Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Logga in   
  • Registrera konto


Foto
- - - - -

Antimalware Doctor


Den här tråden har arkiverats. Det innebär att du inte längre kan svara på inlägg i tråden. Vänligen starta en ny tråd vid behov.
21 svar i den här tråden

#1 MaPe

MaPe
  • Medlem
  • PipPip
  • 47 inlägg

Skrivet 05 juni 2011 - 09:18

Hej,

Har problem med Antimalware Doctor. Med jämna mellanrum dyker det upp varningsrutor för virusangrepp eller intrångsförsök blandat med uppmaningar om att registrera och köpa produkten.
Ibland minimeras alla öppna fönster och man uppmanas att registrera, svarar man nej kommer öppna fönster tillbaka.

Antimalware Doctor dök upp som en post i Alla program, men Uninstall-kommandot tog enbart bort genvägen därifrån - allt annat verkar vara kvar. Genvägen gick till "C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe"
Förutom lss700dbgg.exe finns även enemies-names.txt, local.ini, lsrslt.ini och upd_debug.exe i denna mapp.

Tacksam för hjälp att bli av med detta.

Hälsningar
Mape

PS. När jag skulle skapa tråden i forumet från den angripna dator fick jag besked om att sidan inte kunde visas, så jag fick använda en annan.DS

Bifogar log från HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:09:00, on 2011-06-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Zzigei.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\mape.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [5GUTNY6MFK] C:\WINDOWS\Zzigei.exe
O4 - HKCU\..\Run: [R8388QA8U8] C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe
O4 - HKCU\..\Run: [Lzitaneyulexahe] rundll32.exe "C:\WINDOWS\stlgfg.dll",Startup
O4 - HKCU\..\Run: [lss700dbgg.exe] C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe
O4 - HKLM\..\Policies\Explorer\Run: [p7za4d] C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\h25lm4.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lägg till i Skydd mot webbannonser - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtuellt tangentbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: K&ontroll av webbadresser - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Visa eller dölj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1256894838109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1256895652843
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: cryptnet32 - C:\WINDOWS\SYSTEM32\cryptnet32.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10701 bytes


ANNONS:

#2 Cecilia

Cecilia
  • Hedersmedlem
  • 4 762 inlägg

Skrivet 05 juni 2011 - 09:50

Det syns en hel del skadligt i den loggen, men med DDS syns det ändå bättre. Följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så gott det går.

#3 MaPe

MaPe
  • Medlem
  • PipPip
  • 47 inlägg

Skrivet 05 juni 2011 - 10:41

Här kommer loggfilen och den andra bifogas.
Mape

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Magnus Petterson at 11:07:38 on 2011-06-05
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1383 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\Zzigei.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [5GUTNY6MFK] c:\windows\Zzigei.exe
uRun: [R8388QA8U8] c:\docume~1\magnus~1\locals~1\temp\Zwj.exe
uRun: [Lzitaneyulexahe] rundll32.exe "c:\windows\stlgfg.dll",Startup
uRun: [lss700dbgg.exe] c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SMSERIAL] c:\windows\sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [p7za4d] c:\docume~1\magnus~1\locals~1\temp\h25lm4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.162.74,93.188.161.7
Notify: cryptnet32 - cryptnet32.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
.
=============== Created Last 30 ================
.
2011-06-04 21:37:12 26624 ----a-w- c:\windows\system32\dll.dll
2011-06-04 17:05:07 380928 --sha-w- c:\documents and settings\magnus petterson\local settings\application data\xaa.exe
2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage
2011-06-01 10:53:37 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-06-01 10:53:01 -------- d-----w- c:\documents and settings\magnus petterson\application data\B0EAF52D001F49A536E12421F068CD55
2011-05-25 23:54:12 231424 ----a-w- c:\windows\Zzigek.exe
2011-05-22 13:02:21 -------- d-----w- c:\documents and settings\all users\application data\dC28601MlHgC28601
2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip
2011-05-21 14:08:27 152064 ----a-w- c:\windows\Zzigej.exe
2011-05-21 07:32:59 152064 ----a-w- c:\windows\Zzigei.exe
2011-05-20 06:26:50 152064 ----a-w- c:\windows\Zzigeh.exe
2011-05-19 17:35:55 152064 ----a-w- c:\windows\Zzigeg.exe
2011-05-19 17:35:46 152064 ----a-w- c:\windows\Zzigef.exe
2011-05-19 05:04:24 152064 ----a-w- c:\windows\Zzigee.exe
2011-05-17 15:19:43 152064 ----a-w- c:\windows\Zziged.exe
2011-05-17 05:16:59 152064 ----a-w- c:\windows\Zzigec.exe
2011-05-16 07:38:01 152064 ----a-w- c:\windows\Zzigeb.exe
2011-05-16 07:37:50 152064 ----a-w- c:\windows\Zzigea.exe
.
==================== Find3M ====================
.
2011-05-12 12:05:08 296992 ----a-w- c:\windows\system32\shimg.dll
2011-04-24 00:40:06 49152 ----a-w- c:\windows\system32\cryptnet32.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600BEKT-00F3T0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A65E6F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a664a10]; MOV EAX, [0x8a664a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6DAAB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000072[0x8A6B23B8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A6E0940]
\Driver\atapi[0x8A6D4270] -> IRP_MJ_CREATE -> 0x8A65E6F0
error: Read En enhet som är ansluten till datorn fungerar inte.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A65E53B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:09:18,59 ===============

Bifogade fil(er)

  • Bifogad fil  attach.txt   15,34KB   5 Antal nedladdningar


#4 Cecilia

Cecilia
  • Hedersmedlem
  • 4 762 inlägg

Skrivet 05 juni 2011 - 11:13

1.
Spara TDSSKiller på Skrivbordet:
http://support.kaspe.../tdsskiller.zip

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.
Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.
Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

Klicka på Start Scan.

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

2.
Starta om datorn.
Kör DDS igen och klistra in DDS.txt.

#5 MaPe

MaPe
  • Medlem
  • PipPip
  • 47 inlägg

Skrivet 05 juni 2011 - 12:32

Det var två loggar, strax efter start kom några dialogrutor från "Doctorn", ser ut som om loggen kom av sig och började om:

Nr1:
2011/06/05 13:05:59.0187 3020 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 13:05:59.0218 3020 ================================================================================
2011/06/05 13:05:59.0218 3020 SystemInfo:
2011/06/05 13:05:59.0218 3020
2011/06/05 13:05:59.0218 3020 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/05 13:05:59.0218 3020 Product type: Workstation
2011/06/05 13:05:59.0218 3020 ComputerName: YOUR-508DA2F984
2011/06/05 13:05:59.0218 3020 UserName: Magnus Petterson
2011/06/05 13:05:59.0218 3020 Windows directory: C:\WINDOWS
2011/06/05 13:05:59.0218 3020 System windows directory: C:\WINDOWS
2011/06/05 13:05:59.0218 3020 Processor architecture: Intel x86
2011/06/05 13:05:59.0218 3020 Number of processors: 2
2011/06/05 13:05:59.0218 3020 Page size: 0x1000
2011/06/05 13:05:59.0218 3020 Boot type: Normal boot
2011/06/05 13:05:59.0218 3020 ================================================================================
2011/06/05 13:06:00.0437 3020 Initialize success
2011/06/05 13:06:04.0640 5184 Deinitialize success

Nr2:
2011/06/05 13:06:38.0781 4792 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 13:06:38.0906 4792 ================================================================================
2011/06/05 13:06:38.0906 4792 SystemInfo:
2011/06/05 13:06:38.0906 4792
2011/06/05 13:06:38.0906 4792 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/05 13:06:38.0906 4792 Product type: Workstation
2011/06/05 13:06:38.0906 4792 ComputerName: YOUR-508DA2F984
2011/06/05 13:06:38.0906 4792 UserName: Magnus Petterson
2011/06/05 13:06:38.0906 4792 Windows directory: C:\WINDOWS
2011/06/05 13:06:38.0906 4792 System windows directory: C:\WINDOWS
2011/06/05 13:06:38.0906 4792 Processor architecture: Intel x86
2011/06/05 13:06:38.0906 4792 Number of processors: 2
2011/06/05 13:06:38.0921 4792 Page size: 0x1000
2011/06/05 13:06:38.0921 4792 Boot type: Normal boot
2011/06/05 13:06:38.0921 4792 ================================================================================
2011/06/05 13:06:40.0109 4792 Initialize success
2011/06/05 13:06:46.0750 5784 ================================================================================
2011/06/05 13:06:46.0750 5784 Scan started
2011/06/05 13:06:46.0750 5784 Mode: Manual;
2011/06/05 13:06:46.0750 5784 ================================================================================
2011/06/05 13:06:47.0234 5784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/05 13:06:47.0281 5784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/05 13:06:47.0328 5784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/05 13:06:47.0406 5784 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/05 13:06:47.0453 5784 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/05 13:06:47.0593 5784 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/05 13:06:47.0718 5784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/05 13:06:47.0750 5784 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/05 13:06:47.0796 5784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/05 13:06:47.0875 5784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/05 13:06:47.0921 5784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/05 13:06:47.0984 5784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/05 13:06:48.0015 5784 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/05 13:06:48.0109 5784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/05 13:06:48.0156 5784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/05 13:06:48.0203 5784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/05 13:06:48.0296 5784 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/05 13:06:48.0359 5784 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/05 13:06:48.0468 5784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/05 13:06:48.0531 5784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/05 13:06:48.0609 5784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/05 13:06:48.0656 5784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/05 13:06:48.0687 5784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/05 13:06:48.0765 5784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/05 13:06:48.0875 5784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/05 13:06:48.0953 5784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/05 13:06:49.0000 5784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/05 13:06:49.0062 5784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/05 13:06:49.0125 5784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/05 13:06:49.0171 5784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/05 13:06:49.0203 5784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/05 13:06:49.0265 5784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/05 13:06:49.0328 5784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/05 13:06:49.0390 5784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/05 13:06:49.0453 5784 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/05 13:06:49.0484 5784 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/05 13:06:49.0562 5784 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/05 13:06:49.0609 5784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/05 13:06:49.0687 5784 hwdatacard (008ada74e3028fced5145f4f74230d4b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/06/05 13:06:49.0781 5784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/05 13:06:49.0843 5784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/05 13:06:50.0046 5784 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/05 13:06:50.0171 5784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/05 13:06:50.0218 5784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/05 13:06:50.0281 5784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/05 13:06:50.0328 5784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/05 13:06:50.0406 5784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/05 13:06:50.0484 5784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/05 13:06:50.0546 5784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/05 13:06:50.0609 5784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/05 13:06:50.0656 5784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/05 13:06:50.0718 5784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/05 13:06:50.0765 5784 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2011/06/05 13:06:50.0812 5784 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2011/06/05 13:06:50.0875 5784 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/06/05 13:06:50.0921 5784 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/06/05 13:06:50.0984 5784 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/06/05 13:06:51.0031 5784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/05 13:06:51.0078 5784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/05 13:06:51.0187 5784 lvupdtio (e6784b8d8ded6054d50139481edf6724) C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys
2011/06/05 13:06:51.0250 5784 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
2011/06/05 13:06:51.0328 5784 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/05 13:06:51.0375 5784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/05 13:06:51.0406 5784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/05 13:06:51.0437 5784 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/05 13:06:51.0468 5784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/05 13:06:51.0609 5784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/05 13:06:51.0656 5784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/05 13:06:51.0718 5784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/05 13:06:51.0781 5784 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/05 13:06:51.0875 5784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/05 13:06:51.0921 5784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/05 13:06:51.0984 5784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/05 13:06:52.0046 5784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/05 13:06:52.0125 5784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/05 13:06:52.0171 5784 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/05 13:06:52.0234 5784 MTsensor (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/06/05 13:06:52.0281 5784 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/05 13:06:52.0328 5784 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/05 13:06:52.0390 5784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/05 13:06:52.0437 5784 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/05 13:06:52.0500 5784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/05 13:06:52.0562 5784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/05 13:06:52.0625 5784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/05 13:06:52.0718 5784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/05 13:06:52.0734 5784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/05 13:06:52.0796 5784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/05 13:06:52.0906 5784 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/05 13:06:52.0937 5784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/05 13:06:53.0000 5784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/05 13:06:53.0062 5784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/05 13:06:53.0156 5784 nv (392ad6a1676fbbc80fa1dad4c9955131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/05 13:06:53.0343 5784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/05 13:06:53.0390 5784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/05 13:06:53.0421 5784 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/05 13:06:53.0468 5784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/05 13:06:53.0531 5784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/05 13:06:53.0578 5784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/05 13:06:53.0625 5784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/05 13:06:53.0687 5784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/05 13:06:53.0734 5784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/05 13:06:53.0937 5784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/05 13:06:54.0000 5784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/05 13:06:54.0046 5784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/05 13:06:54.0078 5784 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/05 13:06:54.0187 5784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/05 13:06:54.0218 5784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/05 13:06:54.0296 5784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/05 13:06:54.0343 5784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/05 13:06:54.0390 5784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/05 13:06:54.0437 5784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/05 13:06:54.0484 5784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/05 13:06:54.0562 5784 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/05 13:06:54.0625 5784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/05 13:06:54.0703 5784 rimmptsk (b6e686aab08bc276d0000293f9fba0bb) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/06/05 13:06:54.0750 5784 rimsptsk (bcff51e0be86d6f0e2180e5142203527) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/06/05 13:06:54.0812 5784 RTL8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/06/05 13:06:54.0968 5784 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/06/05 13:06:55.0000 5784 s24trans (73ed6b5cac92f23f4610667b8eb8e8d6) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/05 13:06:55.0062 5784 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/05 13:06:55.0140 5784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/05 13:06:55.0218 5784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/05 13:06:55.0296 5784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/05 13:06:55.0375 5784 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/05 13:06:55.0453 5784 smserial (b8c571fbf5a4b341a95cdf0de74d7b11) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/06/05 13:06:55.0546 5784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/05 13:06:55.0625 5784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/05 13:06:55.0671 5784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/05 13:06:55.0750 5784 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/05 13:06:55.0828 5784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/05 13:06:55.0890 5784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/05 13:06:56.0078 5784 SynMini (03dc419b94c57adf3ab0fbf887b021f5) C:\WINDOWS\system32\Drivers\SynMini.sys
2011/06/05 13:06:56.0156 5784 SynScan (e4085705d8d7d4d1536d8ee907439a86) C:\WINDOWS\system32\Drivers\SynScan.sys
2011/06/05 13:06:56.0203 5784 SynTP (69bf2dd9b1099d1aa3e7cf14b4b842cd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/05 13:06:56.0265 5784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/05 13:06:56.0359 5784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/05 13:06:56.0406 5784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/05 13:06:56.0468 5784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/05 13:06:56.0531 5784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/05 13:06:56.0593 5784 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/06/05 13:06:56.0640 5784 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/06/05 13:06:56.0687 5784 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/06/05 13:06:56.0718 5784 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/06/05 13:06:56.0750 5784 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/06/05 13:06:56.0796 5784 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/06/05 13:06:56.0843 5784 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/06/05 13:06:56.0906 5784 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/06/05 13:06:56.0937 5784 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/06/05 13:06:57.0000 5784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/05 13:06:57.0078 5784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/05 13:06:57.0187 5784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/05 13:06:57.0234 5784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/05 13:06:57.0312 5784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/05 13:06:57.0390 5784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/05 13:06:57.0437 5784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/05 13:06:57.0484 5784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/05 13:06:57.0546 5784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/05 13:06:57.0609 5784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/05 13:06:57.0687 5784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/05 13:06:57.0781 5784 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/06/05 13:06:57.0890 5784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/05 13:06:57.0984 5784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/05 13:06:58.0109 5784 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/05 13:06:58.0203 5784 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/05 13:06:58.0203 5784 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/05 13:06:58.0203 5784 ================================================================================
2011/06/05 13:06:58.0203 5784 Scan finished
2011/06/05 13:06:58.0203 5784 ================================================================================
2011/06/05 13:06:58.0218 5504 Detected object count: 1
2011/06/05 13:06:58.0218 5504 Actual detected object count: 1
2011/06/05 13:07:26.0203 5504 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/05 13:07:26.0203 5504 \Device\Harddisk0\DR0 - ok
2011/06/05 13:07:26.0203 5504 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/05 13:07:36.0953 4168 Deinitialize success


Och så DDS-log:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Magnus Petterson at 13:22:46 on 2011-06-05
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1463 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
svchost.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\Zzigei.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [5GUTNY6MFK] c:\windows\Zzigei.exe
uRun: [R8388QA8U8] c:\docume~1\magnus~1\locals~1\temp\Zwj.exe
uRun: [Lzitaneyulexahe] rundll32.exe "c:\windows\stlgfg.dll",Startup
uRun: [lss700dbgg.exe] c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SMSERIAL] c:\windows\sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [p7za4d] c:\docume~1\magnus~1\locals~1\temp\h25lm4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.162.74,93.188.161.7
Notify: cryptnet32 - cryptnet32.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
.
=============== Created Last 30 ================
.
2011-06-04 17:05:07 380928 --sha-w- c:\documents and settings\magnus petterson\local settings\application data\xaa.exe
2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage
2011-06-01 10:53:37 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-06-01 10:53:01 -------- d-----w- c:\documents and settings\magnus petterson\application data\B0EAF52D001F49A536E12421F068CD55
2011-05-25 23:54:12 231424 ----a-w- c:\windows\Zzigek.exe
2011-05-22 13:02:21 -------- d-----w- c:\documents and settings\all users\application data\dC28601MlHgC28601
2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip
2011-05-21 14:08:27 152064 ----a-w- c:\windows\Zzigej.exe
2011-05-21 07:32:59 152064 ----a-w- c:\windows\Zzigei.exe
2011-05-20 06:26:50 152064 ----a-w- c:\windows\Zzigeh.exe
2011-05-19 17:35:55 152064 ----a-w- c:\windows\Zzigeg.exe
2011-05-19 17:35:46 152064 ----a-w- c:\windows\Zzigef.exe
2011-05-19 05:04:24 152064 ----a-w- c:\windows\Zzigee.exe
2011-05-17 15:19:43 152064 ----a-w- c:\windows\Zziged.exe
2011-05-17 05:16:59 152064 ----a-w- c:\windows\Zzigec.exe
2011-05-16 07:38:01 152064 ----a-w- c:\windows\Zzigeb.exe
2011-05-16 07:37:50 152064 ----a-w- c:\windows\Zzigea.exe
.
==================== Find3M ====================
.
2011-05-12 12:05:08 296992 ----a-w- c:\windows\system32\shimg.dll
2011-04-24 00:40:06 49152 ----a-w- c:\windows\system32\cryptnet32.dll
.
============= FINISH: 13:23:13,75 ===============

#6 Cecilia

Cecilia
  • Hedersmedlem
  • 4 762 inlägg

Skrivet 05 juni 2011 - 13:14

Bra! Där försvann lite.

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:
http://www.malwareby...am-download.php
http://majorgeeks.co...fd909666f809b26
http://dw.com.com/re...2ae9ce030ef5c99
http://fileforum.bet...re/1186760019/1
Dubbelklicka på mbam-setup för att installera programmet.

Se till i slutet av installationen att det är bockar för:
Uppdatera Malwarebytes' Anti-Malware
Starta Malwarebytes' Anti-Malware
Klicka på Slutför
Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj Utför snabb skanning och klicka på Skanna.
Skanningen tar ett tag.
När den är klar så klicka på OK och sedan Visa resultat.
Bocka för allt och tryck sedan Ta bort markerade.
När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.
Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.
Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.
Kopiera loggen och klistra in den i ditt svar.

Starta om datorn och klistra in en ny DDS.txt också.

#7 MaPe

MaPe
  • Medlem
  • PipPip
  • 47 inlägg

Skrivet 05 juni 2011 - 14:42

MBAM-log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Databasversion: 6774

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011-06-05 15:17:26
mbam-log-2011-06-05 (15-17-26).txt

Skanningstyp: Snabbskanning
Antal skannade objekt: 160921
Förfluten tid: 5 minut(er), 49 sekund(er)

Infekterade minnesprocesser: 2
Infekterade minnesmoduler: 2
Infekterade registernycklar: 6
Infekterade registervärden: 5
Infekterade registerdataposter: 4
Infekterade mappar: 0
Infekterade filer: 26

Infekterade minnesprocesser:
c:\WINDOWS\Zzigei.exe (Trojan.Downloader) -> 2244 -> Unloaded process successfully.
c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe (Trojan.FakeAlert) -> 3276 -> Unloaded process successfully.

Infekterade minnesmoduler:
c:\WINDOWS\stlgfg.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot.

Infekterade registernycklar:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\J40NOZ44HU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infekterade registervärden:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lzitaneyulexahe (Trojan.Hiloti.Gen) -> Value: Lzitaneyulexahe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5GUTNY6MFK (Trojan.Downloader) -> Value: 5GUTNY6MFK -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lss700dbgg.exe (Trojan.FakeAlert) -> Value: lss700dbgg.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R8388QA8U8 (Trojan.Downloader) -> Value: R8388QA8U8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\p7za4d (Trojan.Downloader) -> Value: p7za4d -> Quarantined and deleted successfully.

Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.74,93.188.161.7) Good: () -> Quarantined and deleted successfully.

Infekterade mappar:
(Inga skadliga poster hittades)

Infekterade filer:
c:\WINDOWS\stlgfg.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\WINDOWS\Zzigei.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Documents and Settings\Magnus Petterson\Local Settings\temp\Zwj.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\magnus petterson\local settings\temp\oxcanmerws.tmp (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\local settings\temp\mwrascneox.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\local settings\application data\xaa.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigea.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigec.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zziged.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigee.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigef.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigeg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigeh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigej.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigek.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc112.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc3808796.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc3809531.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc87.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

DDS-log:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Magnus Petterson at 15:30:15 on 2011-06-05
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1435 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SMSERIAL] c:\windows\sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: cryptnet32 - cryptnet32.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984]
.
=============== Created Last 30 ================
.
2011-06-05 13:08:29 -------- d-----w- c:\documents and settings\magnus petterson\application data\Malwarebytes
2011-06-05 13:07:46 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 13:07:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 13:07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage
2011-06-01 10:53:37 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-06-01 10:53:01 -------- d-----w- c:\documents and settings\magnus petterson\application data\B0EAF52D001F49A536E12421F068CD55
2011-05-22 13:02:21 -------- d-----w- c:\documents and settings\all users\application data\dC28601MlHgC28601
2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip
.
==================== Find3M ====================
.
2011-05-12 12:05:08 296992 ----a-w- c:\windows\system32\shimg.dll
.
============= FINISH: 15:31:39,98 ===============

#8 Cecilia

Cecilia
  • Hedersmedlem
  • 4 762 inlägg

Skrivet 05 juni 2011 - 14:55

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
Angående ovanstående rad kan du läsa http://www.systemloo...Client_dll.html

Någon särskild anledning till att Kasperskys antivirusprogram inte är uppdaterat?

Spara ComboFix på Skrivbordet: http://download.blee...Bs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.
Hur? Se http://www.bleepingc...opic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.
Mer detaljerad vägledning finns på http://www.bleepingc...ix-ska-anvandas

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

#9 MaPe

MaPe
  • Medlem
  • PipPip
  • 47 inlägg

Skrivet 05 juni 2011 - 15:03

Bredbandsanslutningen sker mha usb-modem, men det finns väl inget som hindrar att man ominstallerar detta vid behov?

#10 Cecilia

Cecilia
  • Hedersmedlem
  • 4 762 inlägg

Skrivet 05 juni 2011 - 15:08

För det mesta går det utmärkt ändå, men ibland kan man behöva ominstallera det. :)

#11 MaPe

MaPe
  • Medlem
  • PipPip
  • 47 inlägg

Skrivet 05 juni 2011 - 15:57

Internetanslutning ok, här kommer Combofix-log:

ComboFix 11-06-05.01 - Magnus Petterson 2011-06-05 16:37:14.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1380 [GMT 2:00]
Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\dC28601MlHgC28601
c:\documents and settings\All Users\Application Data\dC28601MlHgC28601\dC28601MlHgC28601.exe
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Magnus Petterson\Application Data\Adobe\plugs
c:\documents and settings\Magnus Petterson\Application Data\Adobe\shed
c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55
c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\enemies-names.txt
c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\local.ini
c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lsrslt.ini
c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\upd_debug.exe
c:\windows\system32\shimg.dll
.
.
(((((((((((((((((((((((( Filer Skapade från 2011-05-05 till 2011-06-05 ))))))))))))))))))))))))))))))
.
.
2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes
2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage
2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip
2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]
"nwiz"="nwiz.exe" [2006-03-16 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"=
"d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984]
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 16:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'explorer.exe'(2716)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Sluttid: 2011-06-05 16:49:30 - datorn startades om.
ComboFix-quarantined-files.txt 2011-06-05 14:49
.
Före genomsökningen: 19 660 824 576 bytes free
Efter genomsökningen: 19 661 324 288 byte ledigt
.
- - End Of File - - C7A8B8EAC43DEB3A251AACC025594365

#12 Cecilia

Cecilia
  • Hedersmedlem
  • 4 762 inlägg

Skrivet 05 juni 2011 - 16:15

c:\documents and settings\Magnus Petterson\Application Data\Adobe\plugs
c:\documents and settings\Magnus Petterson\Application Data\Adobe\shed
ComboFix tog bort ovanstående två mappar. Fungerar dina Adobe program som de ska?

Kopiera alla rader i rutan:
Killall::
DDS::
Notify: cryptnet32 - cryptnet32.dll
och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.
Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.
Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut och en ny DDS-logg.

#13 MaPe

MaPe
  • Medlem
  • PipPip
  • 47 inlägg

Skrivet 05 juni 2011 - 17:28

Verkar inte vara något problem med program.

Combofixlog:
ComboFix 11-06-05.01 - Magnus Petterson 2011-06-05 18:08:10.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1424 [GMT 2:00]
Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\Magnus Petterson\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((( Filer Skapade från 2011-05-05 till 2011-06-05 ))))))))))))))))))))))))))))))
.
.
2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes
2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage
2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip
2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-05_14.46.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-05 16:16 . 2011-06-05 16:16 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat
- 2011-06-05 14:45 . 2011-06-05 14:45 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]
"nwiz"="nwiz.exe" [2006-03-16 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"=
"d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 18:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Sluttid: 2011-06-05 18:20:41 - datorn startades om.
ComboFix-quarantined-files.txt 2011-06-05 16:20
ComboFix2.txt 2011-06-05 14:49
.
Före genomsökningen: 19 660 242 944 bytes free
Efter genomsökningen: 19 651 694 592 byte ledigt
.
- - End Of File - - AC667EC5060B251A427DE1782959C08C

DDS-log:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Magnus Petterson at 18:22:01 on 2011-06-05
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1404 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SMSERIAL] c:\windows\sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984]
.
=============== Created Last 30 ================
.
2011-06-05 14:35:47 98816 ----a-w- c:\windows\sed.exe
2011-06-05 14:35:47 518144 ----a-w- c:\windows\SWREG.exe
2011-06-05 13:08:29 -------- d-----w- c:\documents and settings\magnus petterson\application data\Malwarebytes
2011-06-05 13:07:46 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 13:07:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 13:07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage
2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip
.
==================== Find3M ====================
.
.
============= FINISH: 18:22:28,75 ===============

#14 Cecilia

Cecilia
  • Hedersmedlem
  • 4 762 inlägg

Skrivet 05 juni 2011 - 18:24

2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage
Läs kommentarerna på http://www.mywot.com...rd/pagerage.com
Jag skulle tro att det hör ihop med "Yontoo Layers" som jag skrev om förut.

Verkar allt vara bra med datorn nu så att det är dags för slutstädningen?

#15 MaPe

MaPe
  • Medlem
  • PipPip
  • 47 inlägg

Skrivet 05 juni 2011 - 19:58

YontooIEClient.dll som tydligen kan ligga i en mapp som heter Yontoo Layers ligger hos mig i mappen PageRage. Ska jag försöka ta bort detta manuellt enligt anvisningar eller tar slutstädningen hand om detta?

När det gäller Antimalware Doctor verkar det som borttagningen har lyckats.

Vad ska jag göra härnäst?

#16 Cecilia

Cecilia
  • Hedersmedlem
  • 4 762 inlägg

Skrivet 05 juni 2011 - 22:47

Det ser ut som att PageRage ska gå att avinstallera på vanligt sätt i Kontrollpanelen och slutstädningen kommer inte att göra något åt den.

Ska du ersätta Kasperskys program med något annat eller ska du se till att den blir uppgraderad till årsmodell 2011 för bästa skydd och med uppdaterade virusdefinitioner?

Nu återstår bara en sista städomgång:

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.
Börja med att skapa en ny systemåterställningspunkt:
XP:
Start - Program- Tillbehör - Systemverktyg - Systemåterställning
Välj att skapa en ny återställningspunkt och tryck på Nästa.
Vista och Windows 7:
Högerklick på Datorn - Egenskaper - Systemskydd
Tryck på Skapa.

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.
Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.
På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.
Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.
Beroende på Windows kan du behöva välja något om att du vill ta bort filer som gäller hela datorn/Windows innan den rätta fliken dyker upp.

2a. Tryck Windows-tangenten + R
Kopiera och klistra in denna rad:
ComboFix /Uninstall

Observera att det är ett mellanrum före /
Klicka på OK.

2b. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.
http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och ComboFix m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

3. Spara TFC (Temporary File Cleaner) av OldTimer på Skrivbordet.
http://oldtimer.geekstogo.com/TFC.exe

Stäng alla program och fönster.
Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).
Klicka på Start-knappen för att starta städningen.
Det kan ta några minuter och låt datorn vara ifred under tiden.

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv. Ta bort TFC-filen.

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.
http://mnin.blogspot...iggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

5. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://sites.google....lstockholm/home
Det är mycket viktigt att du kör Secunias kontroll eftersom du har gamla programversioner med kända säkerhetshål i datorn (jag såg en gammal Java i en logg) och det gör det väldigt lätt att infektera datorn.

#17 MaPe

MaPe
  • Medlem
  • PipPip
  • 47 inlägg

Skrivet 06 juni 2011 - 08:46

C:\Program Files\PageRage\YontooIEClient.dll

Innan jag gör det avslutande undrar jag kring filen ovan:
Jag hittar ingen PageRage i min kontrollpanel, inget som börjar på Yontoo* heller. När jag Googlade på filnamnet fick jag intrycket av att man skulle försöka göra sig av med den och att det behövdes särskilda verktyg för detta.
Nu vet jag inte riktigt vad jag ska tro, vad är din åsikt om det hela?

När det gäller din fråga om Kaspersky, det är ungefär så det har varit ett tag - veligt... men nu är det uppenbarligen hög tid att bestämma sig :)

#18 Cecilia

Cecilia
  • Hedersmedlem
  • 4 762 inlägg

Skrivet 06 juni 2011 - 11:14

Det var konstigt för PageRage finns med i avinstallationslistan i Attach-filen ihop en massa andra program. Finns det någon avinstallationsfil, t ex något med uninst, i dess programmapp?

#19 MaPe

MaPe
  • Medlem
  • PipPip
  • 47 inlägg

Skrivet 06 juni 2011 - 18:01

http://forums.spybot...ead.php?t=62640

Jag hittade länken ovan som beskriver manuell borttagning av Yontoo.Pagerage och min Combofix-log i inlägg
#11 verkar innehålla det mesta förutom den .dll-fil som finns i DDS-logen i inlägg #13. Jag hittar inga andra filer än YontooIEClient.dll i programmappen - kan det vara så att allt annat har tagits bort?


Inlägg #11
Combofix-log:
((((( Andra raderingar )))))

c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma
Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma
Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma
Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma
Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma
Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} -
c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe


Inlägg #13
Combofix-log:
(((((Filer Skapade från 2011-05-05 till 2011-06-05 )))))

2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage


DDS-log:
=====Pseudo HJT Report=====
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program
files\pagerage\YontooIEClient.dll

=====CreatedLast30=====
2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage

#20 Cecilia

Cecilia
  • Hedersmedlem
  • 4 762 inlägg

Skrivet 06 juni 2011 - 23:32

Då tar vi bort det sista av PageRage/Yontoo med ComboFix.

Kopiera alla rader i rutan:
DDS::
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
Folder::
c:\program files\pagerage
och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.
Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.
Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut.