hubalon
-
Innehållsantal
78 -
Gick med
-
Besökte senast
Inlägg postade av hubalon
-
-
Har Win 7 HP Family installerad på 3 datorer. (en 64 bitars och två 32 bitars).
Kan jag (för att kunna utnyttja mera RAM-minne) utan att ådra mig Microsofts vrede "uppgradera" en 32 bitars till 64 bitar (skivan finns ju med, och det är samma nyckel ?
Går det i s f att uppgrdera, eller måste jag göra ren installation?
-
Jag också !
-
Jag svarar själv.
Gjorde som Venoms - Avaktiverade IPv6 - som egentligen inte har med detta att göra,
Av någon outgrundlig anledning verkar pronlemet lösts.
Sedan återstår att se hur länge det varar,
Gammal man gör så gott han kan!
-
Har ominstallerat Win 7 på en dator i mitt nätverk.
När den datorn startar upp visas datorn på nätverkskartan som ansluten mot ett frågetecken (okänt) och inte mot den riktiga routern (som också syns)
Samtidigt visas under tillgängliga trådlösa nätverk ett okänt nätverk med ett rött kryss där "staketet" skall visas.
Allt fungerar dock som det skall och om jag tar ur nätverkskortet (D-link DWA-140 USB) och sätter tillbaks det så visas allt som det skall.
Även det okända nätverket under anslut till trådlösa.. försvinner.
Jag har rensat tidigare systemfiler och tagit bort mappern Windows.old.
Allt fungerar ju, men det stör en gammal mans sinne för ordning och reda.
Någon som har en ide om vad det kan vara.
-
Nu har jag avinstallerat Nod32 och installerat om, men när Nod 32 scannade datorn så satte den infekterade filer i karantän. När jag sedan gick till karantän för att ta bort dem så fanns IP-adressen med i textsträngen. Jag kommer inte ihåg exakt vad det stod, men kanske var det därifrån trojanerna kom ?
-
Redan provat Nod32.
Tack Cecilia för ditt tålamod.
Vad jag kunde förstå (från Nod32) så härrörde eländet från 91.212.226.189/inst_n82.exe. Googlade på det - och där såg det eländigt ut.
-
Tack Cecilia och andra för goda råd, men en ominstallation går snabbare.
Räcker det att göra en "clean install" för att bli av med eländet? Eller måste jag formatera hela HD:n.
Det skapas ju en Win.old, finns eländet kvar där-och är det i s f isolerat?
Skapas det inte en dold partition om ca: 100MB. Finns den kvar från den "gamla" inst - och kan den vara infekterad?
Andra goda råd om installation mottages med tacksamhet. Jag har Win 7 Home Premium Family (updateversion).
-
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-13 06:13:25
Windows 6.1.7600
Running: 2j9gm4sv.exe; Driver: C:\Users\asta\AppData\Local\Temp\kxldrpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8DD3A7D6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x8DD3B0A6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8DD3A22C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8DD337EA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8DD5208A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8DD3AD36]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8DD4E5F4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8DD4EA1C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8DD5697A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8DD4EE90]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8DD3AE94]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8DD346B6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8DD53AAA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8DD5339E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8DD4D42E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8DD54478]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8DD546B6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8DD54B68]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0x8DD56D38]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8DD341A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8DD50652]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8DD55912]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8DD54E32]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8DD39DC0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8DD55550]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8DD3A4F8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8DD34AC2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8DD55E9C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8DD52ABE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8DD4F71A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x8DD4F44A]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828343F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281C898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828341DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828346F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828351A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82894579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828B8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 248 828C0748 8 Bytes [D6, A7, D3, 8D, A6, B0, D3, ...] {SALC ; CMPSD ; ROR DWORD [EBP-0x722c4f5a], CL}
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 828C07DC 4 Bytes [2C, A2, D3, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 828C07F8 4 Bytes JMP 958DD337
.text ntkrnlpa.exe!RtlSidHashLookup + 308 828C0808 4 Bytes [8A, 20, D5, 8D] {MOV AH, [EAX]; AAD 0x8d}
.text ntkrnlpa.exe!RtlSidHashLookup + 324 828C0824 4 Bytes [36, AD, D3, 8D]
.text ...
.text peauth.sys A961DC9D 28 Bytes [0F, 9F, DF, B7, 2E, 5E, 52, ...]
.text peauth.sys A961DCC1 28 Bytes [0F, 9F, DF, B7, 2E, 5E, 52, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[644] ole32.dll!CoCreateInstance 775A57FC 5 Bytes JMP 005D000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Filterhanteraren för Microsofts filsystem/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8594E841
---- Files - GMER 1.0.15 ----
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
-
2. Kan inte köra Root Repeal
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP0
Exception Code: 0xc0000005
Exception Address: 0x00422bf2
Attempt to read from address: 0x00000004
-
Running from: C:\Users\asta\Desktop\Win32kDiag.exe
Log file at : C:\Users\asta\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
[1] 2010-01-13 05:18:27 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
[1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
[1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
[1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
[1] 2010-01-13 05:20:43 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
[1] 2010-01-13 05:18:35 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl ()
Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat
[1] 2009-12-28 16:23:18 8192 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat ()
Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1
[1] 2009-12-28 16:23:17 5120 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 ()
Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2
[1] 2009-12-28 16:23:17 0 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 ()
Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TM.blf
[1] 2009-12-28 16:23:17 65536 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TM.blf ()
Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000001.regtrans-ms
[1] 2009-12-28 16:23:17 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000001.regtrans-ms ()
Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000002.regtrans-ms
[1] 2009-12-28 16:23:17 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000002.regtrans-ms ()
Finished!
-
ComboFix 10-01-11.04 - asta 2010-01-12 17:17:34.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2038.1143 [GMT 1:00]
Körs från: c:\users\asta\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-583907252-1500820517-725345543-1004
c:\windows\system32\ujvh.dro
----- BITS: Troligen infekterade webbplatser -----
hxxp://nds1.nokia.com
.
(((((((((((((((((((((((( Filer Skapade från 2009-12-12 till 2010-01-12 ))))))))))))))))))))))))))))))
.
2010-01-12 18:12 . 2010-01-12 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-12 16:13 . 2010-01-12 16:14 -------- d-----w- C:\32788R22FWJFW
2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\users\asta\AppData\Roaming\Malwarebytes
2010-01-12 12:00 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\programdata\Malwarebytes
2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 12:00 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 16:14 . 2010-01-10 16:14 -------- d-----w- c:\users\asta\AppData\Local\Diagnostics
2009-12-30 15:17 . 2009-12-30 15:17 -------- d-----w- c:\program files\MSXML 4.0
2009-12-30 11:27 . 2009-12-30 11:27 -------- d-----w- c:\users\asta\AppData\Local\Mozilla
2009-12-30 11:06 . 2010-01-06 07:04 -------- d-----w- c:\users\asta\AppData\Roaming\TeamViewer
2009-12-30 11:06 . 2009-12-30 11:06 -------- d-----w- c:\program files\TeamViewer
2009-12-30 07:20 . 2009-12-30 07:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-12-30 07:20 . 2009-12-30 07:20 346944 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-30 07:18 . 2009-12-30 07:18 -------- d-----w- c:\program files\Media Center Plugin
2009-12-29 09:50 . 2009-11-05 15:38 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-12-29 09:50 . 2009-09-16 15:55 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-12-29 09:50 . 2009-09-14 08:21 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-12-29 09:50 . 2009-08-26 11:45 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2009-12-29 09:50 . 2009-04-22 13:28 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-12-29 09:34 . 2009-12-29 09:34 567296 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5FC672F4-A4D4-EB5D-F32A-29F02DEC8C47}-VersitConverter.dll
2009-12-29 09:34 . 2009-12-29 09:34 -------- d-----w- c:\program files\Speccy
2009-12-29 08:33 . 2009-12-29 08:33 -------- d-----w- c:\users\asta\AppData\Roaming\Lexmark Imaging Studio
2009-12-29 08:30 . 2009-12-30 08:41 -------- d-----w- c:\program files\Lx_cats
2009-12-29 08:29 . 2007-02-27 04:16 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdjdrpp.dll
2009-12-29 06:36 . 2009-12-29 06:36 -------- d-----w- c:\program files\uTorrent
2009-12-29 06:35 . 2009-12-29 09:48 -------- d-----w- c:\users\asta\AppData\Roaming\uTorrent
2009-12-29 06:23 . 2009-12-29 06:23 45608 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{7952B7FB-4830-63CE-14DB-3AE918E91E8E}-whirl-pinch.exe
2009-12-29 06:23 . 2009-12-29 06:23 45104 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{2A39E020-37BC-22B8-6E02-ED751AD07221}-wind.exe
2009-12-29 06:20 . 2009-12-29 06:20 -------- d-----w- c:\program files\Google
2009-12-29 06:15 . 2009-12-29 06:19 -------- d-----w- c:\users\asta\.gimp-2.6
2009-12-29 06:14 . 2009-12-29 06:14 -------- d-----w- c:\program files\GIMP-2.0
2009-12-29 06:07 . 2009-12-29 06:07 -------- d-----w- c:\users\asta\AppData\Roaming\Canneverbe_Limited
2009-12-29 06:07 . 2009-12-29 06:07 -------- d-----w- c:\programdata\Canneverbe Limited
2009-12-29 06:06 . 2009-09-28 19:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-29 06:06 . 2009-12-29 06:10 -------- d-----w- c:\program files\CDBurnerXP
2009-12-29 06:03 . 2010-01-07 11:00 -------- d-----w- c:\users\asta\AppData\Roaming\ImgBurn
2009-12-29 06:02 . 2009-12-29 06:03 -------- d-----w- c:\program files\ImgBurn
2009-12-29 05:49 . 2009-12-29 05:49 -------- d-----w- c:\programdata\Nokia
2009-12-29 05:47 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\Nokia Ovi Suite
2009-12-29 05:47 . 2009-12-29 05:47 77824 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{74AB8BEF-101B-83AD-06E7-0DA8E8D00CCC}-Run_XML6_SP1.exe
2009-12-29 05:45 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\Nokia
2009-12-29 05:45 . 2009-12-29 05:45 -------- d-----w- c:\users\asta\AppData\Local\Nokia
2009-12-29 05:45 . 2009-12-29 05:45 -------- d-----w- c:\programdata\PC Suite
2009-12-29 05:45 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\PC Suite
2009-12-29 05:45 . 2009-12-29 05:46 -------- d-----w- c:\users\asta\AppData\Local\NokiaAccount
2009-12-29 05:42 . 2009-12-29 05:42 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-29 05:42 . 2009-12-29 05:42 -------- d-----w- c:\program files\DIFX
2009-12-28 20:03 . 2009-12-28 11:25 -------- d-----w- c:\windows\Panther
2009-12-28 15:05 . 2009-12-28 15:05 -------- d-----w- c:\users\asta\AppData\Local\ElevatedDiagnostics
2009-12-28 14:53 . 2010-01-06 15:04 -------- d-----w- c:\users\asta\AppData\Roaming\skypePM
2009-12-28 14:52 . 2010-01-06 16:05 -------- d-----w- c:\users\asta\AppData\Roaming\Skype
2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----w- c:\program files\Common Files\Skype
2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----r- c:\program files\Skype
2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----w- c:\programdata\Skype
2009-12-28 14:28 . 2009-12-29 09:49 -------- d-----w- c:\program files\EASEUS
2009-12-28 13:35 . 2009-12-28 13:35 -------- d-----w- c:\windows\system32\Macromed
2009-12-28 12:29 . 2010-01-12 09:30 617232 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-28 12:29 . 2010-01-12 09:30 120596 ----a-w- c:\windows\system32\perfc01D.dat
2009-12-28 12:29 . 2009-12-28 12:27 37052 ----a-w- c:\windows\system32\perfd01D.dat
2009-12-28 12:29 . 2009-12-28 12:27 294764 ----a-w- c:\windows\system32\perfi01D.dat
2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\sv
2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\drivers\sv-SE
2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\sv-SE
2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\wbem\sv-SE
2009-12-28 12:27 . 2009-12-28 12:27 -------- d-----w- c:\windows\sv-SE
2009-12-28 12:01 . 2009-12-28 12:01 -------- d-----w- c:\programdata\Kaspersky SDK
2009-12-28 11:56 . 2009-12-28 11:56 -------- d-----w- c:\users\asta\AppData\Roaming\MailFrontier
2009-12-28 11:52 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2009-12-28 11:52 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-12-28 11:51 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-28 11:51 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-28 11:51 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-28 11:51 . 2010-01-06 06:56 -------- d-----w- c:\windows\system32\ZoneLabs
2009-12-28 11:51 . 2009-10-17 00:41 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-12-28 11:51 . 2009-12-28 11:51 -------- d-----w- c:\program files\Zone Labs
2009-12-28 11:50 . 2009-12-28 11:50 -------- d-----w- c:\programdata\CheckPoint
2009-12-28 11:50 . 2010-01-12 18:09 -------- d-----w- c:\windows\Internet Logs
2009-12-28 11:37 . 2009-12-29 06:21 -------- d-----w- c:\users\asta\AppData\Local\Google
2009-12-28 11:37 . 2009-12-29 06:07 61736 ----a-w- c:\users\asta\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-28 11:37 . 2009-12-28 11:37 -------- d-----w- c:\users\asta\AppData\Local\Deployment
2009-12-28 11:37 . 2009-12-28 11:37 -------- d-----w- c:\users\asta\AppData\Local\Apps
2009-12-28 11:32 . 2009-12-28 11:32 -------- d-----w- c:\windows\system32\x64
2009-12-28 11:32 . 2009-09-11 16:15 1002008 ----a-w- c:\windows\system32\igxpun.exe
2009-12-28 11:31 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-28 11:30 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-28 11:29 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 11:26 . 2009-12-28 11:26 -------- d-----w- c:\program files\Common Files\logishrd
2009-12-28 11:19 . 2010-01-12 09:30 -------- d-----w- c:\windows\system32\wbem\Performance
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 18:08 . 2010-01-12 18:08 699983 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-12 14:01 . 2009-12-28 11:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-12 12:15 . 2010-01-12 12:16 2237952 ----a-w- c:\windows\Internet Logs\xDB66C0.tmp
2010-01-12 12:15 . 2010-01-12 12:16 627712 ----a-w- c:\windows\Internet Logs\xDB651A.tmp
2010-01-12 08:39 . 2010-01-12 08:41 2217472 ----a-w- c:\windows\Internet Logs\xDB88FF.tmp
2010-01-11 09:28 . 2010-01-11 09:30 2214400 ----a-w- c:\windows\Internet Logs\xDB62BA.tmp
2010-01-09 18:03 . 2010-01-10 15:45 190464 ----a-w- c:\windows\Internet Logs\xDB673C.tmp
2010-01-09 18:03 . 2010-01-10 15:45 2210816 ----a-w- c:\windows\Internet Logs\xDB6885.tmp
2010-01-05 15:31 . 2010-01-06 06:44 2169856 ----a-w- c:\windows\Internet Logs\xDB3DB3.tmp
2010-01-05 15:31 . 2010-01-06 06:44 155648 ----a-w- c:\windows\Internet Logs\xDB3C47.tmp
2010-01-01 16:15 . 2010-01-02 14:23 2168320 ----a-w- c:\windows\Internet Logs\xDB3CF2.tmp
2009-12-29 16:39 . 2009-12-30 07:07 2134016 ----a-w- c:\windows\Internet Logs\xDB49CE.tmp
2009-12-29 16:39 . 2009-12-30 07:07 311296 ----a-w- c:\windows\Internet Logs\xDB474E.tmp
2009-12-29 08:28 . 2009-12-29 08:28 -------- d-----w- c:\program files\Lexmark 1400 Series
2009-12-29 06:10 . 2009-12-29 06:10 1895936 ----a-w- c:\windows\Internet Logs\xDB4397.tmp
2009-12-29 05:45 . 2009-12-29 05:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-29 05:44 . 2009-12-29 05:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-29 05:42 . 2009-12-29 05:40 -------- d-----w- c:\program files\Nokia
2009-12-29 05:41 . 2009-12-29 05:41 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-29 05:40 . 2009-12-29 05:40 12212040 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-29 05:40 . 2009-12-29 05:40 13930312 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-29 05:40 . 2009-12-29 05:40 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-29 05:40 . 2009-12-29 05:40 61440 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-29 05:40 . 2009-12-29 05:40 58880 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-29 05:40 . 2009-12-29 05:40 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-29 05:40 . 2009-12-29 05:40 -------- d-----w- c:\programdata\OviInstallerCache
2009-12-29 05:40 . 2009-12-29 05:40 95992424 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2009-12-29 05:23 . 2009-12-29 06:10 8704 ----a-w- c:\windows\Internet Logs\xDB4210.tmp
2009-12-28 16:26 . 2009-12-29 05:23 165888 ----a-w- c:\windows\Internet Logs\xDB42BC.tmp
2009-12-28 15:33 . 2009-12-28 13:54 -------- d-----w- c:\program files\Java
2009-12-28 14:53 . 2009-12-28 14:53 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-28 14:32 . 2009-12-28 14:46 103424 ----a-w- c:\windows\Internet Logs\xDBE64A.tmp
2009-12-28 14:32 . 2009-12-28 14:46 1784832 ----a-w- c:\windows\Internet Logs\xDBF0B7.tmp
2009-12-28 14:06 . 2009-12-28 14:06 -------- d-----w- c:\users\asta\AppData\Roaming\Foxit
2009-12-28 14:06 . 2009-12-28 13:39 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-28 14:06 . 2009-12-28 14:06 -------- d-----w- c:\program files\Foxit Software
2009-12-28 13:57 . 2009-12-28 13:57 1 ----a-w- c:\users\asta\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-28 13:57 . 2009-12-28 13:57 -------- d-----w- c:\users\asta\AppData\Roaming\OpenOffice.org
2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\program files\JRE
2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-28 13:40 . 2009-12-28 13:40 -------- d-----w- c:\users\asta\AppData\Roaming\Thunderbird
2009-12-28 12:31 . 2009-12-28 12:32 68608 ----a-w- c:\windows\Internet Logs\xDBBA99.tmp
2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2009-12-28 12:28 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2009-12-28 12:28 . 2009-07-14 07:49 -------- d-----w- c:\program files\Windows Journal
2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2009-12-28 12:27 . 2009-12-28 12:28 37052 ----a-w- c:\windows\inf\PERFLIB\041D\perfd.dat
2009-12-28 12:27 . 2009-12-28 12:28 37052 ----a-w- c:\windows\inf\PERFLIB\041D\perfc.dat
2009-12-28 12:27 . 2009-12-28 12:28 294764 ----a-w- c:\windows\inf\PERFLIB\041D\perfi.dat
2009-12-28 12:27 . 2009-12-28 12:28 294764 ----a-w- c:\windows\inf\PERFLIB\041D\perfh.dat
2009-12-28 11:52 . 2009-12-28 11:51 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-28 11:30 . 2009-12-28 11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-28 135664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2009-04-27 25256]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
c:\users\asta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [2009-07-14 48128]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\System32\drivers\KMWDFILTER.sys [2009-04-29 25088]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\System32\drivers\Dnetr28u.sys [2009-08-06 750592]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [2009-12-29 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [2009-12-29 8456]
.
Innehållet i mappen 'Schemalagda aktiviteter':
2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3128610318-2832286723-3432330886-1000Core.job
- c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-28 11:37]
2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3128610318-2832286723-3432330886-1000UA.job
- c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-28 11:37]
.
.
------- Extra genomsökning -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\asta\AppData\Roaming\Mozilla\Firefox\Profiles\yz26u1xf.default\
FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\users\asta\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICY ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85950841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84cace88
QueryNameProcedure -> 0x84caa558
user & kernel MBR OK
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2010-01-12 19:19:06
ComboFix-quarantined-files.txt 2010-01-12 18:19
Före genomsökningen: 103 284 056 064 byte ledigt
Efter genomsökningen: 103 593 152 512 byte ledigt
- - End Of File - - 9050C8F7AC4A72534FEE55B2B0E4477B
-
Senaste ZAISS (2010)
Inga "fulprogram"
I mappen Autostart = OpenOffice.org.3.1
-
Fil explorer.exe mottagen 2010.01.11 22:23:48 (UTC)
Närvarande status: genomförd
Resultat: 0/41 (0.00%)
Compact
Skriv ut resultat
Antivirus Version Senaste Uppdatering Resultat
a-squared 4.5.0.48 2010.01.11 -
AhnLab-V3 5.0.0.2 2010.01.11 -
AntiVir 7.9.1.134 2010.01.11 -
Antiy-AVL 2.0.3.7 2010.01.11 -
Authentium 5.2.0.5 2010.01.11 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.11 -
BitDefender 7.2 2010.01.11 -
CAT-QuickHeal 10.00 2010.01.11 -
ClamAV 0.94.1 2010.01.11 -
Comodo 3550 2010.01.11 -
DrWeb 5.0.1.12222 2010.01.11 -
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7229 2010.01.11 -
F-Prot 4.5.1.85 2010.01.10 -
F-Secure 9.0.15370.0 2010.01.11 -
Fortinet 4.0.14.0 2010.01.09 -
GData 19 2010.01.11 -
Ikarus T3.1.1.80.0 2010.01.11 -
Jiangmin 13.0.900 2010.01.11 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.11 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 -
McAfee-GW-Edition 6.8.5 2010.01.11 -
Microsoft 1.5302 2010.01.11 -
NOD32 4762 2010.01.11 -
Norman 6.04.03 2010.01.11 -
nProtect 2009.1.8.0 2010.01.11 -
Panda 10.0.2.2 2010.01.11 -
PCTools 7.0.3.5 2010.01.11 -
Prevx 3.0 2010.01.11 -
Rising 22.30.00.05 2010.01.11 -
Sophos 4.49.0 2010.01.11 -
Sunbelt 3.2.1858.2 2010.01.11 -
Symantec 20091.2.0.41 2010.01.11 -
TheHacker 6.5.0.3.146 2010.01.11 -
TrendMicro 9.120.0.1004 2010.01.11 -
VBA32 3.12.12.1 2010.01.11 -
ViRobot 2010.1.11.2130 2010.01.11 -
VirusBuster 5.0.21.0 2010.01.11
Fil userinit.exe mottagen 2010.01.10 20:17:18 (UTC)
Närvarande status: genomförd
Resultat: 0/41 (0.00%)
Compact
Skriv ut resultat
Antivirus Version Senaste Uppdatering Resultat
a-squared 4.5.0.48 2010.01.10 -
AhnLab-V3 5.0.0.2 2010.01.10 -
AntiVir 7.9.1.134 2010.01.10 -
Antiy-AVL 2.0.3.7 2010.01.08 -
Authentium 5.2.0.5 2010.01.10 -
Avast 4.8.1351.0 2010.01.10 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.10 -
CAT-QuickHeal 10.00 2010.01.09 -
ClamAV 0.94.1 2010.01.09 -
Comodo 3536 2010.01.10 -
DrWeb 5.0.1.12222 2010.01.10 -
eSafe 7.0.17.0 2010.01.10 -
eTrust-Vet 35.2.7226 2010.01.08 -
F-Prot 4.5.1.85 2010.01.10 -
F-Secure 9.0.15370.0 2010.01.10 -
Fortinet 4.0.14.0 2010.01.09 -
GData 19 2010.01.10 -
Ikarus T3.1.1.80.0 2010.01.10 -
Jiangmin 13.0.900 2010.01.10 -
K7AntiVirus 7.10.943 2010.01.09 -
Kaspersky 7.0.0.125 2010.01.10 -
McAfee 5857 2010.01.10 -
McAfee+Artemis 5857 2010.01.10 -
McAfee-GW-Edition 6.8.5 2010.01.10 -
Microsoft 1.5302 2010.01.10 -
NOD32 4759 2010.01.10 -
Norman 6.04.03 2010.01.10 -
nProtect 2009.1.8.0 2010.01.10 -
Panda 10.0.2.2 2010.01.10 -
PCTools 7.0.3.5 2010.01.10 -
Prevx 3.0 2010.01.10 -
Rising 22.29.06.04 2010.01.10 -
Sophos 4.49.0 2010.01.10 -
Sunbelt 3.2.1858.2 2010.01.10 -
Symantec 20091.2.0.41 2010.01.10 -
TheHacker 6.5.0.3.145 2010.01.10 -
TrendMicro 9.120.0.1004 2010.01.10 -
VBA32 3.12.12.1 2010.01.09 -
ViRobot 2010.1.8.2128 2010.01.08 -
VirusBuster 5.0.21.0 2010.01.10 -
-
Jag har skruvat upp UAC.
Avinstallerat ASK Toolbar.
Rensat Cookies
Jag använder ZA Internet Security Suit.
Men Trojan-Dropper droppar troget in ändå.
Jag skall göra omstart, kanske inte UAC-ändringen "tar" annars.
-
DDS (Ver_09-12-01.01) - NTFSx86
Run by asta at 14:48:36,96 on 2010-01-12
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2038.1359 [GMT 1:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\lxdjcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\asta\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\asta\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe"
mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\306313.lnk - c:\users\asta\appdata\local\temp\nvscv.exe
StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\asta\appdata\roaming\mozilla\firefox\profiles\yz26u1xf.default\
FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\users\asta\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-29 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-29 8456]
=============== Created Last 30 ================
2010-01-12 12:00:25 0 d-----w- c:\users\asta\appdata\roaming\Malwarebytes
2010-01-12 12:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 12:00:13 0 d-----w- c:\programdata\Malwarebytes
2010-01-12 12:00:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 12:00:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 15:17:58 0 d-----w- c:\program files\MSXML 4.0
2009-12-30 11:06:58 0 d-----w- c:\users\asta\appdata\roaming\TeamViewer
2009-12-30 11:06:48 0 d-----w- c:\program files\TeamViewer
2009-12-30 07:18:01 0 d-----w- c:\program files\Media Center Plugin
2009-12-29 09:50:24 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-12-29 09:50:24 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-12-29 09:50:24 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-12-29 09:50:24 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-12-29 09:50:24 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2009-12-29 09:34:27 0 d-----w- c:\program files\Speccy
2009-12-29 08:33:38 0 d-----w- c:\users\asta\appdata\roaming\Lexmark Imaging Studio
2009-12-29 08:30:05 0 d-----w- c:\program files\Lx_cats
2009-12-29 08:28:00 0 d-----w- c:\program files\Lexmark 1400 Series
2009-12-29 06:36:54 0 d-----w- c:\program files\uTorrent
2009-12-29 06:35:59 0 d-----w- c:\users\asta\appdata\roaming\uTorrent
2009-12-29 06:15:31 0 d-----w- c:\users\asta\.gimp-2.6
2009-12-29 06:14:20 0 d-----w- c:\program files\GIMP-2.0
2009-12-29 06:07:07 0 d-----w- c:\users\asta\appdata\roaming\Canneverbe_Limited
2009-12-29 06:07:03 0 d-----w- c:\programdata\Canneverbe Limited
2009-12-29 06:06:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-29 05:49:22 0 d-----w- c:\programdata\Nokia
2009-12-29 05:47:20 0 d-----w- c:\users\asta\appdata\roaming\Nokia Ovi Suite
2009-12-29 05:45:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-29 05:45:45 0 d-----w- c:\programdata\PC Suite
2009-12-29 05:44:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-29 05:42:21 0 d-----w- c:\program files\common files\Nokia
2009-12-29 05:42:00 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-29 05:41:51 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-29 05:41:26 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-29 05:40:30 0 d-----w- c:\programdata\OviInstallerCache
2009-12-29 05:40:29 0 d-----w- c:\program files\Nokia
2009-12-28 20:03:31 0 d-----w- c:\windows\Panther
2009-12-28 14:53:09 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-28 14:51:56 0 d-----r- c:\program files\Skype
2009-12-28 14:51:51 0 d-----w- c:\programdata\Skype
2009-12-28 14:32:02 689 ---ha-r- c:\windows\EPMBatch.ept
2009-12-28 14:30:53 11 ----a-w- c:\windows\EuBcd.ini
2009-12-28 14:28:52 0 d-----w- c:\program files\EASEUS
2009-12-28 14:06:40 0 d-----w- c:\users\asta\appdata\roaming\Foxit
2009-12-28 14:06:39 0 d-----w- c:\program files\Foxit Software
2009-12-28 13:57:02 0 d-----w- c:\users\asta\appdata\roaming\OpenOffice.org
2009-12-28 13:55:52 0 d-----w- c:\program files\JRE
2009-12-28 13:55:49 0 d-----w- c:\program files\OpenOffice.org 3
2009-12-28 13:55:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 13:53:33 0 d-sh--w- c:\windows\Installer
2009-12-28 12:29:24 617232 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-28 12:29:24 37052 ----a-w- c:\windows\system32\perfd01D.dat
2009-12-28 12:29:24 294764 ----a-w- c:\windows\system32\perfi01D.dat
2009-12-28 12:29:24 120596 ----a-w- c:\windows\system32\perfc01D.dat
2009-12-28 12:28:34 0 d-----w- c:\windows\system32\XPSViewer
2009-12-28 12:28:34 0 d-----w- c:\windows\system32\sv
2009-12-28 12:28:32 0 d-----w- c:\windows\system32\drivers\sv-SE
2009-12-28 12:28:21 0 d-----w- c:\windows\system32\wbem\sv-SE
2009-12-28 12:27:56 0 d-----w- c:\windows\sv-SE
2009-12-28 12:16:11 44959992 ----a-w- C:\lp.cab
2009-12-28 12:01:52 0 d-----w- c:\programdata\Kaspersky SDK
2009-12-28 11:56:45 0 d-----w- c:\users\asta\appdata\roaming\MailFrontier
2009-12-28 11:52:16 72584 ----a-w- c:\windows\zllsputility.exe
2009-12-28 11:52:14 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-12-28 11:51:48 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-28 11:51:36 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-12-28 11:51:36 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-28 11:51:35 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-28 11:51:35 0 d-----w- c:\program files\Zone Labs
2009-12-28 11:50:45 0 d-----w- c:\programdata\CheckPoint
2009-12-28 11:50:44 0 d-----w- c:\windows\Internet Logs
2009-12-28 11:32:10 1002008 ----a-w- c:\windows\system32\igxpun.exe
2009-12-28 11:32:10 0 d-----w- c:\windows\system32\x64
2009-12-28 11:31:40 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-28 11:30:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-28 11:30:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-28 11:29:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 11:26:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-28 11:19:17 1442452 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-12-28 11:19:00 0 d-----w- c:\windows\system32\wbem\Performance
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
==================== Find3M ====================
2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 14:50:25,86 ===============
-
Malwarebytes' Anti-Malware 1.44
Databasversion: 3546
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
2010-01-12 14:46:57
mbam-log-2010-01-12 (14-46-57).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 94929
Förfluten tid: 5 minute(s), 49 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
(Inga illasinnade poster hittades)
-
Glömde posta MBAM-loggen Här är den:
Malwarebytes' Anti-Malware 1.44
Databasversion: 3546
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
2010-01-12 13:14:12
mbam-log-2010-01-12 (13-14-12).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 98106
Förfluten tid: 8 minute(s), 2 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 4
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:\Windows\Temp\rnjq.tmp\svchost.exe.vzr (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\xbxp.tmp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\jivt.tmp\svchost.exe.vzr (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\asta\AppData\Local\Temp\nvvscv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
-
DDS (Ver_09-12-01.01) - NTFSx86
Run by asta at 13:35:33,30 on 2010-01-12
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2038.1268 [GMT 1:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxdjcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\asta\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Google Update] "c:\users\asta\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe"
mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\306313.lnk - c:\users\asta\appdata\local\temp\nvscv.exe
StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\asta\appdata\roaming\mozilla\firefox\profiles\yz26u1xf.default\
FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\users\asta\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-29 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-29 8456]
=============== Created Last 30 ================
2010-01-12 12:00:25 0 d-----w- c:\users\asta\appdata\roaming\Malwarebytes
2010-01-12 12:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 12:00:13 0 d-----w- c:\programdata\Malwarebytes
2010-01-12 12:00:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 12:00:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 15:17:58 0 d-----w- c:\program files\MSXML 4.0
2009-12-30 11:06:58 0 d-----w- c:\users\asta\appdata\roaming\TeamViewer
2009-12-30 11:06:48 0 d-----w- c:\program files\TeamViewer
2009-12-30 11:05:32 0 d-----w- c:\users\asta\temp
2009-12-30 07:18:01 0 d-----w- c:\program files\Media Center Plugin
2009-12-29 09:50:24 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-12-29 09:50:24 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-12-29 09:50:24 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-12-29 09:50:24 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-12-29 09:50:24 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2009-12-29 09:34:27 0 d-----w- c:\program files\Speccy
2009-12-29 08:33:38 0 d-----w- c:\users\asta\appdata\roaming\Lexmark Imaging Studio
2009-12-29 08:30:05 0 d-----w- c:\program files\Lx_cats
2009-12-29 08:28:00 0 d-----w- c:\program files\Lexmark 1400 Series
2009-12-29 06:36:54 0 d-----w- c:\program files\uTorrent
2009-12-29 06:35:59 0 d-----w- c:\users\asta\appdata\roaming\uTorrent
2009-12-29 06:15:31 0 d-----w- c:\users\asta\.gimp-2.6
2009-12-29 06:14:20 0 d-----w- c:\program files\GIMP-2.0
2009-12-29 06:07:07 0 d-----w- c:\users\asta\appdata\roaming\Canneverbe_Limited
2009-12-29 06:07:03 0 d-----w- c:\programdata\Canneverbe Limited
2009-12-29 06:06:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-29 05:49:22 0 d-----w- c:\programdata\Nokia
2009-12-29 05:47:20 0 d-----w- c:\users\asta\appdata\roaming\Nokia Ovi Suite
2009-12-29 05:45:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-29 05:45:45 0 d-----w- c:\programdata\PC Suite
2009-12-29 05:44:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-29 05:42:21 0 d-----w- c:\program files\common files\Nokia
2009-12-29 05:42:00 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-29 05:41:51 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-29 05:41:26 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-29 05:40:30 0 d-----w- c:\programdata\OviInstallerCache
2009-12-29 05:40:29 0 d-----w- c:\program files\Nokia
2009-12-28 20:03:31 0 d-----w- c:\windows\Panther
2009-12-28 14:53:09 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-28 14:51:56 0 d-----r- c:\program files\Skype
2009-12-28 14:51:51 0 d-----w- c:\programdata\Skype
2009-12-28 14:32:02 689 ---ha-r- c:\windows\EPMBatch.ept
2009-12-28 14:30:53 11 ----a-w- c:\windows\EuBcd.ini
2009-12-28 14:28:52 0 d-----w- c:\program files\EASEUS
2009-12-28 14:06:54 0 d-----w- c:\program files\AskBarDis
2009-12-28 14:06:40 0 d-----w- c:\users\asta\appdata\roaming\Foxit
2009-12-28 14:06:39 0 d-----w- c:\program files\Foxit Software
2009-12-28 13:57:02 0 d-----w- c:\users\asta\appdata\roaming\OpenOffice.org
2009-12-28 13:55:52 0 d-----w- c:\program files\JRE
2009-12-28 13:55:49 0 d-----w- c:\program files\OpenOffice.org 3
2009-12-28 13:55:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 13:53:33 0 d-sh--w- c:\windows\Installer
2009-12-28 12:29:24 617232 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-28 12:29:24 37052 ----a-w- c:\windows\system32\perfd01D.dat
2009-12-28 12:29:24 294764 ----a-w- c:\windows\system32\perfi01D.dat
2009-12-28 12:29:24 120596 ----a-w- c:\windows\system32\perfc01D.dat
2009-12-28 12:28:34 0 d-----w- c:\windows\system32\XPSViewer
2009-12-28 12:28:34 0 d-----w- c:\windows\system32\sv
2009-12-28 12:28:32 0 d-----w- c:\windows\system32\drivers\sv-SE
2009-12-28 12:28:21 0 d-----w- c:\windows\system32\wbem\sv-SE
2009-12-28 12:27:56 0 d-----w- c:\windows\sv-SE
2009-12-28 12:16:11 44959992 ----a-w- C:\lp.cab
2009-12-28 12:01:52 0 d-----w- c:\programdata\Kaspersky SDK
2009-12-28 11:56:45 0 d-----w- c:\users\asta\appdata\roaming\MailFrontier
2009-12-28 11:52:16 72584 ----a-w- c:\windows\zllsputility.exe
2009-12-28 11:52:14 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-12-28 11:51:48 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-28 11:51:36 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-12-28 11:51:36 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-28 11:51:35 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-28 11:51:35 0 d-----w- c:\program files\Zone Labs
2009-12-28 11:50:45 0 d-----w- c:\programdata\CheckPoint
2009-12-28 11:50:44 0 d-----w- c:\windows\Internet Logs
2009-12-28 11:32:10 1002008 ----a-w- c:\windows\system32\igxpun.exe
2009-12-28 11:32:10 0 d-----w- c:\windows\system32\x64
2009-12-28 11:31:40 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-28 11:30:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-28 11:30:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-28 11:29:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 11:26:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-28 11:19:17 1442452 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-12-28 11:19:00 0 d-----w- c:\windows\system32\wbem\Performance
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
==================== Find3M ====================
2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 13:37:35,09 ===============
-
Om det inte räcker med MBAM så klistra in loggen från MBAM i ditt svar samt gör följande:
Spara DDS på Skrivbordet.
http://download.bleepingcomputer.com/sUBs/dds.scr
Starta programmet (i Vista högerklicka och Kör som administratör).
Tryck Yes/Ja om frågan om Optional Scan dyker upp.
I ditt svar bifogar du loggen DSS.txt, men inte Attach.txt utan den sparar du på Skrivbordet utifall att jag behöver se den senare.
-
Mitt ZoneAlarm indikerar att Trojan-Dropper.Win32.Boaxxe.bk finns på datorn.
ZA sätter den i karantän och jag tar bort den.
Efter en stund dyker den upp igen (varje gång i en ny undermapp till C/Windows/Temp.
Finns det ngt "removal" verktyg ? Eller vad gör man ?
-
Har försökt klona och migrera en disk till en ny (större) med Norton Ghost.
Allt såg bra ut och datorn började starta från den nya disken >välkommen>förbereder skrivbordet, -men där var det stopp, skärmen blev blågrå och texten om ogiltigt exemplar kom upp i nedre högra hörnet. Installationen var äkta Win 7 HP. Ingen hårdvara hade bytts förutom disken. Jag gjorde en "ren installation" från skivan och då funkade allt t o m utan aktivering.
Är det ngn som har en bra förklaring eller är det Norton G som inte funkar ?
-
Starta Kommandotolken som admin, och skriv control userpasswords2... ta bort bocken i "Användarnamn och lösenord..."
Tackar. Min hjärna kommer nu att defragmenteras!
-
Har ett nätverk med lösenordsskyddade användarkonton. Nu har jag måst ominstallera Win 7 på en av datorerna.
Då upptäcker jag att Alzheimern slagit till och jag kan inte hitta vad jag gör för att få nämnda dator att logga på användarkontot automatiskt.
I någon hjärncell flimrar något om ändring i registret.
Någon som har sina celler i behåll???
-
Nja..., det är väl inte genom WU som Microsofts "generella" drivrutin kommit utan ur drivrutinsförrådet som följde med vid installationen.
Det är den som jag vill "blockera" på något vis.
Den som fungerar har jag laddat hem från Synaptics.
Localhost på trådlöst nätverk
i Nätverk, internet och bredband
Postad
Har ett trådlöst nätverk med ett antal Win 7 och Linuxdatorer.
Helt plötsligt häromdagen visades en ny dator med namnet localhost på nätverkskartan.
Den visades på samtliga datorer och innehöll samma mappar som den dator som jag just tittade på.
Den trådlösa routern är en D-link Dir-635. Det enda avvikande jag gjort på sistone är att ansluta en dator med Linux Mandriva.
Någon ide om vad det kan bero på ?