Tessa
-
Innehållsantal
24 -
Gick med
-
Besökte senast
Tessa's Achievements
(1/8)
-
Toppen! Tack så jättemycket för all hjälp!
-
Fixat! Är allt klart nu då?
-
Ny logg: ComboFix 10-05-07.07 - Carlsson 2010-05-09 17:35:51.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.503.209 [GMT 2:00] Körs från: c:\documents and settings\Carlsson\Skrivbord\ComboFix.exe Använda kommandoväxlar :: c:\documents and settings\Carlsson\Skrivbord\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ipnhc (((((((((((((((((((((((( Filer Skapade från 2010-04-09 till 2010-05-09 )))))))))))))))))))))))))))))) . 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\documents and settings\Carlsson\Application Data\Malwarebytes 2010-05-08 13:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-08 13:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\program\Malwarebytes' Anti-Malware 2010-05-08 11:52 . 2010-05-08 11:52 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing 2010-05-08 11:51 . 2010-05-08 11:51 -------- d-----r- c:\documents and settings\LocalService\Favoriter 2010-04-22 16:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-24 08:53 . 2010-04-24 08:53 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-24 08:52 . 2010-02-23 21:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-24 08:50 . 2010-04-24 08:50 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-18 09:59 . 2004-10-15 17:04 -------- d-----w- c:\documents and settings\Carlsson\Application Data\AdobeUM 2010-04-18 09:20 . 2004-10-06 15:51 -------- d-----w- c:\program\Delade filer\Adobe 2010-04-17 16:03 . 2009-05-18 17:58 -------- d-----w- c:\documents and settings\Carlsson\Application Data\Spotify 2010-04-16 15:48 . 2010-02-13 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-04-16 15:33 . 2010-02-13 10:18 -------- d-----w- c:\documents and settings\Carlsson\Application Data\skypePM 2010-04-12 17:22 . 2009-11-10 13:44 79488 ----a-w- c:\documents and settings\Carlsson\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-10 08:57 . 2010-04-10 08:57 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-03-28 15:27 . 2001-09-28 12:00 47992 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-28 15:27 . 2001-09-28 12:00 315338 ----a-w- c:\windows\system32\perfh01D.dat 2010-03-18 05:55 . 2010-03-18 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-18 05:55 . 2008-08-24 16:30 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-18 05:54 . 2008-08-24 16:30 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-10 06:17 . 2002-09-09 12:08 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:19 . 2002-09-09 12:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2002-08-28 23:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:09 . 2002-09-09 11:18 2190720 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2002-09-09 13:18 2067584 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-13 10:18 . 2010-02-13 10:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-02-12 04:35 . 2002-09-09 12:06 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2002-08-28 23:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((( SnapShot@2010-05-09_11.59.46 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-09 15:43 . 2010-05-09 15:43 16384 c:\windows\Temp\Perflib_Perfdata_63c.dat . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] c:\documents and settings\Tessas\Program\Autostart\ Adobe Gamma.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start-meny\Program\Autostart\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-14 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-18 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program\\NetMeeting\\conf.exe"= "c:\\Program\\Microsoft Office\\Office10\\FRONTPG.EXE"= "c:\\Program\\Messenger\\msmsgs.exe"= "c:\\Program\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\Spotify\\spotify.exe"= "c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program\\Bonjour\\mDNSResponder.exe"= "c:\\Program\\iTunes\\iTunes.exe"= "c:\\Program\\AVG\\AVG9\\avgupd.exe"= "c:\\Program\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-02-23 242896] R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-03-18 308064] S2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?] S3 RioS50;RioS50 driver;c:\windows\system32\drivers\RioS50.sys [2005-05-30 12661] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-02-29 716272] . Innehållet i mappen 'Schemalagda aktiviteter': 2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-05-09 c:\windows\Tasks\Symantec NetDetect.job - c:\program\Symantec\LiveUpdate\NDETECT.EXE [2005-01-22 15:08] 2010-05-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-18 20:18] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.yahoomail.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: cnet.com\download DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 18:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}*] "1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44, fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLer som "laddats" under processer som körs --------------------- - - - - - - - > 'explorer.exe'(3336) c:\windows\system32\webcheck.dll . ------------------------ Andra processer som körs ------------------------ . c:\program\AVG\AVG9\avgchsvx.exe c:\program\AVG\AVG9\avgrsx.exe c:\program\AVG\AVG9\avgcsrvx.exe c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program\Bonjour\mDNSResponder.exe c:\program\Java\jre6\bin\jqs.exe c:\windows\system32\MsPMSPSv.exe c:\program\AVG\AVG9\avgnsx.exe c:\program\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe . ************************************************************************** . Sluttid: 2010-05-09 18:12:51 - datorn startades om. ComboFix-quarantined-files.txt 2010-05-09 16:12 ComboFix2.txt 2010-05-09 14:45 ComboFix3.txt 2010-05-09 12:01 ComboFix4.txt 2010-05-09 10:12 ComboFix5.txt 2010-05-09 15:34 Före genomsökningen: 34 824 867 840 byte ledigt Efter genomsökningen: 34 817 851 392 byte ledigt - - End Of File - - 7CAD028EFF077F5E58642CF46851B67B
-
Datorn fungerar utmärkt vad jag upplever nu, inga varningar, pop up-fönster eller annat segande.
-
Ny Comfix-logg: ComboFix 10-05-07.07 - Carlsson 2010-05-09 16:35:32.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.503.347 [GMT 2:00] Körs från: c:\documents and settings\Carlsson\Skrivbord\ComboFix.exe Använda kommandoväxlar :: c:\documents and settings\Carlsson\Skrivbord\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((( Filer Skapade från 2010-04-09 till 2010-05-09 )))))))))))))))))))))))))))))) . 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\documents and settings\Carlsson\Application Data\Malwarebytes 2010-05-08 13:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-08 13:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\program\Malwarebytes' Anti-Malware 2010-05-08 11:52 . 2010-05-08 11:52 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing 2010-05-08 11:51 . 2010-05-08 11:51 -------- d-----r- c:\documents and settings\LocalService\Favoriter 2010-04-24 08:53 . 2010-04-24 08:53 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-24 08:50 . 2010-04-24 08:50 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-22 16:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-10 08:57 . 2010-04-10 08:57 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-24 08:52 . 2010-02-23 21:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-18 09:59 . 2004-10-15 17:04 -------- d-----w- c:\documents and settings\Carlsson\Application Data\AdobeUM 2010-04-18 09:20 . 2004-10-06 15:51 -------- d-----w- c:\program\Delade filer\Adobe 2010-04-17 16:03 . 2009-05-18 17:58 -------- d-----w- c:\documents and settings\Carlsson\Application Data\Spotify 2010-04-16 15:48 . 2010-02-13 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-04-16 15:33 . 2010-02-13 10:18 -------- d-----w- c:\documents and settings\Carlsson\Application Data\skypePM 2010-04-12 17:22 . 2009-11-10 13:44 79488 ----a-w- c:\documents and settings\Carlsson\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-28 15:27 . 2001-09-28 12:00 47992 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-28 15:27 . 2001-09-28 12:00 315338 ----a-w- c:\windows\system32\perfh01D.dat 2010-03-18 05:55 . 2010-03-18 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-18 05:55 . 2008-08-24 16:30 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-18 05:54 . 2008-08-24 16:30 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-10 06:17 . 2002-09-09 12:08 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:19 . 2002-09-09 12:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2002-08-28 23:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:09 . 2002-09-09 11:18 2190720 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2002-09-09 13:18 2067584 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-13 10:18 . 2010-02-13 10:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-02-12 04:35 . 2002-09-09 12:06 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2002-08-28 23:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] c:\documents and settings\Tessas\Program\Autostart\ Adobe Gamma.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start-meny\Program\Autostart\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-14 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-18 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program\\NetMeeting\\conf.exe"= "c:\\Program\\Microsoft Office\\Office10\\FRONTPG.EXE"= "c:\\Program\\Messenger\\msmsgs.exe"= "c:\\Program\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\Spotify\\spotify.exe"= "c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program\\Bonjour\\mDNSResponder.exe"= "c:\\Program\\iTunes\\iTunes.exe"= "c:\\Program\\AVG\\AVG9\\avgupd.exe"= "c:\\Program\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-02-23 242896] R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-03-18 308064] S0 ipnhc;ipnhc; [x] S2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?] S3 RioS50;RioS50 driver;c:\windows\system32\drivers\RioS50.sys [2005-05-30 12661] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-02-29 716272] . Innehållet i mappen 'Schemalagda aktiviteter': 2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-05-09 c:\windows\Tasks\Symantec NetDetect.job - c:\program\Symantec\LiveUpdate\NDETECT.EXE [2005-01-22 15:08] 2010-05-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-18 20:18] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.yahoomail.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: cnet.com\download DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 16:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}*] "1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44, fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLer som "laddats" under processer som körs --------------------- - - - - - - - > 'winlogon.exe'(568) c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL - - - - - - - > 'explorer.exe'(2920) c:\windows\system32\webcheck.dll . Sluttid: 2010-05-09 16:45:27 ComboFix-quarantined-files.txt 2010-05-09 14:45 ComboFix2.txt 2010-05-09 12:01 ComboFix3.txt 2010-05-09 10:12 ComboFix4.txt 2010-05-08 16:22 Före genomsökningen: 34 828 873 728 byte ledigt Efter genomsökningen: 34 832 982 016 byte ledigt - - End Of File - - 1F362810D5AB478810C22EE4089988DD Ny DDS-logg: DDS (Ver_10-03-17.01) - NTFSx86 Run by Carlsson at 16:49:15,68 on 2010-05-09 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.503.138 [GMT 2:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program\AVG\AVG9\avgchsvx.exe C:\Program\AVG\AVG9\avgrsx.exe C:\Program\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program\AVG\AVG9\avgwdsvc.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program\AVG\AVG9\avgnsx.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Carlsson\Skrivbord\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoomail.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg9\avgssie.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background StartupFolder: c:\docume~1\tessas\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adober~1.lnk - c:\program\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE IE: Convert link target to Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe Trusted Zone: cnet.com\download DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-24 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-24 29512] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-23 242896] R2 avg9wd;AVG Free WatchDog;c:\program\avg\avg9\avgwdsvc.exe [2010-3-18 308064] S0 ipnhc;ipnhc; [x] S2 SVKP;SVKP;\??\c:\windows\system32\svkp.sys --> c:\windows\system32\SVKP.sys [?] S3 RioS50;RioS50 driver;c:\windows\system32\drivers\RioS50.sys [2005-5-30 12661] =============== Created Last 30 ================ 2010-05-09 08:41:18 0 dcsha-r- C:\cmdcons 2010-05-08 15:49:23 77312 ----a-w- c:\windows\MBR.exe 2010-05-08 15:49:22 98816 ----a-w- c:\windows\sed.exe 2010-05-08 15:49:22 256512 ----a-w- c:\windows\PEV.exe 2010-05-08 15:49:22 161792 ----a-w- c:\windows\SWREG.exe 2010-05-08 13:23:57 0 d-----w- c:\docume~1\carlsson\applic~1\Malwarebytes 2010-05-08 13:23:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-08 13:23:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-08 13:23:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-08 13:23:12 0 d-----w- c:\program\Malwarebytes' Anti-Malware 2010-04-22 16:29:58 293376 ------w- c:\windows\system32\browserchoice.exe ==================== Find3M ==================== 2010-04-24 08:52:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-28 15:27:28 47992 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-28 15:27:28 315338 ----a-w- c:\windows\system32\perfh01D.dat 2010-03-18 05:55:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-18 05:54:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-10 06:17:42 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:19:40 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-17 12:09:32 2190720 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09:30 2067584 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-14 19:32:57 58728 ----a-w- c:\windows\fonts\scriptina.zip 2010-02-12 04:35:03 100864 ----a-w- c:\windows\system32\6to4svc.dll 2009-05-20 17:34:42 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012009052020090521\index.dat ============= FINISH: 16:49:44,70 =============== Attach.txt
-
Ny logg: ComboFix 10-05-07.07 - Carlsson 2010-05-09 13:51:57.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.503.346 [GMT 2:00] Körs från: c:\documents and settings\Carlsson\Skrivbord\ComboFix.exe Använda kommandoväxlar :: c:\documents and settings\Carlsson\Skrivbord\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\system32\hjwkzkorga.exe" "c:\windows\system32\msxsltsso.dll" . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\hjwkzkorga.exe . (((((((((((((((((((((((( Filer Skapade från 2010-04-09 till 2010-05-09 )))))))))))))))))))))))))))))) . 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\documents and settings\Carlsson\Application Data\Malwarebytes 2010-05-08 13:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-08 13:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\program\Malwarebytes' Anti-Malware 2010-05-08 11:52 . 2010-05-08 11:52 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing 2010-05-08 11:51 . 2010-05-08 11:51 -------- d-----r- c:\documents and settings\LocalService\Favoriter 2010-04-24 08:53 . 2010-04-24 08:53 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-24 08:50 . 2010-04-24 08:50 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-22 16:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-10 08:57 . 2010-04-10 08:57 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-24 08:52 . 2010-02-23 21:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-18 09:59 . 2004-10-15 17:04 -------- d-----w- c:\documents and settings\Carlsson\Application Data\AdobeUM 2010-04-18 09:20 . 2004-10-06 15:51 -------- d-----w- c:\program\Delade filer\Adobe 2010-04-17 16:03 . 2009-05-18 17:58 -------- d-----w- c:\documents and settings\Carlsson\Application Data\Spotify 2010-04-16 15:48 . 2010-02-13 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-04-16 15:33 . 2010-02-13 10:18 -------- d-----w- c:\documents and settings\Carlsson\Application Data\skypePM 2010-04-12 17:22 . 2009-11-10 13:44 79488 ----a-w- c:\documents and settings\Carlsson\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-28 15:27 . 2001-09-28 12:00 47992 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-28 15:27 . 2001-09-28 12:00 315338 ----a-w- c:\windows\system32\perfh01D.dat 2010-03-18 05:55 . 2010-03-18 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-18 05:55 . 2008-08-24 16:30 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-18 05:54 . 2008-08-24 16:30 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-10 06:17 . 2002-09-09 12:08 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:19 . 2002-09-09 12:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2002-08-28 23:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:09 . 2002-09-09 11:18 2190720 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2002-09-09 13:18 2067584 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-13 10:18 . 2010-02-13 10:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-02-12 04:35 . 2002-09-09 12:06 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2002-08-28 23:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] c:\documents and settings\Tessas\Program\Autostart\ Adobe Gamma.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start-meny\Program\Autostart\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-14 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-18 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program\\NetMeeting\\conf.exe"= "c:\\Program\\Microsoft Office\\Office10\\FRONTPG.EXE"= "c:\\Program\\Messenger\\msmsgs.exe"= "c:\\Program\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\Spotify\\spotify.exe"= "c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program\\Bonjour\\mDNSResponder.exe"= "c:\\Program\\iTunes\\iTunes.exe"= "c:\\Program\\AVG\\AVG9\\avgupd.exe"= "c:\\Program\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-02-23 242896] R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-03-18 308064] S0 ipnhc;ipnhc; [x] S2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?] S3 RioS50;RioS50 driver;c:\windows\system32\drivers\RioS50.sys [2005-05-30 12661] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-02-29 716272] . Innehållet i mappen 'Schemalagda aktiviteter': 2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-05-09 c:\windows\Tasks\Symantec NetDetect.job - c:\program\Symantec\LiveUpdate\NDETECT.EXE [2005-01-22 15:08] 2010-05-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-18 20:18] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.yahoomail.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: cnet.com\download DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 13:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}*] "1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44, fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLer som "laddats" under processer som körs --------------------- - - - - - - - > 'winlogon.exe'(568) c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL . Sluttid: 2010-05-09 14:01:50 ComboFix-quarantined-files.txt 2010-05-09 12:01 ComboFix2.txt 2010-05-09 10:12 ComboFix3.txt 2010-05-08 16:22 Före genomsökningen: 34 839 040 000 byte ledigt Efter genomsökningen: 34 842 673 152 byte ledigt - - End Of File - - DD8A54B5DD2F5873B43D82148E1FFFC1
-
Logg från SystemLook: SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 12:19 on 09/05/2010 by Carlsson (Administrator - Elevation successful) Invalid Context: filefindndis.sys -=End Of File=-
-
Ny Combofix-logg: ComboFix 10-05-07.07 - Carlsson 2010-05-09 11:55:55.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.503.209 [GMT 2:00] Körs från: c:\documents and settings\Carlsson\Skrivbord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\msxsltsso.dll Infekterad kopia av c:\windows\system32\drivers\ndis.sys hittades och desinficerades. Återställd kopia från - c:\windows\ServicePackFiles\i386\ndis.sys . (((((((((((((((((((((((( Filer Skapade från 2010-04-09 till 2010-05-09 )))))))))))))))))))))))))))))) . 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\documents and settings\Carlsson\Application Data\Malwarebytes 2010-05-08 13:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-08 13:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\program\Malwarebytes' Anti-Malware 2010-05-08 11:52 . 2010-05-08 11:52 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing 2010-05-08 11:51 . 2010-05-08 11:51 -------- d-----r- c:\documents and settings\LocalService\Favoriter 2010-05-07 21:18 . 2010-05-07 21:18 50990 ----a-w- c:\windows\system32\hjwkzkorga.exe 2010-04-22 16:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-24 08:53 . 2010-04-24 08:53 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-24 08:52 . 2010-02-23 21:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-24 08:50 . 2010-04-24 08:50 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-18 09:59 . 2004-10-15 17:04 -------- d-----w- c:\documents and settings\Carlsson\Application Data\AdobeUM 2010-04-18 09:20 . 2004-10-06 15:51 -------- d-----w- c:\program\Delade filer\Adobe 2010-04-17 16:03 . 2009-05-18 17:58 -------- d-----w- c:\documents and settings\Carlsson\Application Data\Spotify 2010-04-16 15:48 . 2010-02-13 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-04-16 15:33 . 2010-02-13 10:18 -------- d-----w- c:\documents and settings\Carlsson\Application Data\skypePM 2010-04-12 17:22 . 2009-11-10 13:44 79488 ----a-w- c:\documents and settings\Carlsson\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-10 08:57 . 2010-04-10 08:57 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-03-28 15:27 . 2001-09-28 12:00 47992 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-28 15:27 . 2001-09-28 12:00 315338 ----a-w- c:\windows\system32\perfh01D.dat 2010-03-18 05:55 . 2010-03-18 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-18 05:55 . 2008-08-24 16:30 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-18 05:54 . 2008-08-24 16:30 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-10 06:17 . 2002-09-09 12:08 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:19 . 2002-09-09 12:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2002-08-28 23:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:09 . 2002-09-09 11:18 2190720 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2002-09-09 13:18 2067584 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-13 10:18 . 2010-02-13 10:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-02-12 04:35 . 2002-09-09 12:06 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2002-08-28 23:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] c:\documents and settings\Tessas\Program\Autostart\ Adobe Gamma.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start-meny\Program\Autostart\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-14 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-18 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program\\NetMeeting\\conf.exe"= "c:\\Program\\Microsoft Office\\Office10\\FRONTPG.EXE"= "c:\\Program\\Messenger\\msmsgs.exe"= "c:\\Program\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\Spotify\\spotify.exe"= "c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program\\Bonjour\\mDNSResponder.exe"= "c:\\Program\\iTunes\\iTunes.exe"= "c:\\Program\\AVG\\AVG9\\avgupd.exe"= "c:\\Program\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-02-23 242896] R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-03-18 308064] S0 ipnhc;ipnhc; [x] S2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?] S3 RioS50;RioS50 driver;c:\windows\system32\drivers\RioS50.sys [2005-05-30 12661] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-02-29 716272] . Innehållet i mappen 'Schemalagda aktiviteter': 2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-05-08 c:\windows\Tasks\Symantec NetDetect.job - c:\program\Symantec\LiveUpdate\NDETECT.EXE [2005-01-22 15:08] 2010-05-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-18 20:18] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.yahoomail.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: cnet.com\download DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - SSODL-GootkitSSO-{1571BC9F-9909-4A1F-BDA3-147F855B1EA5} - c:\windows\System32\msxsltsso.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 12:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}*] "1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44, fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLer som "laddats" under processer som körs --------------------- - - - - - - - > 'explorer.exe'(3092) c:\windows\system32\webcheck.dll . ------------------------ Andra processer som körs ------------------------ . c:\program\AVG\AVG9\avgchsvx.exe c:\program\AVG\AVG9\avgrsx.exe c:\program\AVG\AVG9\avgcsrvx.exe c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program\Bonjour\mDNSResponder.exe c:\program\Java\jre6\bin\jqs.exe c:\windows\system32\MsPMSPSv.exe c:\program\AVG\AVG9\avgnsx.exe . ************************************************************************** . Sluttid: 2010-05-09 12:12:24 - datorn startades om. ComboFix-quarantined-files.txt 2010-05-09 10:12 ComboFix2.txt 2010-05-08 16:22 Före genomsökningen: 34 926 772 224 byte ledigt Efter genomsökningen: 34 902 216 704 byte ledigt - - End Of File - - 47ACA1C1A37A742D5E340C320559338C
-
Jag fick ingen svarslänk, fick bara upp en sida med texten: "0 bytes size received / Se ha recibido un archivo vacio". Testade flera gånger.
-
När jag skickar c:\Windows\system32\drivers\ndis.sys får jag bara upp ett fönster med texten: "0 bytes size received / Se ha recibido un archivo vacio"
-
Nu har jag laddat upp filerna på Virustotal: http://www.virustotal.com/sv/analisis/7660a9f917b4f40f24a76fb670e8d6c93449e871c3cbcd60529a379066805595-1272896193 http://www.virustotal.com/sv/analisis/8412ebd8bd424648725ad778ede540f678a42d8af36ec0c1f344cb51ca52d6a1-1273394863 http://www.virustotal.com/sv/analisis/255cb5fe173d96a443f25278a8139aa22c4fd722e44bb073cb7950345a610679-1273258018 http://www.virustotal.com/vt/sv/recepcion?7ec35c1a8b8ea25cab8630445e1898a2 Nu efter att jag installerade återställningskonsolen kan jag inte längre inaktivera anslutningen, och det vill jag ju kunna göra...
-
Problemet är att AVG stänger av brandväggen också när jag följer de instruktioner jag fick av Cecilia tidigare. I ComboFix får jag meddelanden om att antivirusskyddet fortfarande är på: http://www.bleepingc...opic114351.html Men jag testar ändå så får vi se vad som händer.
-
Ja det fick jag, jag svarade nej eftersom jag hade inaktiverat AVG och för att hämta var man tvungen att gå online. Tänkte att jag kunde göra det när allt var klart och jag dragit igång AVG igen. Jag ska alltså både köra ComboFix igen, OCH ladda ner filerna? Hur gör jag då jag måste inaktivera AVG för att köra ComboFix men samtidigt gå online för att hämta återställningskonsolen?
-
Änligen klart! Här kommer loggen: ComboFix 10-05-07.07 - Carlsson 2010-05-08 18:01:11.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.503.206 [GMT 2:00] Körs från: c:\documents and settings\Carlsson\Skrivbord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !! . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Carlsson\Application Data\020000005dfb0295C.manifest c:\documents and settings\Carlsson\Application Data\020000005dfb0295O.manifest c:\documents and settings\Carlsson\Application Data\020000005dfb0295P.manifest c:\documents and settings\Carlsson\Application Data\020000005dfb0295R.manifest c:\documents and settings\Carlsson\Application Data\020000005dfb0295S.manifest c:\documents and settings\Tessas\Program\Antimalware Doctor c:\documents and settings\Tessas\Program\Antimalware Doctor\Antimalware Doctor.lnk c:\documents and settings\Tessas\Program\Antimalware Doctor\Uninstall.lnk c:\program\Antivirus c:\program\Antivirus\avg_free_stf_en_8_138a1332.exe c:\windows\system32\Ijl11.dll c:\windows\system32\msxsltsso.dll c:\windows\system32\sgsnngyc.dll c:\windows\system32\ykmhbjvg.dll Infekterad kopia av c:\windows\system32\drivers\cdrom.sys hittades och desinficerades. Återställd kopia från - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS (((((((((((((((((((((((( Filer Skapade från 2010-04-08 till 2010-05-08 )))))))))))))))))))))))))))))) . 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\documents and settings\Carlsson\Application Data\Malwarebytes 2010-05-08 13:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-08 13:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\program\Malwarebytes' Anti-Malware 2010-05-08 11:52 . 2010-05-08 11:52 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing 2010-05-08 11:51 . 2010-05-08 11:51 -------- d-----r- c:\documents and settings\LocalService\Favoriter 2010-05-07 21:18 . 2010-05-07 21:18 50990 ----a-w- c:\windows\system32\hjwkzkorga.exe 2010-05-07 21:16 . 2010-05-07 21:16 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys 2010-04-22 16:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-07 21:16 . 2002-08-29 00:09 210816 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-04-24 08:53 . 2010-04-24 08:53 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-24 08:52 . 2010-02-23 21:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-24 08:50 . 2010-04-24 08:50 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-18 09:59 . 2004-10-15 17:04 -------- d-----w- c:\documents and settings\Carlsson\Application Data\AdobeUM 2010-04-18 09:20 . 2004-10-06 15:51 -------- d-----w- c:\program\Delade filer\Adobe 2010-04-17 16:03 . 2009-05-18 17:58 -------- d-----w- c:\documents and settings\Carlsson\Application Data\Spotify 2010-04-16 15:48 . 2010-02-13 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-04-16 15:33 . 2010-02-13 10:18 -------- d-----w- c:\documents and settings\Carlsson\Application Data\skypePM 2010-04-12 17:22 . 2009-11-10 13:44 79488 ----a-w- c:\documents and settings\Carlsson\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-10 08:57 . 2010-04-10 08:57 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-03-28 15:27 . 2001-09-28 12:00 47992 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-28 15:27 . 2001-09-28 12:00 315338 ----a-w- c:\windows\system32\perfh01D.dat 2010-03-18 05:55 . 2010-03-18 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-18 05:55 . 2008-08-24 16:30 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-18 05:54 . 2008-08-24 16:30 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-10 06:17 . 2002-09-09 12:08 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:19 . 2002-09-09 12:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2002-08-28 23:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:09 . 2002-09-09 11:18 2190720 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2002-09-09 13:18 2067584 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-13 10:18 . 2010-02-13 10:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-02-12 04:35 . 2002-09-09 12:06 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2002-08-28 23:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ------- Sigcheck ------- [-] 2010-05-07 21:16 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\drivers\ndis.sys [-] 2010-05-07 21:16 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\dllcache\ndis.sys [-] 2008-04-13 19:20 . !HASH: COULD NOT OPEN FILE !!!!! . 182656 . . [------] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2004-08-04 06:14 . !HASH: COULD NOT OPEN FILE !!!!! . 182912 . . [------] . . c:\windows\$NtServicePackUninstall$\ndis.sys . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] c:\documents and settings\Tessas\Program\Autostart\ Adobe Gamma.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start-meny\Program\Autostart\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-14 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-18 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program\\NetMeeting\\conf.exe"= "c:\\Program\\Microsoft Office\\Office10\\FRONTPG.EXE"= "c:\\Program\\Messenger\\msmsgs.exe"= "c:\\Program\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\Spotify\\spotify.exe"= "c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program\\Bonjour\\mDNSResponder.exe"= "c:\\Program\\iTunes\\iTunes.exe"= "c:\\Program\\AVG\\AVG9\\avgupd.exe"= "c:\\Program\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-02-23 242896] R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-03-18 308064] S0 ipnhc;ipnhc; [x] S2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?] S3 RioS50;RioS50 driver;c:\windows\system32\drivers\RioS50.sys [2005-05-30 12661] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-02-29 716272] . Innehållet i mappen 'Schemalagda aktiviteter': 2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-05-08 c:\windows\Tasks\Symantec NetDetect.job - c:\program\Symantec\LiveUpdate\NDETECT.EXE [2005-01-22 15:08] 2010-05-08 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-18 20:18] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.yahoomail.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: cnet.com\download DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - SSODL-GootkitSSO-{92E434D8-F7F1-43D3-955B-E8E270D9738A} - c:\windows\System32\msxsltsso.dll Notify-6c5c78f6382 - c:\windows\system32\__c00C5394.dat ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-08 18:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe >>UNKNOWN [0x8234E0E0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf8585f28 \Driver\ACPI -> ACPI.sys @ 0xf84f8cb8 \Driver\atapi -> atapi.sys @ 0xf848a852 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 user & kernel MBR OK ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}*] "1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44, fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLer som "laddats" under processer som körs --------------------- - - - - - - - > 'explorer.exe'(3384) c:\windows\system32\webcheck.dll . ------------------------ Andra processer som körs ------------------------ . c:\program\AVG\AVG9\avgchsvx.exe c:\program\AVG\AVG9\avgrsx.exe c:\program\AVG\AVG9\avgcsrvx.exe c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program\Bonjour\mDNSResponder.exe c:\program\Java\jre6\bin\jqs.exe c:\windows\system32\MsPMSPSv.exe c:\program\AVG\AVG9\avgnsx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Sluttid: 2010-05-08 18:22:02 - datorn startades om. ComboFix-quarantined-files.txt 2010-05-08 16:21 Före genomsökningen: 33 402 306 560 byte ledigt Efter genomsökningen: 34 922 930 176 byte ledigt - - End Of File - - 30F76DB1E7DE3DF183FB87E01C84EB48
-
När Malwarebytes kört klart fick jag upp detta meddelande: "Vissa poster kunde inte tas bort. En loggfil sparades till loggmappen. Din dator behöver startas om för att slutföra borttagningsprocessen. Vill du starta om datorn nu?" Har detta att göra med att jag bockade ur C:\WINDOWS\system32\Drivers\ntndis.sys? Hur går jag vidare, ska jag starta om datorn?