Archived

This topic is now archived and is closed to further replies.

MaPe

Antimalware Doctor

22 posts in this topic

Hej,

Har problem med Antimalware Doctor. Med jämna mellanrum dyker det upp varningsrutor för virusangrepp eller intrångsförsök blandat med uppmaningar om att registrera och köpa produkten.

Ibland minimeras alla öppna fönster och man uppmanas att registrera, svarar man nej kommer öppna fönster tillbaka.

Antimalware Doctor dök upp som en post i Alla program, men Uninstall-kommandot tog enbart bort genvägen därifrån - allt annat verkar vara kvar. Genvägen gick till "C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe"

Förutom lss700dbgg.exe finns även enemies-names.txt, local.ini, lsrslt.ini och upd_debug.exe i denna mapp.

Tacksam för hjälp att bli av med detta.

Hälsningar

Mape

PS. När jag skulle skapa tråden i forumet från den angripna dator fick jag besked om att sidan inte kunde visas, så jag fick använda en annan.DS

Bifogar log från HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:09:00, on 2011-06-05

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Zzigei.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Trend Micro\HijackThis\mape.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [5GUTNY6MFK] C:\WINDOWS\Zzigei.exe

O4 - HKCU\..\Run: [R8388QA8U8] C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe

O4 - HKCU\..\Run: [Lzitaneyulexahe] rundll32.exe "C:\WINDOWS\stlgfg.dll",Startup

O4 - HKCU\..\Run: [lss700dbgg.exe] C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe

O4 - HKLM\..\Policies\Explorer\Run: [p7za4d] C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\h25lm4.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lägg till i Skydd mot webbannonser - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O9 - Extra button: &Virtuellt tangentbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: K&ontroll av webbadresser - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Visa eller dölj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O20 - Winlogon Notify: cryptnet32 - C:\WINDOWS\SYSTEM32\cryptnet32.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 10701 bytes

Share this post


Link to post
Share on other sites

Här kommer loggfilen och den andra bifogas.

Mape

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Magnus Petterson at 11:07:38 on 2011-06-05

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1383 [GMT 2:00]

.

AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\Zzigei.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Messenger\msmsgs.exe

svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\3\3Connect\AutoUpdateSrv.exe

C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.asus.com/

uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [5GUTNY6MFK] c:\windows\Zzigei.exe

uRun: [R8388QA8U8] c:\docume~1\magnus~1\locals~1\temp\Zwj.exe

uRun: [Lzitaneyulexahe] rundll32.exe "c:\windows\stlgfg.dll",Startup

uRun: [lss700dbgg.exe] c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe

mRun: [HControl] c:\windows\atk0100\HControl.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sMSERIAL] c:\windows\sm56hlpr.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe

mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe

mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1

mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

mExplorerRun: [p7za4d] c:\docume~1\magnus~1\locals~1\temp\h25lm4.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 93.188.162.74,93.188.161.7

Notify: cryptnet32 - cryptnet32.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]

R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]

R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]

S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]

.

=============== Created Last 30 ================

.

2011-06-04 21:37:12 26624 ----a-w- c:\windows\system32\dll.dll

2011-06-04 17:05:07 380928 --sha-w- c:\documents and settings\magnus petterson\local settings\application data\xaa.exe

2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage

2011-06-01 10:53:37 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

2011-06-01 10:53:01 -------- d-----w- c:\documents and settings\magnus petterson\application data\B0EAF52D001F49A536E12421F068CD55

2011-05-25 23:54:12 231424 ----a-w- c:\windows\Zzigek.exe

2011-05-22 13:02:21 -------- d-----w- c:\documents and settings\all users\application data\dC28601MlHgC28601

2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip

2011-05-21 14:08:27 152064 ----a-w- c:\windows\Zzigej.exe

2011-05-21 07:32:59 152064 ----a-w- c:\windows\Zzigei.exe

2011-05-20 06:26:50 152064 ----a-w- c:\windows\Zzigeh.exe

2011-05-19 17:35:55 152064 ----a-w- c:\windows\Zzigeg.exe

2011-05-19 17:35:46 152064 ----a-w- c:\windows\Zzigef.exe

2011-05-19 05:04:24 152064 ----a-w- c:\windows\Zzigee.exe

2011-05-17 15:19:43 152064 ----a-w- c:\windows\Zziged.exe

2011-05-17 05:16:59 152064 ----a-w- c:\windows\Zzigec.exe

2011-05-16 07:38:01 152064 ----a-w- c:\windows\Zzigeb.exe

2011-05-16 07:37:50 152064 ----a-w- c:\windows\Zzigea.exe

.

==================== Find3M ====================

.

2011-05-12 12:05:08 296992 ----a-w- c:\windows\system32\shimg.dll

2011-04-24 00:40:06 49152 ----a-w- c:\windows\system32\cryptnet32.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD1600BEKT-00F3T0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A65E6F0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a664a10]; MOV EAX, [0x8a664a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6DAAB8]

3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000072[0x8A6B23B8]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A6E0940]

\Driver\atapi[0x8A6D4270] -> IRP_MJ_CREATE -> 0x8A65E6F0

error: Read En enhet som är ansluten till datorn fungerar inte.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A65E53B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 11:09:18,59 ===============

attach.txt

Share this post


Link to post
Share on other sites

1.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

Klicka på Start Scan.

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

2.

Starta om datorn.

Kör DDS igen och klistra in DDS.txt.

Share this post


Link to post
Share on other sites

Det var två loggar, strax efter start kom några dialogrutor från "Doctorn", ser ut som om loggen kom av sig och började om:

Nr1:

2011/06/05 13:05:59.0187 3020 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/06/05 13:05:59.0218 3020 ================================================================================

2011/06/05 13:05:59.0218 3020 SystemInfo:

2011/06/05 13:05:59.0218 3020

2011/06/05 13:05:59.0218 3020 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/05 13:05:59.0218 3020 Product type: Workstation

2011/06/05 13:05:59.0218 3020 ComputerName: YOUR-508DA2F984

2011/06/05 13:05:59.0218 3020 UserName: Magnus Petterson

2011/06/05 13:05:59.0218 3020 Windows directory: C:\WINDOWS

2011/06/05 13:05:59.0218 3020 System windows directory: C:\WINDOWS

2011/06/05 13:05:59.0218 3020 Processor architecture: Intel x86

2011/06/05 13:05:59.0218 3020 Number of processors: 2

2011/06/05 13:05:59.0218 3020 Page size: 0x1000

2011/06/05 13:05:59.0218 3020 Boot type: Normal boot

2011/06/05 13:05:59.0218 3020 ================================================================================

2011/06/05 13:06:00.0437 3020 Initialize success

2011/06/05 13:06:04.0640 5184 Deinitialize success

Nr2:

2011/06/05 13:06:38.0781 4792 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/06/05 13:06:38.0906 4792 ================================================================================

2011/06/05 13:06:38.0906 4792 SystemInfo:

2011/06/05 13:06:38.0906 4792

2011/06/05 13:06:38.0906 4792 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/05 13:06:38.0906 4792 Product type: Workstation

2011/06/05 13:06:38.0906 4792 ComputerName: YOUR-508DA2F984

2011/06/05 13:06:38.0906 4792 UserName: Magnus Petterson

2011/06/05 13:06:38.0906 4792 Windows directory: C:\WINDOWS

2011/06/05 13:06:38.0906 4792 System windows directory: C:\WINDOWS

2011/06/05 13:06:38.0906 4792 Processor architecture: Intel x86

2011/06/05 13:06:38.0906 4792 Number of processors: 2

2011/06/05 13:06:38.0921 4792 Page size: 0x1000

2011/06/05 13:06:38.0921 4792 Boot type: Normal boot

2011/06/05 13:06:38.0921 4792 ================================================================================

2011/06/05 13:06:40.0109 4792 Initialize success

2011/06/05 13:06:46.0750 5784 ================================================================================

2011/06/05 13:06:46.0750 5784 Scan started

2011/06/05 13:06:46.0750 5784 Mode: Manual;

2011/06/05 13:06:46.0750 5784 ================================================================================

2011/06/05 13:06:47.0234 5784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/05 13:06:47.0281 5784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/06/05 13:06:47.0328 5784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/05 13:06:47.0406 5784 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/06/05 13:06:47.0453 5784 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/06/05 13:06:47.0593 5784 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/06/05 13:06:47.0718 5784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/05 13:06:47.0750 5784 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/05 13:06:47.0796 5784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/05 13:06:47.0875 5784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/05 13:06:47.0921 5784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/05 13:06:47.0984 5784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/05 13:06:48.0015 5784 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/06/05 13:06:48.0109 5784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/05 13:06:48.0156 5784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/05 13:06:48.0203 5784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/05 13:06:48.0296 5784 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/06/05 13:06:48.0359 5784 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/06/05 13:06:48.0468 5784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/05 13:06:48.0531 5784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/05 13:06:48.0609 5784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/05 13:06:48.0656 5784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/05 13:06:48.0687 5784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/05 13:06:48.0765 5784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/05 13:06:48.0875 5784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/05 13:06:48.0953 5784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/06/05 13:06:49.0000 5784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/05 13:06:49.0062 5784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/06/05 13:06:49.0125 5784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/05 13:06:49.0171 5784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/05 13:06:49.0203 5784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/05 13:06:49.0265 5784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/05 13:06:49.0328 5784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/05 13:06:49.0390 5784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/05 13:06:49.0453 5784 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/06/05 13:06:49.0484 5784 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/06/05 13:06:49.0562 5784 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/06/05 13:06:49.0609 5784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/05 13:06:49.0687 5784 hwdatacard (008ada74e3028fced5145f4f74230d4b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

2011/06/05 13:06:49.0781 5784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/05 13:06:49.0843 5784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/05 13:06:50.0046 5784 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/06/05 13:06:50.0171 5784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/05 13:06:50.0218 5784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/05 13:06:50.0281 5784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/05 13:06:50.0328 5784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/05 13:06:50.0406 5784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/05 13:06:50.0484 5784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/05 13:06:50.0546 5784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/05 13:06:50.0609 5784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/05 13:06:50.0656 5784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/05 13:06:50.0718 5784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/05 13:06:50.0765 5784 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys

2011/06/05 13:06:50.0812 5784 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys

2011/06/05 13:06:50.0875 5784 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys

2011/06/05 13:06:50.0921 5784 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys

2011/06/05 13:06:50.0984 5784 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys

2011/06/05 13:06:51.0031 5784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/05 13:06:51.0078 5784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/05 13:06:51.0187 5784 lvupdtio (e6784b8d8ded6054d50139481edf6724) C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys

2011/06/05 13:06:51.0250 5784 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys

2011/06/05 13:06:51.0328 5784 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/06/05 13:06:51.0375 5784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/05 13:06:51.0406 5784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/05 13:06:51.0437 5784 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/06/05 13:06:51.0468 5784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/05 13:06:51.0609 5784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/05 13:06:51.0656 5784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/05 13:06:51.0718 5784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/05 13:06:51.0781 5784 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/05 13:06:51.0875 5784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/05 13:06:51.0921 5784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/05 13:06:51.0984 5784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/05 13:06:52.0046 5784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/05 13:06:52.0125 5784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/05 13:06:52.0171 5784 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/06/05 13:06:52.0234 5784 MTsensor (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys

2011/06/05 13:06:52.0281 5784 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/05 13:06:52.0328 5784 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/06/05 13:06:52.0390 5784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/05 13:06:52.0437 5784 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/06/05 13:06:52.0500 5784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/05 13:06:52.0562 5784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/05 13:06:52.0625 5784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/05 13:06:52.0718 5784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/05 13:06:52.0734 5784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/05 13:06:52.0796 5784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/05 13:06:52.0906 5784 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/06/05 13:06:52.0937 5784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/05 13:06:53.0000 5784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/05 13:06:53.0062 5784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/05 13:06:53.0156 5784 nv (392ad6a1676fbbc80fa1dad4c9955131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/06/05 13:06:53.0343 5784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/05 13:06:53.0390 5784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/05 13:06:53.0421 5784 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/06/05 13:06:53.0468 5784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/06/05 13:06:53.0531 5784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/05 13:06:53.0578 5784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/05 13:06:53.0625 5784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/05 13:06:53.0687 5784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/05 13:06:53.0734 5784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/05 13:06:53.0937 5784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/05 13:06:54.0000 5784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/05 13:06:54.0046 5784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/05 13:06:54.0078 5784 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/05 13:06:54.0187 5784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/05 13:06:54.0218 5784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/05 13:06:54.0296 5784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/05 13:06:54.0343 5784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/05 13:06:54.0390 5784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/05 13:06:54.0437 5784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/05 13:06:54.0484 5784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/05 13:06:54.0562 5784 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/05 13:06:54.0625 5784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/05 13:06:54.0703 5784 rimmptsk (b6e686aab08bc276d0000293f9fba0bb) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/06/05 13:06:54.0750 5784 rimsptsk (bcff51e0be86d6f0e2180e5142203527) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/06/05 13:06:54.0812 5784 RTL8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/06/05 13:06:54.0968 5784 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/06/05 13:06:55.0000 5784 s24trans (73ed6b5cac92f23f4610667b8eb8e8d6) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/06/05 13:06:55.0062 5784 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/06/05 13:06:55.0140 5784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/05 13:06:55.0218 5784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/06/05 13:06:55.0296 5784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/05 13:06:55.0375 5784 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/06/05 13:06:55.0453 5784 smserial (b8c571fbf5a4b341a95cdf0de74d7b11) C:\WINDOWS\system32\DRIVERS\smserial.sys

2011/06/05 13:06:55.0546 5784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/05 13:06:55.0625 5784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/05 13:06:55.0671 5784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/05 13:06:55.0750 5784 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/06/05 13:06:55.0828 5784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/05 13:06:55.0890 5784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/05 13:06:56.0078 5784 SynMini (03dc419b94c57adf3ab0fbf887b021f5) C:\WINDOWS\system32\Drivers\SynMini.sys

2011/06/05 13:06:56.0156 5784 SynScan (e4085705d8d7d4d1536d8ee907439a86) C:\WINDOWS\system32\Drivers\SynScan.sys

2011/06/05 13:06:56.0203 5784 SynTP (69bf2dd9b1099d1aa3e7cf14b4b842cd) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/06/05 13:06:56.0265 5784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/05 13:06:56.0359 5784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/05 13:06:56.0406 5784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/05 13:06:56.0468 5784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/05 13:06:56.0531 5784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/05 13:06:56.0593 5784 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

2011/06/05 13:06:56.0640 5784 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys

2011/06/05 13:06:56.0687 5784 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys

2011/06/05 13:06:56.0718 5784 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

2011/06/05 13:06:56.0750 5784 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

2011/06/05 13:06:56.0796 5784 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

2011/06/05 13:06:56.0843 5784 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

2011/06/05 13:06:56.0906 5784 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys

2011/06/05 13:06:56.0937 5784 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys

2011/06/05 13:06:57.0000 5784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/05 13:06:57.0078 5784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/05 13:06:57.0187 5784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/05 13:06:57.0234 5784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/05 13:06:57.0312 5784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/05 13:06:57.0390 5784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/05 13:06:57.0437 5784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/05 13:06:57.0484 5784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/05 13:06:57.0546 5784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/05 13:06:57.0609 5784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/05 13:06:57.0687 5784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/05 13:06:57.0781 5784 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/06/05 13:06:57.0890 5784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/05 13:06:57.0984 5784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/05 13:06:58.0109 5784 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/06/05 13:06:58.0203 5784 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/06/05 13:06:58.0203 5784 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/06/05 13:06:58.0203 5784 ================================================================================

2011/06/05 13:06:58.0203 5784 Scan finished

2011/06/05 13:06:58.0203 5784 ================================================================================

2011/06/05 13:06:58.0218 5504 Detected object count: 1

2011/06/05 13:06:58.0218 5504 Actual detected object count: 1

2011/06/05 13:07:26.0203 5504 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/06/05 13:07:26.0203 5504 \Device\Harddisk0\DR0 - ok

2011/06/05 13:07:26.0203 5504 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/06/05 13:07:36.0953 4168 Deinitialize success

Och så DDS-log:

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Magnus Petterson at 13:22:46 on 2011-06-05

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1463 [GMT 2:00]

.

AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\ehome\ehtray.exe

svchost.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe

C:\WINDOWS\Zzigei.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\3\3Connect\AutoUpdateSrv.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.asus.com/

uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [5GUTNY6MFK] c:\windows\Zzigei.exe

uRun: [R8388QA8U8] c:\docume~1\magnus~1\locals~1\temp\Zwj.exe

uRun: [Lzitaneyulexahe] rundll32.exe "c:\windows\stlgfg.dll",Startup

uRun: [lss700dbgg.exe] c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe

mRun: [HControl] c:\windows\atk0100\HControl.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sMSERIAL] c:\windows\sm56hlpr.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe

mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe

mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1

mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

mExplorerRun: [p7za4d] c:\docume~1\magnus~1\locals~1\temp\h25lm4.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 93.188.162.74,93.188.161.7

Notify: cryptnet32 - cryptnet32.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]

R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]

R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]

S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]

.

=============== Created Last 30 ================

.

2011-06-04 17:05:07 380928 --sha-w- c:\documents and settings\magnus petterson\local settings\application data\xaa.exe

2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage

2011-06-01 10:53:37 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

2011-06-01 10:53:01 -------- d-----w- c:\documents and settings\magnus petterson\application data\B0EAF52D001F49A536E12421F068CD55

2011-05-25 23:54:12 231424 ----a-w- c:\windows\Zzigek.exe

2011-05-22 13:02:21 -------- d-----w- c:\documents and settings\all users\application data\dC28601MlHgC28601

2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip

2011-05-21 14:08:27 152064 ----a-w- c:\windows\Zzigej.exe

2011-05-21 07:32:59 152064 ----a-w- c:\windows\Zzigei.exe

2011-05-20 06:26:50 152064 ----a-w- c:\windows\Zzigeh.exe

2011-05-19 17:35:55 152064 ----a-w- c:\windows\Zzigeg.exe

2011-05-19 17:35:46 152064 ----a-w- c:\windows\Zzigef.exe

2011-05-19 05:04:24 152064 ----a-w- c:\windows\Zzigee.exe

2011-05-17 15:19:43 152064 ----a-w- c:\windows\Zziged.exe

2011-05-17 05:16:59 152064 ----a-w- c:\windows\Zzigec.exe

2011-05-16 07:38:01 152064 ----a-w- c:\windows\Zzigeb.exe

2011-05-16 07:37:50 152064 ----a-w- c:\windows\Zzigea.exe

.

==================== Find3M ====================

.

2011-05-12 12:05:08 296992 ----a-w- c:\windows\system32\shimg.dll

2011-04-24 00:40:06 49152 ----a-w- c:\windows\system32\cryptnet32.dll

.

============= FINISH: 13:23:13,75 ===============

Share this post


Link to post
Share on other sites

Bra! Där försvann lite.

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwarebytes.org/mbam-download.php

http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=b4a0904e0f02b40bf2ae9ce030ef5c99&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11375988&mfgId=6290020&merId=6290020&pguid=XI3P-goPjFwAACI-g4wAAAA4&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3Db4a0904e0f02b40bf2ae9ce030ef5c99

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Dubbelklicka på mbam-setup för att installera programmet.

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Klicka på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj Utför snabb skanning och klicka på Skanna.

Skanningen tar ett tag.

När den är klar så klicka på OK och sedan Visa resultat.

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

Starta om datorn och klistra in en ny DDS.txt också.

Share this post


Link to post
Share on other sites

MBAM-log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Databasversion: 6774

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2011-06-05 15:17:26

mbam-log-2011-06-05 (15-17-26).txt

Skanningstyp: Snabbskanning

Antal skannade objekt: 160921

Förfluten tid: 5 minut(er), 49 sekund(er)

Infekterade minnesprocesser: 2

Infekterade minnesmoduler: 2

Infekterade registernycklar: 6

Infekterade registervärden: 5

Infekterade registerdataposter: 4

Infekterade mappar: 0

Infekterade filer: 26

Infekterade minnesprocesser:

c:\WINDOWS\Zzigei.exe (Trojan.Downloader) -> 2244 -> Unloaded process successfully.

c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe (Trojan.FakeAlert) -> 3276 -> Unloaded process successfully.

Infekterade minnesmoduler:

c:\WINDOWS\stlgfg.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

c:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot.

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\J40NOZ44HU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lzitaneyulexahe (Trojan.Hiloti.Gen) -> Value: Lzitaneyulexahe -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5GUTNY6MFK (Trojan.Downloader) -> Value: 5GUTNY6MFK -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lss700dbgg.exe (Trojan.FakeAlert) -> Value: lss700dbgg.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R8388QA8U8 (Trojan.Downloader) -> Value: R8388QA8U8 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\p7za4d (Trojan.Downloader) -> Value: p7za4d -> Quarantined and deleted successfully.

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.74,93.188.161.7) Good: () -> Quarantined and deleted successfully.

Infekterade mappar:

(Inga skadliga poster hittades)

Infekterade filer:

c:\WINDOWS\stlgfg.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

c:\WINDOWS\Zzigei.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Documents and Settings\Magnus Petterson\Local Settings\temp\Zwj.exe (Trojan.Downloader) -> Delete on reboot.

c:\documents and settings\magnus petterson\local settings\temp\oxcanmerws.tmp (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\magnus petterson\local settings\temp\mwrascneox.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\magnus petterson\local settings\application data\xaa.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Zzigea.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Zzigeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Zzigec.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Zziged.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Zzigee.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Zzigef.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Zzigeg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Zzigeh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Zzigej.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Zzigek.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot.

c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

c:\documents and settings\magnus petterson\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc112.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc3808796.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc3809531.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc87.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

DDS-log:

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Magnus Petterson at 15:30:15 on 2011-06-05

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1435 [GMT 2:00]

.

AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.asus.com/

uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HControl] c:\windows\atk0100\HControl.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sMSERIAL] c:\windows\sm56hlpr.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe

mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe

mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1

mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: cryptnet32 - cryptnet32.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]

R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]

R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]

S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984]

.

=============== Created Last 30 ================

.

2011-06-05 13:08:29 -------- d-----w- c:\documents and settings\magnus petterson\application data\Malwarebytes

2011-06-05 13:07:46 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-05 13:07:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-05 13:07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage

2011-06-01 10:53:37 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

2011-06-01 10:53:01 -------- d-----w- c:\documents and settings\magnus petterson\application data\B0EAF52D001F49A536E12421F068CD55

2011-05-22 13:02:21 -------- d-----w- c:\documents and settings\all users\application data\dC28601MlHgC28601

2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip

.

==================== Find3M ====================

.

2011-05-12 12:05:08 296992 ----a-w- c:\windows\system32\shimg.dll

.

============= FINISH: 15:31:39,98 ===============

Share this post


Link to post
Share on other sites

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll

Angående ovanstående rad kan du läsa http://www.systemlookup.com/CLSID/56875-YontooIEClient_dll.html

Någon särskild anledning till att Kasperskys antivirusprogram inte är uppdaterat?

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Share this post


Link to post
Share on other sites

Bredbandsanslutningen sker mha usb-modem, men det finns väl inget som hindrar att man ominstallerar detta vid behov?

Share this post


Link to post
Share on other sites

För det mesta går det utmärkt ändå, men ibland kan man behöva ominstallera det. :)

Share this post


Link to post
Share on other sites

Internetanslutning ok, här kommer Combofix-log:

ComboFix 11-06-05.01 - Magnus Petterson 2011-06-05 16:37:14.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1380 [GMT 2:00]

Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\dC28601MlHgC28601

c:\documents and settings\All Users\Application Data\dC28601MlHgC28601\dC28601MlHgC28601.exe

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\documents and settings\Magnus Petterson\Application Data\Adobe\plugs

c:\documents and settings\Magnus Petterson\Application Data\Adobe\shed

c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55

c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\enemies-names.txt

c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\local.ini

c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lsrslt.ini

c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\upd_debug.exe

c:\windows\system32\shimg.dll

.

.

(((((((((((((((((((((((( Filer Skapade från 2011-05-05 till 2011-06-05 ))))))))))))))))))))))))))))))

.

.

2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes

2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage

2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip

2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]

"nwiz"="nwiz.exe" [2006-03-16 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]

"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]

"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]

"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]

"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]

"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"=

"d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472]

R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110]

R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278]

S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984]

.

--- Övriga tjänster/drivrutiner i minnet ---

.

*NewlyCreated* - WUAUSERV

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.asus.com/

uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-05 16:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'explorer.exe'(2716)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\windows\eHome\ehmsas.exe

c:\windows\system32\ACEngSvr.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\windows\ATK0100\ATKOSD.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

c:\windows\system32\dllhost.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Sluttid: 2011-06-05 16:49:30 - datorn startades om.

ComboFix-quarantined-files.txt 2011-06-05 14:49

.

Före genomsökningen: 19 660 824 576 bytes free

Efter genomsökningen: 19 661 324 288 byte ledigt

.

- - End Of File - - C7A8B8EAC43DEB3A251AACC025594365

Share this post


Link to post
Share on other sites

c:\documents and settings\Magnus Petterson\Application Data\Adobe\plugs

c:\documents and settings\Magnus Petterson\Application Data\Adobe\shed

ComboFix tog bort ovanstående två mappar. Fungerar dina Adobe program som de ska?

Kopiera alla rader i rutan:

Killall::
DDS::
Notify: cryptnet32 - cryptnet32.dll

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut och en ny DDS-logg.

Share this post


Link to post
Share on other sites

Verkar inte vara något problem med program.

Combofixlog:

ComboFix 11-06-05.01 - Magnus Petterson 2011-06-05 18:08:10.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1424 [GMT 2:00]

Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Magnus Petterson\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

(((((((((((((((((((((((( Filer Skapade från 2011-05-05 till 2011-06-05 ))))))))))))))))))))))))))))))

.

.

2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes

2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage

2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip

2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-05_14.46.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-05 16:16 . 2011-06-05 16:16 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat

- 2011-06-05 14:45 . 2011-06-05 14:45 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]

"nwiz"="nwiz.exe" [2006-03-16 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]

"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]

"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]

"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]

"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]

"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"=

"d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472]

R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110]

R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278]

S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.asus.com/

uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-05 18:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'explorer.exe'(3864)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\windows\eHome\ehmsas.exe

c:\windows\system32\ACEngSvr.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

c:\windows\ATK0100\ATKOSD.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

c:\windows\system32\dllhost.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Sluttid: 2011-06-05 18:20:41 - datorn startades om.

ComboFix-quarantined-files.txt 2011-06-05 16:20

ComboFix2.txt 2011-06-05 14:49

.

Före genomsökningen: 19 660 242 944 bytes free

Efter genomsökningen: 19 651 694 592 byte ledigt

.

- - End Of File - - AC667EC5060B251A427DE1782959C08C

DDS-log:

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Magnus Petterson at 18:22:01 on 2011-06-05

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1404 [GMT 2:00]

.

AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.asus.com/

uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [HControl] c:\windows\atk0100\HControl.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sMSERIAL] c:\windows\sm56hlpr.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe

mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe

mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1

mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: klogon - c:\windows\system32\klogon.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]

R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]

R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]

S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984]

.

=============== Created Last 30 ================

.

2011-06-05 14:35:47 98816 ----a-w- c:\windows\sed.exe

2011-06-05 14:35:47 518144 ----a-w- c:\windows\SWREG.exe

2011-06-05 13:08:29 -------- d-----w- c:\documents and settings\magnus petterson\application data\Malwarebytes

2011-06-05 13:07:46 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-05 13:07:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-05 13:07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage

2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip

.

==================== Find3M ====================

.

.

============= FINISH: 18:22:28,75 ===============

Share this post


Link to post
Share on other sites

YontooIEClient.dll som tydligen kan ligga i en mapp som heter Yontoo Layers ligger hos mig i mappen PageRage. Ska jag försöka ta bort detta manuellt enligt anvisningar eller tar slutstädningen hand om detta?

När det gäller Antimalware Doctor verkar det som borttagningen har lyckats.

Vad ska jag göra härnäst?

Share this post


Link to post
Share on other sites

Det ser ut som att PageRage ska gå att avinstallera på vanligt sätt i Kontrollpanelen och slutstädningen kommer inte att göra något åt den.

Ska du ersätta Kasperskys program med något annat eller ska du se till att den blir uppgraderad till årsmodell 2011 för bästa skydd och med uppdaterade virusdefinitioner?

Nu återstår bara en sista städomgång:

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

XP:

Start - Program- Tillbehör - Systemverktyg - Systemåterställning

Välj att skapa en ny återställningspunkt och tryck på Nästa.

Vista och Windows 7:

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

Beroende på Windows kan du behöva välja något om att du vill ta bort filer som gäller hela datorn/Windows innan den rätta fliken dyker upp.

2a. Tryck Windows-tangenten + R

Kopiera och klistra in denna rad:

ComboFix /Uninstall

Observera att det är ett mellanrum före /

Klicka på OK.

2b. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och ComboFix m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

3. Spara TFC (Temporary File Cleaner) av OldTimer på Skrivbordet.

http://oldtimer.geekstogo.com/TFC.exe

Stäng alla program och fönster.

Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).

Klicka på Start-knappen för att starta städningen.

Det kan ta några minuter och låt datorn vara ifred under tiden.

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv. Ta bort TFC-filen.

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

5. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://sites.google.com/site/ceblstockholm/home

Det är mycket viktigt att du kör Secunias kontroll eftersom du har gamla programversioner med kända säkerhetshål i datorn (jag såg en gammal Java i en logg) och det gör det väldigt lätt att infektera datorn.

Share this post


Link to post
Share on other sites

C:\Program Files\PageRage\YontooIEClient.dll

Innan jag gör det avslutande undrar jag kring filen ovan:

Jag hittar ingen PageRage i min kontrollpanel, inget som börjar på Yontoo* heller. När jag Googlade på filnamnet fick jag intrycket av att man skulle försöka göra sig av med den och att det behövdes särskilda verktyg för detta.

Nu vet jag inte riktigt vad jag ska tro, vad är din åsikt om det hela?

När det gäller din fråga om Kaspersky, det är ungefär så det har varit ett tag - veligt... men nu är det uppenbarligen hög tid att bestämma sig :)

Share this post


Link to post
Share on other sites

Det var konstigt för PageRage finns med i avinstallationslistan i Attach-filen ihop en massa andra program. Finns det någon avinstallationsfil, t ex något med uninst, i dess programmapp?

Share this post


Link to post
Share on other sites

http://forums.spybot.info/showthread.php?t=62640

Jag hittade länken ovan som beskriver manuell borttagning av Yontoo.Pagerage och min Combofix-log i inlägg

#11 verkar innehålla det mesta förutom den .dll-fil som finns i DDS-logen i inlägg #13. Jag hittar inga andra filer än YontooIEClient.dll i programmappen - kan det vara så att allt annat har tagits bort?

Inlägg #11

Combofix-log:

((((( Andra raderingar )))))

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma

Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma

Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma

Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma

Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma

Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} -

c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

Inlägg #13

Combofix-log:

(((((Filer Skapade från 2011-05-05 till 2011-06-05 )))))

2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage

DDS-log:

=====Pseudo HJT Report=====

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program

files\pagerage\YontooIEClient.dll

=====CreatedLast30=====

2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage

Share this post


Link to post
Share on other sites

Då tar vi bort det sista av PageRage/Yontoo med ComboFix.

Kopiera alla rader i rutan:

DDS::
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
Folder::
c:\program files\pagerage

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Share this post


Link to post
Share on other sites

Combofix-log:

ComboFix 11-06-05.01 - Magnus Petterson 2011-06-07 19:52:12.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1259 [GMT 2:00]

Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Magnus Petterson\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\pagerage

c:\program files\pagerage\YontooIEClient.dll

.

.

(((((((((((((((((((((((( Filer Skapade från 2011-05-07 till 2011-06-07 ))))))))))))))))))))))))))))))

.

.

2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes

2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip

2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-05_14.46.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-07 06:12 . 2011-06-07 06:12 16384 c:\windows\temp\Perflib_Perfdata_e4.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]

"nwiz"="nwiz.exe" [2006-03-16 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]

"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]

"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]

"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]

"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]

"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"=

"d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472]

R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110]

R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278]

S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.asus.com/

uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-07 19:59

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Sluttid: 2011-06-07 20:00:57

ComboFix-quarantined-files.txt 2011-06-07 18:00

ComboFix2.txt 2011-06-05 16:20

ComboFix3.txt 2011-06-05 14:49

.

Före genomsökningen: 19 559 550 976 bytes free

Efter genomsökningen: 19 559 931 904 byte ledigt

.

- - End Of File - - FD24E53C3069D55696382CFEFC00DAB0

Share this post


Link to post
Share on other sites