten tid: 8 minute(s), 2 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 4

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Windows\Temp\rnjq.tmp\svchost.exe.vzr (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\xbxp.tmp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\jivt.tmp\svchost.exe.vzr (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\asta\AppData\Local\Temp\nvvscv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Till toppen av sidan

#7 Cecilia

Hedersmedlem
3 431 inlägg

Skrivet 12 januari 2010 - 14:23

Avinstallera följande om de finns:
Foxit Toolbar
AskBar
Ask Toolbar

Ta bort mappen c:\users\asta\temp

Citat

Spara ATF-Cleaner på Skrivbordet:

http://www.atribune..../click.php?id=1

Stäng av alla andra program, särskilt webbläsare.
Dubbelklicka på ATF-Cleaner.exe för att starta programmet.
Bocka i Select All. Tryck på Empty Selected.

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Tryck på Exit i Main-menyn för att stänga programmet.

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

Vad är det för ZoneAlarm-produkt du har? Du verkar ha alldeles för dåligt antivirusskydd.

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex:
http://www.idg.se/2.1085/1.164287
http://www.idg.se/2.1085/1.166702
Den är även nyttig på andra sätt se
http://www.idg.se/2....d-uac-i-windows
Kontrollera att den är påslagen och på högsta nivån för bästa skydd:
Kontrollpanelen - Säkerhetscenter - Andra säkerhetsinställningar (gäller Vista, men är troligen något liknande i Windows 7)

Starta om datorn och sök igenom med MBAM och DDS igen. Klistra in samma loggar som sist.

Till toppen av sidan

#8 hubalon

Medlem
65 inlägg

Skrivet 12 januari 2010 - 14:48

Malwarebytes' Anti-Malware 1.44
Databasversion: 3546
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2010-01-12 14:46:57
mbam-log-2010-01-12 (14-46-57).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 94929
Förfluten tid: 5 minute(s), 49 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)

Till toppen av sidan

#9 hubalon

Medlem
65 inlägg

Skrivet 12 januari 2010 - 14:52

DDS (Ver_09-12-01.01) - NTFSx86
Run by asta at 14:48:36,96 on 2010-01-12
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.46.1053.18.2038.1359 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\lxdjcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\asta\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\asta\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe"
mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\306313.lnk - c:\users\asta\appdata\local\temp\nvscv.exe
StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\asta\appdata\roaming\mozilla\firefox\profiles\yz26u1xf.default\
FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\users\asta\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color",               "#551A8B");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-29 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-29 8456]

=============== Created Last 30 ================

2010-01-12 12:00:25 0 d-----w- c:\users\asta\appdata\roaming\Malwarebytes
2010-01-12 12:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 12:00:13 0 d-----w- c:\programdata\Malwarebytes
2010-01-12 12:00:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 12:00:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 15:17:58 0 d-----w- c:\program files\MSXML 4.0
2009-12-30 11:06:58 0 d-----w- c:\users\asta\appdata\roaming\TeamViewer
2009-12-30 11:06:48 0 d-----w- c:\program files\TeamViewer
2009-12-30 07:18:01 0 d-----w- c:\program files\Media Center Plugin
2009-12-29 09:50:24 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-12-29 09:50:24 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-12-29 09:50:24 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-12-29 09:50:24 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-12-29 09:50:24 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2009-12-29 09:34:27 0 d-----w- c:\program files\Speccy
2009-12-29 08:33:38 0 d-----w- c:\users\asta\appdata\roaming\Lexmark Imaging Studio
2009-12-29 08:30:05 0 d-----w- c:\program files\Lx_cats
2009-12-29 08:28:00 0 d-----w- c:\program files\Lexmark 1400 Series
2009-12-29 06:36:54 0 d-----w- c:\program files\uTorrent
2009-12-29 06:35:59 0 d-----w- c:\users\asta\appdata\roaming\uTorrent
2009-12-29 06:15:31 0 d-----w- c:\users\asta\.gimp-2.6
2009-12-29 06:14:20 0 d-----w- c:\program files\GIMP-2.0
2009-12-29 06:07:07 0 d-----w- c:\users\asta\appdata\roaming\Canneverbe_Limited
2009-12-29 06:07:03 0 d-----w- c:\programdata\Canneverbe Limited
2009-12-29 06:06:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-29 05:49:22 0 d-----w- c:\programdata\Nokia
2009-12-29 05:47:20 0 d-----w- c:\users\asta\appdata\roaming\Nokia Ovi Suite
2009-12-29 05:45:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-29 05:45:45 0 d-----w- c:\programdata\PC Suite
2009-12-29 05:44:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-29 05:42:21 0 d-----w- c:\program files\common files\Nokia
2009-12-29 05:42:00 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-29 05:41:51 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-29 05:41:26 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-29 05:40:30 0 d-----w- c:\programdata\OviInstallerCache
2009-12-29 05:40:29 0 d-----w- c:\program files\Nokia
2009-12-28 20:03:31 0 d-----w- c:\windows\Panther
2009-12-28 14:53:09 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-28 14:51:56 0 d-----r- c:\program files\Skype
2009-12-28 14:51:51 0 d-----w- c:\programdata\Skype
2009-12-28 14:32:02 689 ---ha-r- c:\windows\EPMBatch.ept
2009-12-28 14:30:53 11 ----a-w- c:\windows\EuBcd.ini
2009-12-28 14:28:52 0 d-----w- c:\program files\EASEUS
2009-12-28 14:06:40 0 d-----w- c:\users\asta\appdata\roaming\Foxit
2009-12-28 14:06:39 0 d-----w- c:\program files\Foxit Software
2009-12-28 13:57:02 0 d-----w- c:\users\asta\appdata\roaming\OpenOffice.org
2009-12-28 13:55:52 0 d-----w- c:\program files\JRE
2009-12-28 13:55:49 0 d-----w- c:\program files\OpenOffice.org 3
2009-12-28 13:55:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 13:53:33 0 d-sh--w- c:\windows\Installer
2009-12-28 12:29:24 617232 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-28 12:29:24 37052 ----a-w- c:\windows\system32\perfd01D.dat
2009-12-28 12:29:24 294764 ----a-w- c:\windows\system32\perfi01D.dat
2009-12-28 12:29:24 120596 ----a-w- c:\windows\system32\perfc01D.dat
2009-12-28 12:28:34 0 d-----w- c:\windows\system32\XPSViewer
2009-12-28 12:28:34 0 d-----w- c:\windows\system32\sv
2009-12-28 12:28:32 0 d-----w- c:\windows\system32\drivers\sv-SE
2009-12-28 12:28:21 0 d-----w- c:\windows\system32\wbem\sv-SE
2009-12-28 12:27:56 0 d-----w- c:\windows\sv-SE
2009-12-28 12:16:11 44959992 ----a-w- C:\lp.cab
2009-12-28 12:01:52 0 d-----w- c:\programdata\Kaspersky SDK
2009-12-28 11:56:45 0 d-----w- c:\users\asta\appdata\roaming\MailFrontier
2009-12-28 11:52:16 72584 ----a-w- c:\windows\zllsputility.exe
2009-12-28 11:52:14 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-12-28 11:51:48 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-28 11:51:36 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-12-28 11:51:36 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-28 11:51:35 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-28 11:51:35 0 d-----w- c:\program files\Zone Labs
2009-12-28 11:50:45 0 d-----w- c:\programdata\CheckPoint
2009-12-28 11:50:44 0 d-----w- c:\windows\Internet Logs
2009-12-28 11:32:10 1002008 ----a-w- c:\windows\system32\igxpun.exe
2009-12-28 11:32:10 0 d-----w- c:\windows\system32\x64
2009-12-28 11:31:40 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-28 11:30:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-28 11:30:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-28 11:29:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 11:26:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-28 11:19:17 1442452 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-12-28 11:19:00 0 d-----w- c:\windows\system32\wbem\Performance
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr

==================== Find3M  ====================

2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:50:25,86 ===============

Till toppen av sidan

#10 hubalon

Medlem
65 inlägg

Skrivet 12 januari 2010 - 15:00

Jag har skruvat upp UAC.
Avinstallerat ASK Toolbar.
Rensat Cookies
Jag använder ZA Internet Security Suit.
Men Trojan-Dropper droppar troget in ändå.
Jag skall göra omstart, kanske inte UAC-ändringen "tar" annars.

Till toppen av sidan

#11 Cecilia

Hedersmedlem
3 431 inlägg

Skrivet 12 januari 2010 - 15:48

UAC skyddar ju framför allt genom att stoppa något från att komma in, det kan nog inte göra mycket nu när de skadliga filerna redan finns i datorn.

Vad är det för årsmodell på ZA? Det verkar inte innehålla något rootkit-skydd alls och det är en nödvändighet i dagens läge.

Kommer det här från något crackat program eller keygen? Det tycks vara väldigt vanligt i alla fall. Då måste du avinstallera det programmet för att vara säker på att det går att få bort de skadliga filerna.

Finns det något i Start-menyn - Program - Autostart?

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här. Upprepa med nästa filnamn.
C:\Windows\Explorer.EXE
C:\Windows\system32\userinit.EXE

Till toppen av sidan

#12 hubalon

Medlem
65 inlägg

Skrivet 12 januari 2010 - 16:12

Fil explorer.exe mottagen 2010.01.11 22:23:48 (UTC)
Närvarande status: genomförd
Resultat: 0/41 (0.00%)
Compact
Skriv ut resultat
Antivirus Version Senaste Uppdatering Resultat
a-squared 4.5.0.48 2010.01.11 -
AhnLab-V3 5.0.0.2 2010.01.11 -
AntiVir 7.9.1.134 2010.01.11 -
Antiy-AVL 2.0.3.7 2010.01.11 -
Authentium 5.2.0.5 2010.01.11 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.11 -
BitDefender 7.2 2010.01.11 -
CAT-QuickHeal 10.00 2010.01.11 -
ClamAV 0.94.1 2010.01.11 -
Comodo 3550 2010.01.11 -
DrWeb 5.0.1.12222 2010.01.11 -
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7229 2010.01.11 -
F-Prot 4.5.1.85 2010.01.10 -
F-Secure 9.0.15370.0 2010.01.11 -
Fortinet 4.0.14.0 2010.01.09 -
GData 19 2010.01.11 -
Ikarus T3.1.1.80.0 2010.01.11 -
Jiangmin 13.0.900 2010.01.11 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.11 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 -
McAfee-GW-Edition 6.8.5 2010.01.11 -
Microsoft 1.5302 2010.01.11 -
NOD32 4762 2010.01.11 -
Norman 6.04.03 2010.01.11 -
nProtect 2009.1.8.0 2010.01.11 -
Panda 10.0.2.2 2010.01.11 -
PCTools 7.0.3.5 2010.01.11 -
Prevx 3.0 2010.01.11 -
Rising 22.30.00.05 2010.01.11 -
Sophos 4.49.0 2010.01.11 -
Sunbelt 3.2.1858.2 2010.01.11 -
Symantec 20091.2.0.41 2010.01.11 -
TheHacker 6.5.0.3.146 2010.01.11 -
TrendMicro 9.120.0.1004 2010.01.11 -
VBA32 3.12.12.1 2010.01.11 -
ViRobot 2010.1.11.2130 2010.01.11 -
VirusBuster 5.0.21.0 2010.01.11

Fil userinit.exe mottagen 2010.01.10 20:17:18 (UTC)
Närvarande status: genomförd
Resultat: 0/41 (0.00%)
Compact
Skriv ut resultat
Antivirus Version Senaste Uppdatering Resultat
a-squared 4.5.0.48 2010.01.10 -
AhnLab-V3 5.0.0.2 2010.01.10 -
AntiVir 7.9.1.134 2010.01.10 -
Antiy-AVL 2.0.3.7 2010.01.08 -
Authentium 5.2.0.5 2010.01.10 -
Avast 4.8.1351.0 2010.01.10 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.10 -
CAT-QuickHeal 10.00 2010.01.09 -
ClamAV 0.94.1 2010.01.09 -
Comodo 3536 2010.01.10 -
DrWeb 5.0.1.12222 2010.01.10 -
eSafe 7.0.17.0 2010.01.10 -
eTrust-Vet 35.2.7226 2010.01.08 -
F-Prot 4.5.1.85 2010.01.10 -
F-Secure 9.0.15370.0 2010.01.10 -
Fortinet 4.0.14.0 2010.01.09 -
GData 19 2010.01.10 -
Ikarus T3.1.1.80.0 2010.01.10 -
Jiangmin 13.0.900 2010.01.10 -
K7AntiVirus 7.10.943 2010.01.09 -
Kaspersky 7.0.0.125 2010.01.10 -
McAfee 5857 2010.01.10 -
McAfee+Artemis 5857 2010.01.10 -
McAfee-GW-Edition 6.8.5 2010.01.10 -
Microsoft 1.5302 2010.01.10 -
NOD32 4759 2010.01.10 -
Norman 6.04.03 2010.01.10 -
nProtect 2009.1.8.0 2010.01.10 -
Panda 10.0.2.2 2010.01.10 -
PCTools 7.0.3.5 2010.01.10 -
Prevx 3.0 2010.01.10 -
Rising 22.29.06.04 2010.01.10 -
Sophos 4.49.0 2010.01.10 -
Sunbelt 3.2.1858.2 2010.01.10 -
Symantec 20091.2.0.41 2010.01.10 -
TheHacker 6.5.0.3.145 2010.01.10 -
TrendMicro 9.120.0.1004 2010.01.10 -
VBA32 3.12.12.1 2010.01.09 -
ViRobot 2010.1.8.2128 2010.01.08 -
VirusBuster 5.0.21.0 2010.01.10 -

Till toppen av sidan

#13 hubalon

Medlem
65 inlägg

Skrivet 12 januari 2010 - 16:25

Senaste ZAISS (2010)
Inga "fulprogram"
I mappen Autostart = OpenOffice.org.3.1

Till toppen av sidan

#14 Cecilia

Hedersmedlem
3 431 inlägg

Skrivet 12 januari 2010 - 17:04

Det var ju bra att det inte var en virut-infektion för det brukar vara en vanlig kombination med C:\Users\asta\AppData\Local\Temp\nvvscv.exe.

Spara ComboFix på Skrivbordet:
http://download.blee...Bs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.
Hur? Se http://www.bleepingc...opic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Till toppen av sidan

#15 hubalon

Medlem
65 inlägg

Skrivet 12 januari 2010 - 19:34

ComboFix 10-01-11.04 - asta 2010-01-12  17:17:34.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.46.1053.18.2038.1143 [GMT 1:00]
Körs från: c:\users\asta\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Andra raderingar   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-583907252-1500820517-725345543-1004
c:\windows\system32\ujvh.dro

----- BITS: Troligen infekterade webbplatser -----

hxxp://nds1.nokia.com
.
((((((((((((((((((((((((   Filer Skapade från 2009-12-12 till 2010-01-12  ))))))))))))))))))))))))))))))
.

2010-01-12 18:12 . 2010-01-12 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-12 16:13 . 2010-01-12 16:14 -------- d-----w- C:\32788R22FWJFW
2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\users\asta\AppData\Roaming\Malwarebytes
2010-01-12 12:00 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\programdata\Malwarebytes
2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 12:00 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 16:14 . 2010-01-10 16:14 -------- d-----w- c:\users\asta\AppData\Local\Diagnostics
2009-12-30 15:17 . 2009-12-30 15:17 -------- d-----w- c:\program files\MSXML 4.0
2009-12-30 11:27 . 2009-12-30 11:27 -------- d-----w- c:\users\asta\AppData\Local\Mozilla
2009-12-30 11:06 . 2010-01-06 07:04 -------- d-----w- c:\users\asta\AppData\Roaming\TeamViewer
2009-12-30 11:06 . 2009-12-30 11:06 -------- d-----w- c:\program files\TeamViewer
2009-12-30 07:20 . 2009-12-30 07:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-12-30 07:20 . 2009-12-30 07:20 346944 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-30 07:18 . 2009-12-30 07:18 -------- d-----w- c:\program files\Media Center Plugin
2009-12-29 09:50 . 2009-11-05 15:38 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-12-29 09:50 . 2009-09-16 15:55 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-12-29 09:50 . 2009-09-14 08:21 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-12-29 09:50 . 2009-08-26 11:45 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2009-12-29 09:50 . 2009-04-22 13:28 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-12-29 09:34 . 2009-12-29 09:34 567296 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5FC672F4-A4D4-EB5D-F32A-29F02DEC8C47}-VersitConverter.dll
2009-12-29 09:34 . 2009-12-29 09:34 -------- d-----w- c:\program files\Speccy
2009-12-29 08:33 . 2009-12-29 08:33 -------- d-----w- c:\users\asta\AppData\Roaming\Lexmark Imaging Studio
2009-12-29 08:30 . 2009-12-30 08:41 -------- d-----w- c:\program files\Lx_cats
2009-12-29 08:29 . 2007-02-27 04:16 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdjdrpp.dll
2009-12-29 06:36 . 2009-12-29 06:36 -------- d-----w- c:\program files\uTorrent
2009-12-29 06:35 . 2009-12-29 09:48 -------- d-----w- c:\users\asta\AppData\Roaming\uTorrent
2009-12-29 06:23 . 2009-12-29 06:23 45608 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{7952B7FB-4830-63CE-14DB-3AE918E91E8E}-whirl-pinch.exe
2009-12-29 06:23 . 2009-12-29 06:23 45104 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{2A39E020-37BC-22B8-6E02-ED751AD07221}-wind.exe
2009-12-29 06:20 . 2009-12-29 06:20 -------- d-----w- c:\program files\Google
2009-12-29 06:15 . 2009-12-29 06:19 -------- d-----w- c:\users\asta\.gimp-2.6
2009-12-29 06:14 . 2009-12-29 06:14 -------- d-----w- c:\program files\GIMP-2.0
2009-12-29 06:07 . 2009-12-29 06:07 -------- d-----w- c:\users\asta\AppData\Roaming\Canneverbe_Limited
2009-12-29 06:07 . 2009-12-29 06:07 -------- d-----w- c:\programdata\Canneverbe Limited
2009-12-29 06:06 . 2009-09-28 19:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-29 06:06 . 2009-12-29 06:10 -------- d-----w- c:\program files\CDBurnerXP
2009-12-29 06:03 . 2010-01-07 11:00 -------- d-----w- c:\users\asta\AppData\Roaming\ImgBurn
2009-12-29 06:02 . 2009-12-29 06:03 -------- d-----w- c:\program files\ImgBurn
2009-12-29 05:49 . 2009-12-29 05:49 -------- d-----w- c:\programdata\Nokia
2009-12-29 05:47 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\Nokia Ovi Suite
2009-12-29 05:47 . 2009-12-29 05:47 77824 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{74AB8BEF-101B-83AD-06E7-0DA8E8D00CCC}-Run_XML6_SP1.exe
2009-12-29 05:45 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\Nokia
2009-12-29 05:45 . 2009-12-29 05:45 -------- d-----w- c:\users\asta\AppData\Local\Nokia
2009-12-29 05:45 . 2009-12-29 05:45 -------- d-----w- c:\programdata\PC Suite
2009-12-29 05:45 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\PC Suite
2009-12-29 05:45 . 2009-12-29 05:46 -------- d-----w- c:\users\asta\AppData\Local\NokiaAccount
2009-12-29 05:42 . 2009-12-29 05:42 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-29 05:42 . 2009-12-29 05:42 -------- d-----w- c:\program files\DIFX
2009-12-28 20:03 . 2009-12-28 11:25 -------- d-----w- c:\windows\Panther
2009-12-28 15:05 . 2009-12-28 15:05 -------- d-----w- c:\users\asta\AppData\Local\ElevatedDiagnostics
2009-12-28 14:53 . 2010-01-06 15:04 -------- d-----w- c:\users\asta\AppData\Roaming\skypePM
2009-12-28 14:52 . 2010-01-06 16:05 -------- d-----w- c:\users\asta\AppData\Roaming\Skype
2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----w- c:\program files\Common Files\Skype
2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----r- c:\program files\Skype
2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----w- c:\programdata\Skype
2009-12-28 14:28 . 2009-12-29 09:49 -------- d-----w- c:\program files\EASEUS
2009-12-28 13:35 . 2009-12-28 13:35 -------- d-----w- c:\windows\system32\Macromed
2009-12-28 12:29 . 2010-01-12 09:30 617232 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-28 12:29 . 2010-01-12 09:30 120596 ----a-w- c:\windows\system32\perfc01D.dat
2009-12-28 12:29 . 2009-12-28 12:27 37052 ----a-w- c:\windows\system32\perfd01D.dat
2009-12-28 12:29 . 2009-12-28 12:27 294764 ----a-w- c:\windows\system32\perfi01D.dat
2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\sv
2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\drivers\sv-SE
2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\sv-SE
2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\wbem\sv-SE
2009-12-28 12:27 . 2009-12-28 12:27 -------- d-----w- c:\windows\sv-SE
2009-12-28 12:01 . 2009-12-28 12:01 -------- d-----w- c:\programdata\Kaspersky SDK
2009-12-28 11:56 . 2009-12-28 11:56 -------- d-----w- c:\users\asta\AppData\Roaming\MailFrontier
2009-12-28 11:52 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2009-12-28 11:52 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-12-28 11:51 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-28 11:51 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-28 11:51 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-28 11:51 . 2010-01-06 06:56 -------- d-----w- c:\windows\system32\ZoneLabs
2009-12-28 11:51 . 2009-10-17 00:41 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-12-28 11:51 . 2009-12-28 11:51 -------- d-----w- c:\program files\Zone Labs
2009-12-28 11:50 . 2009-12-28 11:50 -------- d-----w- c:\programdata\CheckPoint
2009-12-28 11:50 . 2010-01-12 18:09 -------- d-----w- c:\windows\Internet Logs
2009-12-28 11:37 . 2009-12-29 06:21 -------- d-----w- c:\users\asta\AppData\Local\Google
2009-12-28 11:37 . 2009-12-29 06:07 61736 ----a-w- c:\users\asta\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-28 11:37 . 2009-12-28 11:37 -------- d-----w- c:\users\asta\AppData\Local\Deployment
2009-12-28 11:37 . 2009-12-28 11:37 -------- d-----w- c:\users\asta\AppData\Local\Apps
2009-12-28 11:32 . 2009-12-28 11:32 -------- d-----w- c:\windows\system32\x64
2009-12-28 11:32 . 2009-09-11 16:15 1002008 ----a-w- c:\windows\system32\igxpun.exe
2009-12-28 11:31 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-28 11:30 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-28 11:29 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 11:26 . 2009-12-28 11:26 -------- d-----w- c:\program files\Common Files\logishrd
2009-12-28 11:19 . 2010-01-12 09:30 -------- d-----w- c:\windows\system32\wbem\Performance
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 18:08 . 2010-01-12 18:08 699983 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-12 14:01 . 2009-12-28 11:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-12 12:15 . 2010-01-12 12:16 2237952 ----a-w- c:\windows\Internet Logs\xDB66C0.tmp
2010-01-12 12:15 . 2010-01-12 12:16 627712 ----a-w- c:\windows\Internet Logs\xDB651A.tmp
2010-01-12 08:39 . 2010-01-12 08:41 2217472 ----a-w- c:\windows\Internet Logs\xDB88FF.tmp
2010-01-11 09:28 . 2010-01-11 09:30 2214400 ----a-w- c:\windows\Internet Logs\xDB62BA.tmp
2010-01-09 18:03 . 2010-01-10 15:45 190464 ----a-w- c:\windows\Internet Logs\xDB673C.tmp
2010-01-09 18:03 . 2010-01-10 15:45 2210816 ----a-w- c:\windows\Internet Logs\xDB6885.tmp
2010-01-05 15:31 . 2010-01-06 06:44 2169856 ----a-w- c:\windows\Internet Logs\xDB3DB3.tmp
2010-01-05 15:31 . 2010-01-06 06:44 155648 ----a-w- c:\windows\Internet Logs\xDB3C47.tmp
2010-01-01 16:15 . 2010-01-02 14:23 2168320 ----a-w- c:\windows\Internet Logs\xDB3CF2.tmp
2009-12-29 16:39 . 2009-12-30 07:07 2134016 ----a-w- c:\windows\Internet Logs\xDB49CE.tmp
2009-12-29 16:39 . 2009-12-30 07:07 311296 ----a-w- c:\windows\Internet Logs\xDB474E.tmp
2009-12-29 08:28 . 2009-12-29 08:28 -------- d-----w- c:\program files\Lexmark 1400 Series
2009-12-29 06:10 . 2009-12-29 06:10 1895936 ----a-w- c:\windows\Internet Logs\xDB4397.tmp
2009-12-29 05:45 . 2009-12-29 05:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-29 05:44 . 2009-12-29 05:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-29 05:42 . 2009-12-29 05:40 -------- d-----w- c:\program files\Nokia
2009-12-29 05:41 . 2009-12-29 05:41 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-29 05:40 . 2009-12-29 05:40 12212040 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-29 05:40 . 2009-12-29 05:40 13930312 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-29 05:40 . 2009-12-29 05:40 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-29 05:40 . 2009-12-29 05:40 61440 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-29 05:40 . 2009-12-29 05:40 58880 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-29 05:40 . 2009-12-29 05:40 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-29 05:40 . 2009-12-29 05:40 -------- d-----w- c:\programdata\OviInstallerCache
2009-12-29 05:40 . 2009-12-29 05:40 95992424 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2009-12-29 05:23 . 2009-12-29 06:10 8704 ----a-w- c:\windows\Internet Logs\xDB4210.tmp
2009-12-28 16:26 . 2009-12-29 05:23 165888 ----a-w- c:\windows\Internet Logs\xDB42BC.tmp
2009-12-28 15:33 . 2009-12-28 13:54 -------- d-----w- c:\program files\Java
2009-12-28 14:53 . 2009-12-28 14:53 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-28 14:32 . 2009-12-28 14:46 103424 ----a-w- c:\windows\Internet Logs\xDBE64A.tmp
2009-12-28 14:32 . 2009-12-28 14:46 1784832 ----a-w- c:\windows\Internet Logs\xDBF0B7.tmp
2009-12-28 14:06 . 2009-12-28 14:06 -------- d-----w- c:\users\asta\AppData\Roaming\Foxit
2009-12-28 14:06 . 2009-12-28 13:39 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-28 14:06 . 2009-12-28 14:06 -------- d-----w- c:\program files\Foxit Software
2009-12-28 13:57 . 2009-12-28 13:57 1 ----a-w- c:\users\asta\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-28 13:57 . 2009-12-28 13:57 -------- d-----w- c:\users\asta\AppData\Roaming\OpenOffice.org
2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\program files\JRE
2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-28 13:40 . 2009-12-28 13:40 -------- d-----w- c:\users\asta\AppData\Roaming\Thunderbird
2009-12-28 12:31 . 2009-12-28 12:32 68608 ----a-w- c:\windows\Internet Logs\xDBBA99.tmp
2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2009-12-28 12:28 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2009-12-28 12:28 . 2009-07-14 07:49 -------- d-----w- c:\program files\Windows Journal
2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2009-12-28 12:27 . 2009-12-28 12:28 37052 ----a-w- c:\windows\inf\PERFLIB\041D\perfd.dat
2009-12-28 12:27 . 2009-12-28 12:28 37052 ----a-w- c:\windows\inf\PERFLIB\041D\perfc.dat
2009-12-28 12:27 . 2009-12-28 12:28 294764 ----a-w- c:\windows\inf\PERFLIB\041D\perfi.dat
2009-12-28 12:27 . 2009-12-28 12:28 294764 ----a-w- c:\windows\inf\PERFLIB\041D\perfh.dat
2009-12-28 11:52 . 2009-12-28 11:51 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-28 11:30 . 2009-12-28 11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((   Startpunkter i registret   )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not*  Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-28 135664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2009-04-27 25256]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\users\asta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [2009-07-14 48128]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\System32\drivers\KMWDFILTER.sys [2009-04-29 25088]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\System32\drivers\Dnetr28u.sys [2009-08-06 750592]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [2009-12-29 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [2009-12-29 8456]
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3128610318-2832286723-3432330886-1000Core.job
- c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-28 11:37]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3128610318-2832286723-3432330886-1000UA.job
- c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-28 11:37]
.
.
------- Extra genomsökning -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\asta\AppData\Roaming\Mozilla\Firefox\Profiles\yz26u1xf.default\
FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\users\asta\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICY ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85950841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84cace88
QueryNameProcedure -> 0x84caa558
user & kernel MBR OK

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2010-01-12  19:19:06
ComboFix-quarantined-files.txt  2010-01-12 18:19

Före genomsökningen: 103 284 056 064 byte ledigt
Efter genomsökningen: 103 593 152 512 byte ledigt

- - End Of File - - 9050C8F7AC4A72534FEE55B2B0E4477B

Till toppen av sidan

#16 Cecilia

Hedersmedlem
3 431 inlägg

Skrivet 12 januari 2010 - 22:00

1. Spara denna fil på Skrivbordet:
http://download.blee.../Win32kDiag.exe
Kör programmet.
När det är klart så skapas en loggfil Win32kDiag.txt på Skrivbordet. Klistra in den i ditt svar.

2. Spara denna fil på Skrivbordet:
http://rootrepeal.go.../RootRepeal.zip
Packa upp zip-filen (extrahera) så att du får en programfil.

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.
Hur? Se http://www.bleepingc...opic114351.html

Starta RootRepeal (i Vista och Windows 7 som vanligt genom att högerklicka på ikonen och välja Kör som administratör).
Välj Report-fliken och tryck på Scan.
Bocka för alla sju valen och tryck sedan på Yes/Ja.
Välj C: och tryck Ok.
Det tar ett tag för RootRepeal att söka igenom C:.
När sökningen är klar så tryck på Save Report och spara den med namnet rootrepeal.log.
Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.
Klistra in innehållet i rootrepeal.log i ditt svar.

3. Spara Gmer på Skrivbordet från en av dessa sidor:
http://www.gmer.net/files.php välj Gmer application
http://www.majorgeek...GMER_d5198.html
Packa upp filen till Skrivbordet.
Dra ur internetanslutningen.
Stäng alla program, även antivirusprogram och brandvägg.
Starta programmet gmer.exe.
Om det kommer upp en fråga om "scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.
Tryck på Save och spara resultatet på Skrivbordet.
Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.
Klistra in resultatet i ditt svar.

Till toppen av sidan

#17 hubalon

Medlem
65 inlägg

Skrivet 13 januari 2010 - 05:38

Running from: C:\Users\asta\Desktop\Win32kDiag.exe

Log file at : C:\Users\asta\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2010-01-13 05:18:27 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl

[1] 2010-01-13 05:20:43 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl

[1] 2010-01-13 05:18:35 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl ()

Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat

[1] 2009-12-28 16:23:18 8192 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat ()

Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1

[1] 2009-12-28 16:23:17 5120 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 ()

Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2

[1] 2009-12-28 16:23:17 0 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 ()

Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TM.blf

[1] 2009-12-28 16:23:17 65536 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TM.blf ()

Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000001.regtrans-ms

[1] 2009-12-28 16:23:17 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000001.regtrans-ms ()

Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000002.regtrans-ms

[1] 2009-12-28 16:23:17 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000002.regtrans-ms ()

Finished!

Till toppen av sidan

#18 hubalon

Medlem
65 inlägg

Skrivet 13 januari 2010 - 05:54

2. Kan inte köra Root Repeal

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP0
Exception Code: 0xc0000005
Exception Address: 0x00422bf2
Attempt to read from address: 0x00000004

Till toppen av sidan

#19 hubalon

Medlem
65 inlägg

Skrivet 13 januari 2010 - 06:16

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-13 06:13:25
Windows 6.1.7600
Running: 2j9gm4sv.exe; Driver: C:\Users\asta\AppData\Local\Temp\kxldrpow.sys

---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwAlpcConnectPort [0x8DD3A7D6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwAlpcCreatePort [0x8DD3B0A6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwConnectPort [0x8DD3A22C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwCreateFile [0x8DD337EA]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwCreateKey [0x8DD5208A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwCreatePort [0x8DD3AD36]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwCreateProcess [0x8DD4E5F4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwCreateProcessEx [0x8DD4EA1C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwCreateSection [0x8DD5697A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwCreateUserProcess [0x8DD4EE90]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwCreateWaitablePort [0x8DD3AE94]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwDeleteFile [0x8DD346B6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwDeleteKey [0x8DD53AAA]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwDeleteValueKey [0x8DD5339E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwDuplicateObject [0x8DD4D42E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwLoadKey [0x8DD54478]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwLoadKey2 [0x8DD546B6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwLoadKeyEx [0x8DD54B68]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwMapViewOfSection [0x8DD56D38]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwOpenFile [0x8DD341A4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwOpenProcess [0x8DD50652]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwRenameKey [0x8DD55912]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwReplaceKey [0x8DD54E32]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwRequestWaitReplyPort [0x8DD39DC0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwRestoreKey [0x8DD55550]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwSecureConnectPort [0x8DD3A4F8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwSetInformationFile [0x8DD34AC2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwSetSecurityObject [0x8DD55E9C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwSetValueKey [0x8DD52ABE]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwSystemDebugControl [0x8DD4F71A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)  ZwTerminateProcess [0x8DD4F44A]

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                        82834AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                        82834104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                        828343F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                        8281D2D8
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                        8281C898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                        828341DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                        82834958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                        828346F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                        82834F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                        828351A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                 82894579 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                          828B8F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 248                                                                             828C0748 8 Bytes  [D6, A7, D3, 8D, A6, B0, D3, ...] {SALC ; CMPSD ; ROR DWORD [EBP-0x722c4f5a], CL}
.text           ntkrnlpa.exe!RtlSidHashLookup + 2DC                                                                             828C07DC 4 Bytes  [2C, A2, D3, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2F8                                                                             828C07F8 4 Bytes  JMP 958DD337
.text           ntkrnlpa.exe!RtlSidHashLookup + 308                                                                             828C0808 4 Bytes  [8A, 20, D5, 8D] {MOV AH, [EAX]; AAD 0x8d}
.text           ntkrnlpa.exe!RtlSidHashLookup + 324                                                                             828C0824 4 Bytes  [36, AD, D3, 8D]
.text           ...
.text           peauth.sys                                                                                                      A961DC9D 28 Bytes  [0F, 9F, DF, B7, 2E, 5E, 52, ...]
.text           peauth.sys                                                                                                      A961DCC1 28 Bytes  [0F, 9F, DF, B7, 2E, 5E, 52, ...]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[644] ole32.dll!CoCreateInstance                                                 775A57FC 5 Bytes  JMP 005D000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                             [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                              [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                       [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                         [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                        [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                            [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                             [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                      [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                         [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                       [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                             [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                              [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000044                                                                               halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                        fltmgr.sys (Filterhanteraren för Microsofts filsystem/Microsoft Corporation)

Device           -> \Driver\atapi \Device\Harddisk0\DR0                                                                         8594E841

---- Files - GMER 1.0.15 ----

File            C:\Windows\system32\drivers\atapi.sys                                                                           suspicious modification

---- EOF - GMER 1.0.15 ----

Till toppen av sidan

#20 nothing

Medlem
35 inlägg

Skrivet 13 januari 2010 - 08:25

tja har precis genomlidit detta på min bärbara med 7 home premiu o microsoft security essential som inte tog denna
dök upp igen bytte plats osv
o min lösning vart en testversion av nod32 testade diverse sätt malwarebytes osv mm
mvh nothing (varit oinfekterad i 24 timmar iaf)