Gå till innehåll

hubalon

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    78

  • Gick med

  • Besökte senast

 Innehållstyp 

Allt postat av hubalon

  1. hubalon
    Har ett trådlöst nätverk med ett antal Win 7 och Linuxdatorer. Helt plötsligt häromdagen visades en ny dator med namnet localhost på nätverkskartan. Den visades på samtliga datorer och innehöll samma mappar som den dator som jag just tittade på. Den trådlösa routern är en D-link Dir-635. Det enda avvikande jag gjort på sistone är att ansluta en dator med Linux Mandriva. Någon ide om vad det kan bero på ?
  2. hubalon
    Har Win 7 HP Family installerad på 3 datorer. (en 64 bitars och två 32 bitars). Kan jag (för att kunna utnyttja mera RAM-minne) utan att ådra mig Microsofts vrede "uppgradera" en 32 bitars till 64 bitar (skivan finns ju med, och det är samma nyckel ? Går det i s f att uppgrdera, eller måste jag göra ren installation?
  3. hubalon
    Jag också !
  4. hubalon
    Jag svarar själv. Gjorde som Venoms - Avaktiverade IPv6 - som egentligen inte har med detta att göra, Av någon outgrundlig anledning verkar pronlemet lösts. Sedan återstår att se hur länge det varar, Gammal man gör så gott han kan!
  5. hubalon
    Har ominstallerat Win 7 på en dator i mitt nätverk. När den datorn startar upp visas datorn på nätverkskartan som ansluten mot ett frågetecken (okänt) och inte mot den riktiga routern (som också syns) Samtidigt visas under tillgängliga trådlösa nätverk ett okänt nätverk med ett rött kryss där "staketet" skall visas. Allt fungerar dock som det skall och om jag tar ur nätverkskortet (D-link DWA-140 USB) och sätter tillbaks det så visas allt som det skall. Även det okända nätverket under anslut till trådlösa.. försvinner. Jag har rensat tidigare systemfiler och tagit bort mappern Windows.old. Allt fungerar ju, men det stör en gammal mans sinne för ordning och reda. Någon som har en ide om vad det kan vara.
  6. hubalon
    Nu har jag avinstallerat Nod32 och installerat om, men när Nod 32 scannade datorn så satte den infekterade filer i karantän. När jag sedan gick till karantän för att ta bort dem så fanns IP-adressen med i textsträngen. Jag kommer inte ihåg exakt vad det stod, men kanske var det därifrån trojanerna kom ?
  7. hubalon
    Redan provat Nod32. Tack Cecilia för ditt tålamod. Vad jag kunde förstå (från Nod32) så härrörde eländet från 91.212.226.189/inst_n82.exe. Googlade på det - och där såg det eländigt ut.
  8. hubalon
    Tack Cecilia och andra för goda råd, men en ominstallation går snabbare. Räcker det att göra en "clean install" för att bli av med eländet? Eller måste jag formatera hela HD:n. Det skapas ju en Win.old, finns eländet kvar där-och är det i s f isolerat? Skapas det inte en dold partition om ca: 100MB. Finns den kvar från den "gamla" inst - och kan den vara infekterad? Andra goda råd om installation mottages med tacksamhet. Jag har Win 7 Home Premium Family (updateversion).
  9. hubalon
    GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-13 06:13:25 Windows 6.1.7600 Running: 2j9gm4sv.exe; Driver: C:\Users\asta\AppData\Local\Temp\kxldrpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8DD3A7D6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x8DD3B0A6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8DD3A22C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8DD337EA] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8DD5208A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8DD3AD36] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8DD4E5F4] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8DD4EA1C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8DD5697A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8DD4EE90] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8DD3AE94] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8DD346B6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8DD53AAA] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8DD5339E] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8DD4D42E] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8DD54478] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8DD546B6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8DD54B68] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0x8DD56D38] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8DD341A4] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8DD50652] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8DD55912] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8DD54E32] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8DD39DC0] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8DD55550] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8DD3A4F8] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8DD34AC2] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8DD55E9C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8DD52ABE] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8DD4F71A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x8DD4F44A] INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828343F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D2D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281C898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828341DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828346F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828351A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82894579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828B8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 248 828C0748 8 Bytes [D6, A7, D3, 8D, A6, B0, D3, ...] {SALC ; CMPSD ; ROR DWORD [EBP-0x722c4f5a], CL} .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 828C07DC 4 Bytes [2C, A2, D3, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 2F8 828C07F8 4 Bytes JMP 958DD337 .text ntkrnlpa.exe!RtlSidHashLookup + 308 828C0808 4 Bytes [8A, 20, D5, 8D] {MOV AH, [EAX]; AAD 0x8d} .text ntkrnlpa.exe!RtlSidHashLookup + 324 828C0824 4 Bytes [36, AD, D3, 8D] .text ... .text peauth.sys A961DC9D 28 Bytes [0F, 9F, DF, B7, 2E, 5E, 52, ...] .text peauth.sys A961DCC1 28 Bytes [0F, 9F, DF, B7, 2E, 5E, 52, ...] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[644] ole32.dll!CoCreateInstance 775A57FC 5 Bytes JMP 005D000A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Filterhanteraren för Microsofts filsystem/Microsoft Corporation) Device -> \Driver\atapi \Device\Harddisk0\DR0 8594E841 ---- Files - GMER 1.0.15 ---- File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----
  10. hubalon
    2. Kan inte köra Root Repeal ROOTREPEAL CRASH REPORT ------------------------- Windows Version: Windows Vista SP0 Exception Code: 0xc0000005 Exception Address: 0x00422bf2 Attempt to read from address: 0x00000004
  11. hubalon
    Running from: C:\Users\asta\Desktop\Win32kDiag.exe Log file at : C:\Users\asta\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [1] 2010-01-13 05:18:27 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl [1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl [1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl [1] 2010-01-13 05:20:43 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl [1] 2010-01-13 05:18:35 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat [1] 2009-12-28 16:23:18 8192 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 [1] 2009-12-28 16:23:17 5120 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 [1] 2009-12-28 16:23:17 0 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TM.blf [1] 2009-12-28 16:23:17 65536 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TM.blf () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000001.regtrans-ms [1] 2009-12-28 16:23:17 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000001.regtrans-ms () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000002.regtrans-ms [1] 2009-12-28 16:23:17 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000002.regtrans-ms () Finished!
  12. hubalon
    ComboFix 10-01-11.04 - asta 2010-01-12 17:17:34.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2038.1143 [GMT 1:00] Körs från: c:\users\asta\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat c:\recycler\S-1-5-21-583907252-1500820517-725345543-1004 c:\windows\system32\ujvh.dro ----- BITS: Troligen infekterade webbplatser ----- hxxp://nds1.nokia.com . (((((((((((((((((((((((( Filer Skapade från 2009-12-12 till 2010-01-12 )))))))))))))))))))))))))))))) . 2010-01-12 18:12 . 2010-01-12 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-12 16:13 . 2010-01-12 16:14 -------- d-----w- C:\32788R22FWJFW 2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\users\asta\AppData\Roaming\Malwarebytes 2010-01-12 12:00 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\programdata\Malwarebytes 2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-12 12:00 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-10 16:14 . 2010-01-10 16:14 -------- d-----w- c:\users\asta\AppData\Local\Diagnostics 2009-12-30 15:17 . 2009-12-30 15:17 -------- d-----w- c:\program files\MSXML 4.0 2009-12-30 11:27 . 2009-12-30 11:27 -------- d-----w- c:\users\asta\AppData\Local\Mozilla 2009-12-30 11:06 . 2010-01-06 07:04 -------- d-----w- c:\users\asta\AppData\Roaming\TeamViewer 2009-12-30 11:06 . 2009-12-30 11:06 -------- d-----w- c:\program files\TeamViewer 2009-12-30 07:20 . 2009-12-30 07:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2009-12-30 07:20 . 2009-12-30 07:20 346944 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-30 07:18 . 2009-12-30 07:18 -------- d-----w- c:\program files\Media Center Plugin 2009-12-29 09:50 . 2009-11-05 15:38 1669120 ----a-w- c:\windows\system32\BootMan.exe 2009-12-29 09:50 . 2009-09-16 15:55 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys 2009-12-29 09:50 . 2009-09-14 08:21 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll 2009-12-29 09:50 . 2009-08-26 11:45 14216 ----a-w- c:\windows\system32\epmntdrv.sys 2009-12-29 09:50 . 2009-04-22 13:28 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2009-12-29 09:34 . 2009-12-29 09:34 567296 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5FC672F4-A4D4-EB5D-F32A-29F02DEC8C47}-VersitConverter.dll 2009-12-29 09:34 . 2009-12-29 09:34 -------- d-----w- c:\program files\Speccy 2009-12-29 08:33 . 2009-12-29 08:33 -------- d-----w- c:\users\asta\AppData\Roaming\Lexmark Imaging Studio 2009-12-29 08:30 . 2009-12-30 08:41 -------- d-----w- c:\program files\Lx_cats 2009-12-29 08:29 . 2007-02-27 04:16 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdjdrpp.dll 2009-12-29 06:36 . 2009-12-29 06:36 -------- d-----w- c:\program files\uTorrent 2009-12-29 06:35 . 2009-12-29 09:48 -------- d-----w- c:\users\asta\AppData\Roaming\uTorrent 2009-12-29 06:23 . 2009-12-29 06:23 45608 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{7952B7FB-4830-63CE-14DB-3AE918E91E8E}-whirl-pinch.exe 2009-12-29 06:23 . 2009-12-29 06:23 45104 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{2A39E020-37BC-22B8-6E02-ED751AD07221}-wind.exe 2009-12-29 06:20 . 2009-12-29 06:20 -------- d-----w- c:\program files\Google 2009-12-29 06:15 . 2009-12-29 06:19 -------- d-----w- c:\users\asta\.gimp-2.6 2009-12-29 06:14 . 2009-12-29 06:14 -------- d-----w- c:\program files\GIMP-2.0 2009-12-29 06:07 . 2009-12-29 06:07 -------- d-----w- c:\users\asta\AppData\Roaming\Canneverbe_Limited 2009-12-29 06:07 . 2009-12-29 06:07 -------- d-----w- c:\programdata\Canneverbe Limited 2009-12-29 06:06 . 2009-09-28 19:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-12-29 06:06 . 2009-12-29 06:10 -------- d-----w- c:\program files\CDBurnerXP 2009-12-29 06:03 . 2010-01-07 11:00 -------- d-----w- c:\users\asta\AppData\Roaming\ImgBurn 2009-12-29 06:02 . 2009-12-29 06:03 -------- d-----w- c:\program files\ImgBurn 2009-12-29 05:49 . 2009-12-29 05:49 -------- d-----w- c:\programdata\Nokia 2009-12-29 05:47 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\Nokia Ovi Suite 2009-12-29 05:47 . 2009-12-29 05:47 77824 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{74AB8BEF-101B-83AD-06E7-0DA8E8D00CCC}-Run_XML6_SP1.exe 2009-12-29 05:45 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\Nokia 2009-12-29 05:45 . 2009-12-29 05:45 -------- d-----w- c:\users\asta\AppData\Local\Nokia 2009-12-29 05:45 . 2009-12-29 05:45 -------- d-----w- c:\programdata\PC Suite 2009-12-29 05:45 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\PC Suite 2009-12-29 05:45 . 2009-12-29 05:46 -------- d-----w- c:\users\asta\AppData\Local\NokiaAccount 2009-12-29 05:42 . 2009-12-29 05:42 -------- d-----w- c:\program files\Common Files\Nokia 2009-12-29 05:42 . 2009-12-29 05:42 -------- d-----w- c:\program files\DIFX 2009-12-28 20:03 . 2009-12-28 11:25 -------- d-----w- c:\windows\Panther 2009-12-28 15:05 . 2009-12-28 15:05 -------- d-----w- c:\users\asta\AppData\Local\ElevatedDiagnostics 2009-12-28 14:53 . 2010-01-06 15:04 -------- d-----w- c:\users\asta\AppData\Roaming\skypePM 2009-12-28 14:52 . 2010-01-06 16:05 -------- d-----w- c:\users\asta\AppData\Roaming\Skype 2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----w- c:\program files\Common Files\Skype 2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----r- c:\program files\Skype 2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----w- c:\programdata\Skype 2009-12-28 14:28 . 2009-12-29 09:49 -------- d-----w- c:\program files\EASEUS 2009-12-28 13:35 . 2009-12-28 13:35 -------- d-----w- c:\windows\system32\Macromed 2009-12-28 12:29 . 2010-01-12 09:30 617232 ----a-w- c:\windows\system32\perfh01D.dat 2009-12-28 12:29 . 2010-01-12 09:30 120596 ----a-w- c:\windows\system32\perfc01D.dat 2009-12-28 12:29 . 2009-12-28 12:27 37052 ----a-w- c:\windows\system32\perfd01D.dat 2009-12-28 12:29 . 2009-12-28 12:27 294764 ----a-w- c:\windows\system32\perfi01D.dat 2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\XPSViewer 2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\sv 2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\drivers\sv-SE 2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\sv-SE 2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\wbem\sv-SE 2009-12-28 12:27 . 2009-12-28 12:27 -------- d-----w- c:\windows\sv-SE 2009-12-28 12:01 . 2009-12-28 12:01 -------- d-----w- c:\programdata\Kaspersky SDK 2009-12-28 11:56 . 2009-12-28 11:56 -------- d-----w- c:\users\asta\AppData\Roaming\MailFrontier 2009-12-28 11:52 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe 2009-12-28 11:52 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2009-12-28 11:51 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll 2009-12-28 11:51 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2009-12-28 11:51 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2009-12-28 11:51 . 2010-01-06 06:56 -------- d-----w- c:\windows\system32\ZoneLabs 2009-12-28 11:51 . 2009-10-17 00:41 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2009-12-28 11:51 . 2009-12-28 11:51 -------- d-----w- c:\program files\Zone Labs 2009-12-28 11:50 . 2009-12-28 11:50 -------- d-----w- c:\programdata\CheckPoint 2009-12-28 11:50 . 2010-01-12 18:09 -------- d-----w- c:\windows\Internet Logs 2009-12-28 11:37 . 2009-12-29 06:21 -------- d-----w- c:\users\asta\AppData\Local\Google 2009-12-28 11:37 . 2009-12-29 06:07 61736 ----a-w- c:\users\asta\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-28 11:37 . 2009-12-28 11:37 -------- d-----w- c:\users\asta\AppData\Local\Deployment 2009-12-28 11:37 . 2009-12-28 11:37 -------- d-----w- c:\users\asta\AppData\Local\Apps 2009-12-28 11:32 . 2009-12-28 11:32 -------- d-----w- c:\windows\system32\x64 2009-12-28 11:32 . 2009-09-11 16:15 1002008 ----a-w- c:\windows\system32\igxpun.exe 2009-12-28 11:31 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll 2009-12-28 11:30 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-28 11:29 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-28 11:26 . 2009-12-28 11:26 -------- d-----w- c:\program files\Common Files\logishrd 2009-12-28 11:19 . 2010-01-12 09:30 -------- d-----w- c:\windows\system32\wbem\Performance 2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-12 18:08 . 2010-01-12 18:08 699983 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-01-12 14:01 . 2009-12-28 11:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-01-12 12:15 . 2010-01-12 12:16 2237952 ----a-w- c:\windows\Internet Logs\xDB66C0.tmp 2010-01-12 12:15 . 2010-01-12 12:16 627712 ----a-w- c:\windows\Internet Logs\xDB651A.tmp 2010-01-12 08:39 . 2010-01-12 08:41 2217472 ----a-w- c:\windows\Internet Logs\xDB88FF.tmp 2010-01-11 09:28 . 2010-01-11 09:30 2214400 ----a-w- c:\windows\Internet Logs\xDB62BA.tmp 2010-01-09 18:03 . 2010-01-10 15:45 190464 ----a-w- c:\windows\Internet Logs\xDB673C.tmp 2010-01-09 18:03 . 2010-01-10 15:45 2210816 ----a-w- c:\windows\Internet Logs\xDB6885.tmp 2010-01-05 15:31 . 2010-01-06 06:44 2169856 ----a-w- c:\windows\Internet Logs\xDB3DB3.tmp 2010-01-05 15:31 . 2010-01-06 06:44 155648 ----a-w- c:\windows\Internet Logs\xDB3C47.tmp 2010-01-01 16:15 . 2010-01-02 14:23 2168320 ----a-w- c:\windows\Internet Logs\xDB3CF2.tmp 2009-12-29 16:39 . 2009-12-30 07:07 2134016 ----a-w- c:\windows\Internet Logs\xDB49CE.tmp 2009-12-29 16:39 . 2009-12-30 07:07 311296 ----a-w- c:\windows\Internet Logs\xDB474E.tmp 2009-12-29 08:28 . 2009-12-29 08:28 -------- d-----w- c:\program files\Lexmark 1400 Series 2009-12-29 06:10 . 2009-12-29 06:10 1895936 ----a-w- c:\windows\Internet Logs\xDB4397.tmp 2009-12-29 05:45 . 2009-12-29 05:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-12-29 05:44 . 2009-12-29 05:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-12-29 05:42 . 2009-12-29 05:40 -------- d-----w- c:\program files\Nokia 2009-12-29 05:41 . 2009-12-29 05:41 -------- d-----w- c:\program files\PC Connectivity Solution 2009-12-29 05:40 . 2009-12-29 05:40 12212040 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe 2009-12-29 05:40 . 2009-12-29 05:40 13930312 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe 2009-12-29 05:40 . 2009-12-29 05:40 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe 2009-12-29 05:40 . 2009-12-29 05:40 61440 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe 2009-12-29 05:40 . 2009-12-29 05:40 58880 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe 2009-12-29 05:40 . 2009-12-29 05:40 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe 2009-12-29 05:40 . 2009-12-29 05:40 -------- d-----w- c:\programdata\OviInstallerCache 2009-12-29 05:40 . 2009-12-29 05:40 95992424 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL.exe 2009-12-29 05:23 . 2009-12-29 06:10 8704 ----a-w- c:\windows\Internet Logs\xDB4210.tmp 2009-12-28 16:26 . 2009-12-29 05:23 165888 ----a-w- c:\windows\Internet Logs\xDB42BC.tmp 2009-12-28 15:33 . 2009-12-28 13:54 -------- d-----w- c:\program files\Java 2009-12-28 14:53 . 2009-12-28 14:53 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-12-28 14:32 . 2009-12-28 14:46 103424 ----a-w- c:\windows\Internet Logs\xDBE64A.tmp 2009-12-28 14:32 . 2009-12-28 14:46 1784832 ----a-w- c:\windows\Internet Logs\xDBF0B7.tmp 2009-12-28 14:06 . 2009-12-28 14:06 -------- d-----w- c:\users\asta\AppData\Roaming\Foxit 2009-12-28 14:06 . 2009-12-28 13:39 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-12-28 14:06 . 2009-12-28 14:06 -------- d-----w- c:\program files\Foxit Software 2009-12-28 13:57 . 2009-12-28 13:57 1 ----a-w- c:\users\asta\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-28 13:57 . 2009-12-28 13:57 -------- d-----w- c:\users\asta\AppData\Roaming\OpenOffice.org 2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\program files\JRE 2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\program files\OpenOffice.org 3 2009-12-28 13:40 . 2009-12-28 13:40 -------- d-----w- c:\users\asta\AppData\Roaming\Thunderbird 2009-12-28 12:31 . 2009-12-28 12:32 68608 ----a-w- c:\windows\Internet Logs\xDBBA99.tmp 2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar 2009-12-28 12:28 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker 2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer 2009-12-28 12:28 . 2009-07-14 07:49 -------- d-----w- c:\program files\Windows Journal 2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender 2009-12-28 12:27 . 2009-12-28 12:28 37052 ----a-w- c:\windows\inf\PERFLIB\041D\perfd.dat 2009-12-28 12:27 . 2009-12-28 12:28 37052 ----a-w- c:\windows\inf\PERFLIB\041D\perfc.dat 2009-12-28 12:27 . 2009-12-28 12:28 294764 ----a-w- c:\windows\inf\PERFLIB\041D\perfi.dat 2009-12-28 12:27 . 2009-12-28 12:28 294764 ----a-w- c:\windows\inf\PERFLIB\041D\perfh.dat 2009-12-28 11:52 . 2009-12-28 11:51 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-12-28 11:30 . 2009-12-28 11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-28 135664] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2009-04-27 25256] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] c:\users\asta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [2009-07-14 48128] R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\System32\drivers\KMWDFILTER.sys [2009-04-29 25088] R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\System32\drivers\Dnetr28u.sys [2009-08-06 750592] S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [2009-12-29 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [2009-12-29 8456] . Innehållet i mappen 'Schemalagda aktiviteter': 2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3128610318-2832286723-3432330886-1000Core.job - c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-28 11:37] 2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3128610318-2832286723-3432330886-1000UA.job - c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-28 11:37] . . ------- Extra genomsökning ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 FF - ProfilePath - c:\users\asta\AppData\Roaming\Mozilla\Firefox\Profiles\yz26u1xf.default\ FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\users\asta\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICY ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85950841]<< kernel: MBR read successfully detected MBR rootkit hooks: IoDeviceObjectType -> DumpProcedure -> 0xd46a624f SecurityProcedure -> 0x84cace88 QueryNameProcedure -> 0x84caa558 user & kernel MBR OK ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Sluttid: 2010-01-12 19:19:06 ComboFix-quarantined-files.txt 2010-01-12 18:19 Före genomsökningen: 103 284 056 064 byte ledigt Efter genomsökningen: 103 593 152 512 byte ledigt - - End Of File - - 9050C8F7AC4A72534FEE55B2B0E4477B
  13. hubalon
    Senaste ZAISS (2010) Inga "fulprogram" I mappen Autostart = OpenOffice.org.3.1
  14. hubalon
    Fil explorer.exe mottagen 2010.01.11 22:23:48 (UTC) Närvarande status: genomförd Resultat: 0/41 (0.00%) Compact Skriv ut resultat Antivirus Version Senaste Uppdatering Resultat a-squared 4.5.0.48 2010.01.11 - AhnLab-V3 5.0.0.2 2010.01.11 - AntiVir 7.9.1.134 2010.01.11 - Antiy-AVL 2.0.3.7 2010.01.11 - Authentium 5.2.0.5 2010.01.11 - Avast 4.8.1351.0 2010.01.11 - AVG 9.0.0.725 2010.01.11 - BitDefender 7.2 2010.01.11 - CAT-QuickHeal 10.00 2010.01.11 - ClamAV 0.94.1 2010.01.11 - Comodo 3550 2010.01.11 - DrWeb 5.0.1.12222 2010.01.11 - eSafe 7.0.17.0 2010.01.11 - eTrust-Vet 35.2.7229 2010.01.11 - F-Prot 4.5.1.85 2010.01.10 - F-Secure 9.0.15370.0 2010.01.11 - Fortinet 4.0.14.0 2010.01.09 - GData 19 2010.01.11 - Ikarus T3.1.1.80.0 2010.01.11 - Jiangmin 13.0.900 2010.01.11 - K7AntiVirus 7.10.944 2010.01.11 - Kaspersky 7.0.0.125 2010.01.11 - McAfee 5858 2010.01.11 - McAfee+Artemis 5858 2010.01.11 - McAfee-GW-Edition 6.8.5 2010.01.11 - Microsoft 1.5302 2010.01.11 - NOD32 4762 2010.01.11 - Norman 6.04.03 2010.01.11 - nProtect 2009.1.8.0 2010.01.11 - Panda 10.0.2.2 2010.01.11 - PCTools 7.0.3.5 2010.01.11 - Prevx 3.0 2010.01.11 - Rising 22.30.00.05 2010.01.11 - Sophos 4.49.0 2010.01.11 - Sunbelt 3.2.1858.2 2010.01.11 - Symantec 20091.2.0.41 2010.01.11 - TheHacker 6.5.0.3.146 2010.01.11 - TrendMicro 9.120.0.1004 2010.01.11 - VBA32 3.12.12.1 2010.01.11 - ViRobot 2010.1.11.2130 2010.01.11 - VirusBuster 5.0.21.0 2010.01.11 Fil userinit.exe mottagen 2010.01.10 20:17:18 (UTC) Närvarande status: genomförd Resultat: 0/41 (0.00%) Compact Skriv ut resultat Antivirus Version Senaste Uppdatering Resultat a-squared 4.5.0.48 2010.01.10 - AhnLab-V3 5.0.0.2 2010.01.10 - AntiVir 7.9.1.134 2010.01.10 - Antiy-AVL 2.0.3.7 2010.01.08 - Authentium 5.2.0.5 2010.01.10 - Avast 4.8.1351.0 2010.01.10 - AVG 8.5.0.430 2010.01.04 - BitDefender 7.2 2010.01.10 - CAT-QuickHeal 10.00 2010.01.09 - ClamAV 0.94.1 2010.01.09 - Comodo 3536 2010.01.10 - DrWeb 5.0.1.12222 2010.01.10 - eSafe 7.0.17.0 2010.01.10 - eTrust-Vet 35.2.7226 2010.01.08 - F-Prot 4.5.1.85 2010.01.10 - F-Secure 9.0.15370.0 2010.01.10 - Fortinet 4.0.14.0 2010.01.09 - GData 19 2010.01.10 - Ikarus T3.1.1.80.0 2010.01.10 - Jiangmin 13.0.900 2010.01.10 - K7AntiVirus 7.10.943 2010.01.09 - Kaspersky 7.0.0.125 2010.01.10 - McAfee 5857 2010.01.10 - McAfee+Artemis 5857 2010.01.10 - McAfee-GW-Edition 6.8.5 2010.01.10 - Microsoft 1.5302 2010.01.10 - NOD32 4759 2010.01.10 - Norman 6.04.03 2010.01.10 - nProtect 2009.1.8.0 2010.01.10 - Panda 10.0.2.2 2010.01.10 - PCTools 7.0.3.5 2010.01.10 - Prevx 3.0 2010.01.10 - Rising 22.29.06.04 2010.01.10 - Sophos 4.49.0 2010.01.10 - Sunbelt 3.2.1858.2 2010.01.10 - Symantec 20091.2.0.41 2010.01.10 - TheHacker 6.5.0.3.145 2010.01.10 - TrendMicro 9.120.0.1004 2010.01.10 - VBA32 3.12.12.1 2010.01.09 - ViRobot 2010.1.8.2128 2010.01.08 - VirusBuster 5.0.21.0 2010.01.10 -
  15. hubalon
    Jag har skruvat upp UAC. Avinstallerat ASK Toolbar. Rensat Cookies Jag använder ZA Internet Security Suit. Men Trojan-Dropper droppar troget in ändå. Jag skall göra omstart, kanske inte UAC-ändringen "tar" annars.
  16. hubalon
    DDS (Ver_09-12-01.01) - NTFSx86 Run by asta at 14:48:36,96 on 2010-01-12 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2038.1359 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Lexmark 1400 Series\lxdjamon.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\lxdjcoms.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\asta\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [Google Update] "c:\users\asta\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [<NO NAME>] uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe" mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\306313.lnk - c:\users\asta\appdata\local\temp\nvscv.exe StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\asta\appdata\roaming\mozilla\firefox\profiles\yz26u1xf.default\ FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/ FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\users\asta\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B"); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask"); ============= SERVICES / DRIVERS =============== R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088] R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-29 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-29 8456] =============== Created Last 30 ================ 2010-01-12 12:00:25 0 d-----w- c:\users\asta\appdata\roaming\Malwarebytes 2010-01-12 12:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-12 12:00:13 0 d-----w- c:\programdata\Malwarebytes 2010-01-12 12:00:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-12 12:00:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-30 15:17:58 0 d-----w- c:\program files\MSXML 4.0 2009-12-30 11:06:58 0 d-----w- c:\users\asta\appdata\roaming\TeamViewer 2009-12-30 11:06:48 0 d-----w- c:\program files\TeamViewer 2009-12-30 07:18:01 0 d-----w- c:\program files\Media Center Plugin 2009-12-29 09:50:24 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2009-12-29 09:50:24 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys 2009-12-29 09:50:24 1669120 ----a-w- c:\windows\system32\BootMan.exe 2009-12-29 09:50:24 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll 2009-12-29 09:50:24 14216 ----a-w- c:\windows\system32\epmntdrv.sys 2009-12-29 09:34:27 0 d-----w- c:\program files\Speccy 2009-12-29 08:33:38 0 d-----w- c:\users\asta\appdata\roaming\Lexmark Imaging Studio 2009-12-29 08:30:05 0 d-----w- c:\program files\Lx_cats 2009-12-29 08:28:00 0 d-----w- c:\program files\Lexmark 1400 Series 2009-12-29 06:36:54 0 d-----w- c:\program files\uTorrent 2009-12-29 06:35:59 0 d-----w- c:\users\asta\appdata\roaming\uTorrent 2009-12-29 06:15:31 0 d-----w- c:\users\asta\.gimp-2.6 2009-12-29 06:14:20 0 d-----w- c:\program files\GIMP-2.0 2009-12-29 06:07:07 0 d-----w- c:\users\asta\appdata\roaming\Canneverbe_Limited 2009-12-29 06:07:03 0 d-----w- c:\programdata\Canneverbe Limited 2009-12-29 06:06:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-12-29 05:49:22 0 d-----w- c:\programdata\Nokia 2009-12-29 05:47:20 0 d-----w- c:\users\asta\appdata\roaming\Nokia Ovi Suite 2009-12-29 05:45:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-12-29 05:45:45 0 d-----w- c:\programdata\PC Suite 2009-12-29 05:44:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-12-29 05:42:21 0 d-----w- c:\program files\common files\Nokia 2009-12-29 05:42:00 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-12-29 05:41:51 0 d-----w- c:\program files\PC Connectivity Solution 2009-12-29 05:41:26 91136 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-12-29 05:40:30 0 d-----w- c:\programdata\OviInstallerCache 2009-12-29 05:40:29 0 d-----w- c:\program files\Nokia 2009-12-28 20:03:31 0 d-----w- c:\windows\Panther 2009-12-28 14:53:09 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-12-28 14:51:56 0 d-----r- c:\program files\Skype 2009-12-28 14:51:51 0 d-----w- c:\programdata\Skype 2009-12-28 14:32:02 689 ---ha-r- c:\windows\EPMBatch.ept 2009-12-28 14:30:53 11 ----a-w- c:\windows\EuBcd.ini 2009-12-28 14:28:52 0 d-----w- c:\program files\EASEUS 2009-12-28 14:06:40 0 d-----w- c:\users\asta\appdata\roaming\Foxit 2009-12-28 14:06:39 0 d-----w- c:\program files\Foxit Software 2009-12-28 13:57:02 0 d-----w- c:\users\asta\appdata\roaming\OpenOffice.org 2009-12-28 13:55:52 0 d-----w- c:\program files\JRE 2009-12-28 13:55:49 0 d-----w- c:\program files\OpenOffice.org 3 2009-12-28 13:55:14 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-28 13:53:33 0 d-sh--w- c:\windows\Installer 2009-12-28 12:29:24 617232 ----a-w- c:\windows\system32\perfh01D.dat 2009-12-28 12:29:24 37052 ----a-w- c:\windows\system32\perfd01D.dat 2009-12-28 12:29:24 294764 ----a-w- c:\windows\system32\perfi01D.dat 2009-12-28 12:29:24 120596 ----a-w- c:\windows\system32\perfc01D.dat 2009-12-28 12:28:34 0 d-----w- c:\windows\system32\XPSViewer 2009-12-28 12:28:34 0 d-----w- c:\windows\system32\sv 2009-12-28 12:28:32 0 d-----w- c:\windows\system32\drivers\sv-SE 2009-12-28 12:28:21 0 d-----w- c:\windows\system32\wbem\sv-SE 2009-12-28 12:27:56 0 d-----w- c:\windows\sv-SE 2009-12-28 12:16:11 44959992 ----a-w- C:\lp.cab 2009-12-28 12:01:52 0 d-----w- c:\programdata\Kaspersky SDK 2009-12-28 11:56:45 0 d-----w- c:\users\asta\appdata\roaming\MailFrontier 2009-12-28 11:52:16 72584 ----a-w- c:\windows\zllsputility.exe 2009-12-28 11:52:14 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2009-12-28 11:51:48 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2009-12-28 11:51:36 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2009-12-28 11:51:36 0 d-----w- c:\windows\system32\ZoneLabs 2009-12-28 11:51:35 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-12-28 11:51:35 0 d-----w- c:\program files\Zone Labs 2009-12-28 11:50:45 0 d-----w- c:\programdata\CheckPoint 2009-12-28 11:50:44 0 d-----w- c:\windows\Internet Logs 2009-12-28 11:32:10 1002008 ----a-w- c:\windows\system32\igxpun.exe 2009-12-28 11:32:10 0 d-----w- c:\windows\system32\x64 2009-12-28 11:31:40 257024 ----a-w- c:\windows\system32\msv1_0.dll 2009-12-28 11:30:31 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-28 11:30:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-28 11:29:59 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-28 11:26:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-12-28 11:19:17 1442452 ----a-w- c:\windows\system32\PerfStringBackup.INI 2009-12-28 11:19:00 0 d-----w- c:\windows\system32\wbem\Performance 2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr ==================== Find3M ==================== 2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat 2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat 2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat 2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 14:50:25,86 ===============
  17. hubalon
    Malwarebytes' Anti-Malware 1.44 Databasversion: 3546 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-01-12 14:46:57 mbam-log-2010-01-12 (14-46-57).txt Skanningstyp: Snabb skanning Antal skannade objekt: 94929 Förfluten tid: 5 minute(s), 49 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades)
  18. hubalon
    Glömde posta MBAM-loggen Här är den: Malwarebytes' Anti-Malware 1.44 Databasversion: 3546 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-01-12 13:14:12 mbam-log-2010-01-12 (13-14-12).txt Skanningstyp: Snabb skanning Antal skannade objekt: 98106 Förfluten tid: 8 minute(s), 2 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 4 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: C:\Windows\Temp\rnjq.tmp\svchost.exe.vzr (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Windows\Temp\xbxp.tmp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\jivt.tmp\svchost.exe.vzr (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\asta\AppData\Local\Temp\nvvscv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
  19. hubalon
    DDS (Ver_09-12-01.01) - NTFSx86 Run by asta at 13:35:33,30 on 2010-01-12 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2038.1268 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\lxdjcoms.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Lexmark 1400 Series\lxdjamon.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\asta\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [Google Update] "c:\users\asta\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [<NO NAME>] uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe" mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\306313.lnk - c:\users\asta\appdata\local\temp\nvscv.exe StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\asta\appdata\roaming\mozilla\firefox\profiles\yz26u1xf.default\ FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/ FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\users\asta\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B"); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask"); ============= SERVICES / DRIVERS =============== R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088] R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-29 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-29 8456] =============== Created Last 30 ================ 2010-01-12 12:00:25 0 d-----w- c:\users\asta\appdata\roaming\Malwarebytes 2010-01-12 12:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-12 12:00:13 0 d-----w- c:\programdata\Malwarebytes 2010-01-12 12:00:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-12 12:00:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-30 15:17:58 0 d-----w- c:\program files\MSXML 4.0 2009-12-30 11:06:58 0 d-----w- c:\users\asta\appdata\roaming\TeamViewer 2009-12-30 11:06:48 0 d-----w- c:\program files\TeamViewer 2009-12-30 11:05:32 0 d-----w- c:\users\asta\temp 2009-12-30 07:18:01 0 d-----w- c:\program files\Media Center Plugin 2009-12-29 09:50:24 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2009-12-29 09:50:24 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys 2009-12-29 09:50:24 1669120 ----a-w- c:\windows\system32\BootMan.exe 2009-12-29 09:50:24 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll 2009-12-29 09:50:24 14216 ----a-w- c:\windows\system32\epmntdrv.sys 2009-12-29 09:34:27 0 d-----w- c:\program files\Speccy 2009-12-29 08:33:38 0 d-----w- c:\users\asta\appdata\roaming\Lexmark Imaging Studio 2009-12-29 08:30:05 0 d-----w- c:\program files\Lx_cats 2009-12-29 08:28:00 0 d-----w- c:\program files\Lexmark 1400 Series 2009-12-29 06:36:54 0 d-----w- c:\program files\uTorrent 2009-12-29 06:35:59 0 d-----w- c:\users\asta\appdata\roaming\uTorrent 2009-12-29 06:15:31 0 d-----w- c:\users\asta\.gimp-2.6 2009-12-29 06:14:20 0 d-----w- c:\program files\GIMP-2.0 2009-12-29 06:07:07 0 d-----w- c:\users\asta\appdata\roaming\Canneverbe_Limited 2009-12-29 06:07:03 0 d-----w- c:\programdata\Canneverbe Limited 2009-12-29 06:06:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-12-29 05:49:22 0 d-----w- c:\programdata\Nokia 2009-12-29 05:47:20 0 d-----w- c:\users\asta\appdata\roaming\Nokia Ovi Suite 2009-12-29 05:45:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-12-29 05:45:45 0 d-----w- c:\programdata\PC Suite 2009-12-29 05:44:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-12-29 05:42:21 0 d-----w- c:\program files\common files\Nokia 2009-12-29 05:42:00 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-12-29 05:41:51 0 d-----w- c:\program files\PC Connectivity Solution 2009-12-29 05:41:26 91136 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-12-29 05:40:30 0 d-----w- c:\programdata\OviInstallerCache 2009-12-29 05:40:29 0 d-----w- c:\program files\Nokia 2009-12-28 20:03:31 0 d-----w- c:\windows\Panther 2009-12-28 14:53:09 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-12-28 14:51:56 0 d-----r- c:\program files\Skype 2009-12-28 14:51:51 0 d-----w- c:\programdata\Skype 2009-12-28 14:32:02 689 ---ha-r- c:\windows\EPMBatch.ept 2009-12-28 14:30:53 11 ----a-w- c:\windows\EuBcd.ini 2009-12-28 14:28:52 0 d-----w- c:\program files\EASEUS 2009-12-28 14:06:54 0 d-----w- c:\program files\AskBarDis 2009-12-28 14:06:40 0 d-----w- c:\users\asta\appdata\roaming\Foxit 2009-12-28 14:06:39 0 d-----w- c:\program files\Foxit Software 2009-12-28 13:57:02 0 d-----w- c:\users\asta\appdata\roaming\OpenOffice.org 2009-12-28 13:55:52 0 d-----w- c:\program files\JRE 2009-12-28 13:55:49 0 d-----w- c:\program files\OpenOffice.org 3 2009-12-28 13:55:14 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-28 13:53:33 0 d-sh--w- c:\windows\Installer 2009-12-28 12:29:24 617232 ----a-w- c:\windows\system32\perfh01D.dat 2009-12-28 12:29:24 37052 ----a-w- c:\windows\system32\perfd01D.dat 2009-12-28 12:29:24 294764 ----a-w- c:\windows\system32\perfi01D.dat 2009-12-28 12:29:24 120596 ----a-w- c:\windows\system32\perfc01D.dat 2009-12-28 12:28:34 0 d-----w- c:\windows\system32\XPSViewer 2009-12-28 12:28:34 0 d-----w- c:\windows\system32\sv 2009-12-28 12:28:32 0 d-----w- c:\windows\system32\drivers\sv-SE 2009-12-28 12:28:21 0 d-----w- c:\windows\system32\wbem\sv-SE 2009-12-28 12:27:56 0 d-----w- c:\windows\sv-SE 2009-12-28 12:16:11 44959992 ----a-w- C:\lp.cab 2009-12-28 12:01:52 0 d-----w- c:\programdata\Kaspersky SDK 2009-12-28 11:56:45 0 d-----w- c:\users\asta\appdata\roaming\MailFrontier 2009-12-28 11:52:16 72584 ----a-w- c:\windows\zllsputility.exe 2009-12-28 11:52:14 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2009-12-28 11:51:48 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2009-12-28 11:51:36 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2009-12-28 11:51:36 0 d-----w- c:\windows\system32\ZoneLabs 2009-12-28 11:51:35 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-12-28 11:51:35 0 d-----w- c:\program files\Zone Labs 2009-12-28 11:50:45 0 d-----w- c:\programdata\CheckPoint 2009-12-28 11:50:44 0 d-----w- c:\windows\Internet Logs 2009-12-28 11:32:10 1002008 ----a-w- c:\windows\system32\igxpun.exe 2009-12-28 11:32:10 0 d-----w- c:\windows\system32\x64 2009-12-28 11:31:40 257024 ----a-w- c:\windows\system32\msv1_0.dll 2009-12-28 11:30:31 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-28 11:30:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-28 11:29:59 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-28 11:26:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-12-28 11:19:17 1442452 ----a-w- c:\windows\system32\PerfStringBackup.INI 2009-12-28 11:19:00 0 d-----w- c:\windows\system32\wbem\Performance 2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr ==================== Find3M ==================== 2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat 2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat 2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat 2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 13:37:35,09 ===============
  20. hubalon
  21. hubalon
    Mitt ZoneAlarm indikerar att Trojan-Dropper.Win32.Boaxxe.bk finns på datorn. ZA sätter den i karantän och jag tar bort den. Efter en stund dyker den upp igen (varje gång i en ny undermapp till C/Windows/Temp. Finns det ngt "removal" verktyg ? Eller vad gör man ?
  22. hubalon

    Klona hårddisk

    ett ämne postade hubalon i Windows 7

    Har försökt klona och migrera en disk till en ny (större) med Norton Ghost. Allt såg bra ut och datorn började starta från den nya disken >välkommen>förbereder skrivbordet, -men där var det stopp, skärmen blev blågrå och texten om ogiltigt exemplar kom upp i nedre högra hörnet. Installationen var äkta Win 7 HP. Ingen hårdvara hade bytts förutom disken. Jag gjorde en "ren installation" från skivan och då funkade allt t o m utan aktivering. Är det ngn som har en bra förklaring eller är det Norton G som inte funkar ?
  23. hubalon

    Användarkonto

    hubalon svarade på hubalon's ämne i Windows 7

    Tackar. Min hjärna kommer nu att defragmenteras!
  24. hubalon

    Användarkonto

    ett ämne postade hubalon i Windows 7

    Har ett nätverk med lösenordsskyddade användarkonton. Nu har jag måst ominstallera Win 7 på en av datorerna. Då upptäcker jag att Alzheimern slagit till och jag kan inte hitta vad jag gör för att få nämnda dator att logga på användarkontot automatiskt. I någon hjärncell flimrar något om ändring i registret. Någon som har sina celler i behåll???
  25. hubalon

    Drivrutiner

    hubalon svarade på hubalon's ämne i Windows 7

    Nja..., det är väl inte genom WU som Microsofts "generella" drivrutin kommit utan ur drivrutinsförrådet som följde med vid installationen. Det är den som jag vill "blockera" på något vis. Den som fungerar har jag laddat hem från Synaptics.
×
×
  • Skapa nytt...