hubalon Posted January 12, 2010 Posted January 12, 2010 Mitt ZoneAlarm indikerar att Trojan-Dropper.Win32.Boaxxe.bk finns på datorn. ZA sätter den i karantän och jag tar bort den. Efter en stund dyker den upp igen (varje gång i en ny undermapp till C/Windows/Temp. Finns det ngt "removal" verktyg ? Eller vad gör man ? Quote
ture Posted January 12, 2010 Posted January 12, 2010 testa Malwarebytes' Anti-Malware ladda hem gratis ver,uppdatera programet innan du scannar http://www.malwarebytes.org/ mvh t Quote
Cecilia Posted January 12, 2010 Posted January 12, 2010 Om det inte räcker med MBAM så klistra in loggen från MBAM i ditt svar samt gör följande: Spara DDS på Skrivbordet. http://download.bleepingcomputer.com/sUBs/dds.scr Starta programmet (i Vista högerklicka och Kör som administratör). Tryck Yes/Ja om frågan om Optional Scan dyker upp. I ditt svar bifogar du loggen DSS.txt, men inte Attach.txt utan den sparar du på Skrivbordet utifall att jag behöver se den senare. Quote
hubalon Posted January 12, 2010 Author Posted January 12, 2010 (edited) Om det inte räcker med MBAM så klistra in loggen från MBAM i ditt svar samt gör följande: Spara DDS på Skrivbordet. http://download.bleepingcomputer.com/sUBs/dds.scr Starta programmet (i Vista högerklicka och Kör som administratör). Tryck Yes/Ja om frågan om Optional Scan dyker upp. I ditt svar bifogar du loggen DSS.txt, men inte Attach.txt utan den sparar du på Skrivbordet utifall att jag behöver se den senare. Edited January 12, 2010 by hubalon Quote
hubalon Posted January 12, 2010 Author Posted January 12, 2010 DDS (Ver_09-12-01.01) - NTFSx86 Run by asta at 13:35:33,30 on 2010-01-12 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2038.1268 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\lxdjcoms.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Lexmark 1400 Series\lxdjamon.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\asta\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [Google Update] "c:\users\asta\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [<NO NAME>] uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe" mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\306313.lnk - c:\users\asta\appdata\local\temp\nvscv.exe StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\asta\appdata\roaming\mozilla\firefox\profiles\yz26u1xf.default\ FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/ FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\users\asta\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B"); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask"); ============= SERVICES / DRIVERS =============== R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088] R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-29 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-29 8456] =============== Created Last 30 ================ 2010-01-12 12:00:25 0 d-----w- c:\users\asta\appdata\roaming\Malwarebytes 2010-01-12 12:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-12 12:00:13 0 d-----w- c:\programdata\Malwarebytes 2010-01-12 12:00:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-12 12:00:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-30 15:17:58 0 d-----w- c:\program files\MSXML 4.0 2009-12-30 11:06:58 0 d-----w- c:\users\asta\appdata\roaming\TeamViewer 2009-12-30 11:06:48 0 d-----w- c:\program files\TeamViewer 2009-12-30 11:05:32 0 d-----w- c:\users\asta\temp 2009-12-30 07:18:01 0 d-----w- c:\program files\Media Center Plugin 2009-12-29 09:50:24 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2009-12-29 09:50:24 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys 2009-12-29 09:50:24 1669120 ----a-w- c:\windows\system32\BootMan.exe 2009-12-29 09:50:24 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll 2009-12-29 09:50:24 14216 ----a-w- c:\windows\system32\epmntdrv.sys 2009-12-29 09:34:27 0 d-----w- c:\program files\Speccy 2009-12-29 08:33:38 0 d-----w- c:\users\asta\appdata\roaming\Lexmark Imaging Studio 2009-12-29 08:30:05 0 d-----w- c:\program files\Lx_cats 2009-12-29 08:28:00 0 d-----w- c:\program files\Lexmark 1400 Series 2009-12-29 06:36:54 0 d-----w- c:\program files\uTorrent 2009-12-29 06:35:59 0 d-----w- c:\users\asta\appdata\roaming\uTorrent 2009-12-29 06:15:31 0 d-----w- c:\users\asta\.gimp-2.6 2009-12-29 06:14:20 0 d-----w- c:\program files\GIMP-2.0 2009-12-29 06:07:07 0 d-----w- c:\users\asta\appdata\roaming\Canneverbe_Limited 2009-12-29 06:07:03 0 d-----w- c:\programdata\Canneverbe Limited 2009-12-29 06:06:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-12-29 05:49:22 0 d-----w- c:\programdata\Nokia 2009-12-29 05:47:20 0 d-----w- c:\users\asta\appdata\roaming\Nokia Ovi Suite 2009-12-29 05:45:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-12-29 05:45:45 0 d-----w- c:\programdata\PC Suite 2009-12-29 05:44:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-12-29 05:42:21 0 d-----w- c:\program files\common files\Nokia 2009-12-29 05:42:00 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-12-29 05:41:51 0 d-----w- c:\program files\PC Connectivity Solution 2009-12-29 05:41:26 91136 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-12-29 05:40:30 0 d-----w- c:\programdata\OviInstallerCache 2009-12-29 05:40:29 0 d-----w- c:\program files\Nokia 2009-12-28 20:03:31 0 d-----w- c:\windows\Panther 2009-12-28 14:53:09 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-12-28 14:51:56 0 d-----r- c:\program files\Skype 2009-12-28 14:51:51 0 d-----w- c:\programdata\Skype 2009-12-28 14:32:02 689 ---ha-r- c:\windows\EPMBatch.ept 2009-12-28 14:30:53 11 ----a-w- c:\windows\EuBcd.ini 2009-12-28 14:28:52 0 d-----w- c:\program files\EASEUS 2009-12-28 14:06:54 0 d-----w- c:\program files\AskBarDis 2009-12-28 14:06:40 0 d-----w- c:\users\asta\appdata\roaming\Foxit 2009-12-28 14:06:39 0 d-----w- c:\program files\Foxit Software 2009-12-28 13:57:02 0 d-----w- c:\users\asta\appdata\roaming\OpenOffice.org 2009-12-28 13:55:52 0 d-----w- c:\program files\JRE 2009-12-28 13:55:49 0 d-----w- c:\program files\OpenOffice.org 3 2009-12-28 13:55:14 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-28 13:53:33 0 d-sh--w- c:\windows\Installer 2009-12-28 12:29:24 617232 ----a-w- c:\windows\system32\perfh01D.dat 2009-12-28 12:29:24 37052 ----a-w- c:\windows\system32\perfd01D.dat 2009-12-28 12:29:24 294764 ----a-w- c:\windows\system32\perfi01D.dat 2009-12-28 12:29:24 120596 ----a-w- c:\windows\system32\perfc01D.dat 2009-12-28 12:28:34 0 d-----w- c:\windows\system32\XPSViewer 2009-12-28 12:28:34 0 d-----w- c:\windows\system32\sv 2009-12-28 12:28:32 0 d-----w- c:\windows\system32\drivers\sv-SE 2009-12-28 12:28:21 0 d-----w- c:\windows\system32\wbem\sv-SE 2009-12-28 12:27:56 0 d-----w- c:\windows\sv-SE 2009-12-28 12:16:11 44959992 ----a-w- C:\lp.cab 2009-12-28 12:01:52 0 d-----w- c:\programdata\Kaspersky SDK 2009-12-28 11:56:45 0 d-----w- c:\users\asta\appdata\roaming\MailFrontier 2009-12-28 11:52:16 72584 ----a-w- c:\windows\zllsputility.exe 2009-12-28 11:52:14 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2009-12-28 11:51:48 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2009-12-28 11:51:36 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2009-12-28 11:51:36 0 d-----w- c:\windows\system32\ZoneLabs 2009-12-28 11:51:35 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-12-28 11:51:35 0 d-----w- c:\program files\Zone Labs 2009-12-28 11:50:45 0 d-----w- c:\programdata\CheckPoint 2009-12-28 11:50:44 0 d-----w- c:\windows\Internet Logs 2009-12-28 11:32:10 1002008 ----a-w- c:\windows\system32\igxpun.exe 2009-12-28 11:32:10 0 d-----w- c:\windows\system32\x64 2009-12-28 11:31:40 257024 ----a-w- c:\windows\system32\msv1_0.dll 2009-12-28 11:30:31 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-28 11:30:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-28 11:29:59 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-28 11:26:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-12-28 11:19:17 1442452 ----a-w- c:\windows\system32\PerfStringBackup.INI 2009-12-28 11:19:00 0 d-----w- c:\windows\system32\wbem\Performance 2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr ==================== Find3M ==================== 2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat 2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat 2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat 2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 13:37:35,09 =============== Quote
hubalon Posted January 12, 2010 Author Posted January 12, 2010 Glömde posta MBAM-loggen Här är den: Malwarebytes' Anti-Malware 1.44 Databasversion: 3546 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-01-12 13:14:12 mbam-log-2010-01-12 (13-14-12).txt Skanningstyp: Snabb skanning Antal skannade objekt: 98106 Förfluten tid: 8 minute(s), 2 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 4 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: C:\Windows\Temp\rnjq.tmp\svchost.exe.vzr (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Windows\Temp\xbxp.tmp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\jivt.tmp\svchost.exe.vzr (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\asta\AppData\Local\Temp\nvvscv.exe (Trojan.Dropper) -> Quarantined and deleted successfully. Quote
Cecilia Posted January 12, 2010 Posted January 12, 2010 Avinstallera följande om de finns: Foxit Toolbar AskBar Ask Toolbar Ta bort mappen c:\users\asta\temp Spara ATF-Cleaner på Skrivbordet:http://www.atribune.org/ccount/click.php?id=1 Stäng av alla andra program, särskilt webbläsare. Dubbelklicka på ATF-Cleaner.exe för att starta programmet. Bocka i Select All. Tryck på Empty Selected. Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan. Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan. Tryck på Exit i Main-menyn för att stänga programmet. Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat. Vad är det för ZoneAlarm-produkt du har? Du verkar ha alldeles för dåligt antivirusskydd. Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex: http://www.idg.se/2.1085/1.164287 http://www.idg.se/2.1085/1.166702 Den är även nyttig på andra sätt se http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows Kontrollera att den är påslagen och på högsta nivån för bästa skydd: Kontrollpanelen - Säkerhetscenter - Andra säkerhetsinställningar (gäller Vista, men är troligen något liknande i Windows 7) Starta om datorn och sök igenom med MBAM och DDS igen. Klistra in samma loggar som sist. Quote
hubalon Posted January 12, 2010 Author Posted January 12, 2010 Malwarebytes' Anti-Malware 1.44 Databasversion: 3546 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-01-12 14:46:57 mbam-log-2010-01-12 (14-46-57).txt Skanningstyp: Snabb skanning Antal skannade objekt: 94929 Förfluten tid: 5 minute(s), 49 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades) Quote
hubalon Posted January 12, 2010 Author Posted January 12, 2010 DDS (Ver_09-12-01.01) - NTFSx86 Run by asta at 14:48:36,96 on 2010-01-12 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2038.1359 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Lexmark 1400 Series\lxdjamon.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\lxdjcoms.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asta\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\asta\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [Google Update] "c:\users\asta\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [<NO NAME>] uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe" mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\306313.lnk - c:\users\asta\appdata\local\temp\nvscv.exe StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\asta\appdata\roaming\mozilla\firefox\profiles\yz26u1xf.default\ FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/ FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\users\asta\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B"); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask"); ============= SERVICES / DRIVERS =============== R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088] R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-29 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-29 8456] =============== Created Last 30 ================ 2010-01-12 12:00:25 0 d-----w- c:\users\asta\appdata\roaming\Malwarebytes 2010-01-12 12:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-12 12:00:13 0 d-----w- c:\programdata\Malwarebytes 2010-01-12 12:00:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-12 12:00:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-30 15:17:58 0 d-----w- c:\program files\MSXML 4.0 2009-12-30 11:06:58 0 d-----w- c:\users\asta\appdata\roaming\TeamViewer 2009-12-30 11:06:48 0 d-----w- c:\program files\TeamViewer 2009-12-30 07:18:01 0 d-----w- c:\program files\Media Center Plugin 2009-12-29 09:50:24 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2009-12-29 09:50:24 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys 2009-12-29 09:50:24 1669120 ----a-w- c:\windows\system32\BootMan.exe 2009-12-29 09:50:24 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll 2009-12-29 09:50:24 14216 ----a-w- c:\windows\system32\epmntdrv.sys 2009-12-29 09:34:27 0 d-----w- c:\program files\Speccy 2009-12-29 08:33:38 0 d-----w- c:\users\asta\appdata\roaming\Lexmark Imaging Studio 2009-12-29 08:30:05 0 d-----w- c:\program files\Lx_cats 2009-12-29 08:28:00 0 d-----w- c:\program files\Lexmark 1400 Series 2009-12-29 06:36:54 0 d-----w- c:\program files\uTorrent 2009-12-29 06:35:59 0 d-----w- c:\users\asta\appdata\roaming\uTorrent 2009-12-29 06:15:31 0 d-----w- c:\users\asta\.gimp-2.6 2009-12-29 06:14:20 0 d-----w- c:\program files\GIMP-2.0 2009-12-29 06:07:07 0 d-----w- c:\users\asta\appdata\roaming\Canneverbe_Limited 2009-12-29 06:07:03 0 d-----w- c:\programdata\Canneverbe Limited 2009-12-29 06:06:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-12-29 05:49:22 0 d-----w- c:\programdata\Nokia 2009-12-29 05:47:20 0 d-----w- c:\users\asta\appdata\roaming\Nokia Ovi Suite 2009-12-29 05:45:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-12-29 05:45:45 0 d-----w- c:\programdata\PC Suite 2009-12-29 05:44:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-12-29 05:42:21 0 d-----w- c:\program files\common files\Nokia 2009-12-29 05:42:00 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-12-29 05:41:51 0 d-----w- c:\program files\PC Connectivity Solution 2009-12-29 05:41:26 91136 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-12-29 05:40:30 0 d-----w- c:\programdata\OviInstallerCache 2009-12-29 05:40:29 0 d-----w- c:\program files\Nokia 2009-12-28 20:03:31 0 d-----w- c:\windows\Panther 2009-12-28 14:53:09 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-12-28 14:51:56 0 d-----r- c:\program files\Skype 2009-12-28 14:51:51 0 d-----w- c:\programdata\Skype 2009-12-28 14:32:02 689 ---ha-r- c:\windows\EPMBatch.ept 2009-12-28 14:30:53 11 ----a-w- c:\windows\EuBcd.ini 2009-12-28 14:28:52 0 d-----w- c:\program files\EASEUS 2009-12-28 14:06:40 0 d-----w- c:\users\asta\appdata\roaming\Foxit 2009-12-28 14:06:39 0 d-----w- c:\program files\Foxit Software 2009-12-28 13:57:02 0 d-----w- c:\users\asta\appdata\roaming\OpenOffice.org 2009-12-28 13:55:52 0 d-----w- c:\program files\JRE 2009-12-28 13:55:49 0 d-----w- c:\program files\OpenOffice.org 3 2009-12-28 13:55:14 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-28 13:53:33 0 d-sh--w- c:\windows\Installer 2009-12-28 12:29:24 617232 ----a-w- c:\windows\system32\perfh01D.dat 2009-12-28 12:29:24 37052 ----a-w- c:\windows\system32\perfd01D.dat 2009-12-28 12:29:24 294764 ----a-w- c:\windows\system32\perfi01D.dat 2009-12-28 12:29:24 120596 ----a-w- c:\windows\system32\perfc01D.dat 2009-12-28 12:28:34 0 d-----w- c:\windows\system32\XPSViewer 2009-12-28 12:28:34 0 d-----w- c:\windows\system32\sv 2009-12-28 12:28:32 0 d-----w- c:\windows\system32\drivers\sv-SE 2009-12-28 12:28:21 0 d-----w- c:\windows\system32\wbem\sv-SE 2009-12-28 12:27:56 0 d-----w- c:\windows\sv-SE 2009-12-28 12:16:11 44959992 ----a-w- C:\lp.cab 2009-12-28 12:01:52 0 d-----w- c:\programdata\Kaspersky SDK 2009-12-28 11:56:45 0 d-----w- c:\users\asta\appdata\roaming\MailFrontier 2009-12-28 11:52:16 72584 ----a-w- c:\windows\zllsputility.exe 2009-12-28 11:52:14 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2009-12-28 11:51:48 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2009-12-28 11:51:36 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2009-12-28 11:51:36 0 d-----w- c:\windows\system32\ZoneLabs 2009-12-28 11:51:35 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-12-28 11:51:35 0 d-----w- c:\program files\Zone Labs 2009-12-28 11:50:45 0 d-----w- c:\programdata\CheckPoint 2009-12-28 11:50:44 0 d-----w- c:\windows\Internet Logs 2009-12-28 11:32:10 1002008 ----a-w- c:\windows\system32\igxpun.exe 2009-12-28 11:32:10 0 d-----w- c:\windows\system32\x64 2009-12-28 11:31:40 257024 ----a-w- c:\windows\system32\msv1_0.dll 2009-12-28 11:30:31 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-28 11:30:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-28 11:29:59 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-28 11:26:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-12-28 11:19:17 1442452 ----a-w- c:\windows\system32\PerfStringBackup.INI 2009-12-28 11:19:00 0 d-----w- c:\windows\system32\wbem\Performance 2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr ==================== Find3M ==================== 2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat 2009-12-28 12:27:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat 2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat 2009-12-28 12:27:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 14:50:25,86 =============== Quote
hubalon Posted January 12, 2010 Author Posted January 12, 2010 Jag har skruvat upp UAC. Avinstallerat ASK Toolbar. Rensat Cookies Jag använder ZA Internet Security Suit. Men Trojan-Dropper droppar troget in ändå. Jag skall göra omstart, kanske inte UAC-ändringen "tar" annars. Quote
Cecilia Posted January 12, 2010 Posted January 12, 2010 UAC skyddar ju framför allt genom att stoppa något från att komma in, det kan nog inte göra mycket nu när de skadliga filerna redan finns i datorn. Vad är det för årsmodell på ZA? Det verkar inte innehålla något rootkit-skydd alls och det är en nödvändighet i dagens läge. Kommer det här från något crackat program eller keygen? Det tycks vara väldigt vanligt i alla fall. Då måste du avinstallera det programmet för att vara säker på att det går att få bort de skadliga filerna. Finns det något i Start-menyn - Program - Autostart? På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här. Upprepa med nästa filnamn. C:\Windows\Explorer.EXE C:\Windows\system32\userinit.EXE Quote
hubalon Posted January 12, 2010 Author Posted January 12, 2010 Fil explorer.exe mottagen 2010.01.11 22:23:48 (UTC) Närvarande status: genomförd Resultat: 0/41 (0.00%) Compact Skriv ut resultat Antivirus Version Senaste Uppdatering Resultat a-squared 4.5.0.48 2010.01.11 - AhnLab-V3 5.0.0.2 2010.01.11 - AntiVir 7.9.1.134 2010.01.11 - Antiy-AVL 2.0.3.7 2010.01.11 - Authentium 5.2.0.5 2010.01.11 - Avast 4.8.1351.0 2010.01.11 - AVG 9.0.0.725 2010.01.11 - BitDefender 7.2 2010.01.11 - CAT-QuickHeal 10.00 2010.01.11 - ClamAV 0.94.1 2010.01.11 - Comodo 3550 2010.01.11 - DrWeb 5.0.1.12222 2010.01.11 - eSafe 7.0.17.0 2010.01.11 - eTrust-Vet 35.2.7229 2010.01.11 - F-Prot 4.5.1.85 2010.01.10 - F-Secure 9.0.15370.0 2010.01.11 - Fortinet 4.0.14.0 2010.01.09 - GData 19 2010.01.11 - Ikarus T3.1.1.80.0 2010.01.11 - Jiangmin 13.0.900 2010.01.11 - K7AntiVirus 7.10.944 2010.01.11 - Kaspersky 7.0.0.125 2010.01.11 - McAfee 5858 2010.01.11 - McAfee+Artemis 5858 2010.01.11 - McAfee-GW-Edition 6.8.5 2010.01.11 - Microsoft 1.5302 2010.01.11 - NOD32 4762 2010.01.11 - Norman 6.04.03 2010.01.11 - nProtect 2009.1.8.0 2010.01.11 - Panda 10.0.2.2 2010.01.11 - PCTools 7.0.3.5 2010.01.11 - Prevx 3.0 2010.01.11 - Rising 22.30.00.05 2010.01.11 - Sophos 4.49.0 2010.01.11 - Sunbelt 3.2.1858.2 2010.01.11 - Symantec 20091.2.0.41 2010.01.11 - TheHacker 6.5.0.3.146 2010.01.11 - TrendMicro 9.120.0.1004 2010.01.11 - VBA32 3.12.12.1 2010.01.11 - ViRobot 2010.1.11.2130 2010.01.11 - VirusBuster 5.0.21.0 2010.01.11 Fil userinit.exe mottagen 2010.01.10 20:17:18 (UTC) Närvarande status: genomförd Resultat: 0/41 (0.00%) Compact Skriv ut resultat Antivirus Version Senaste Uppdatering Resultat a-squared 4.5.0.48 2010.01.10 - AhnLab-V3 5.0.0.2 2010.01.10 - AntiVir 7.9.1.134 2010.01.10 - Antiy-AVL 2.0.3.7 2010.01.08 - Authentium 5.2.0.5 2010.01.10 - Avast 4.8.1351.0 2010.01.10 - AVG 8.5.0.430 2010.01.04 - BitDefender 7.2 2010.01.10 - CAT-QuickHeal 10.00 2010.01.09 - ClamAV 0.94.1 2010.01.09 - Comodo 3536 2010.01.10 - DrWeb 5.0.1.12222 2010.01.10 - eSafe 7.0.17.0 2010.01.10 - eTrust-Vet 35.2.7226 2010.01.08 - F-Prot 4.5.1.85 2010.01.10 - F-Secure 9.0.15370.0 2010.01.10 - Fortinet 4.0.14.0 2010.01.09 - GData 19 2010.01.10 - Ikarus T3.1.1.80.0 2010.01.10 - Jiangmin 13.0.900 2010.01.10 - K7AntiVirus 7.10.943 2010.01.09 - Kaspersky 7.0.0.125 2010.01.10 - McAfee 5857 2010.01.10 - McAfee+Artemis 5857 2010.01.10 - McAfee-GW-Edition 6.8.5 2010.01.10 - Microsoft 1.5302 2010.01.10 - NOD32 4759 2010.01.10 - Norman 6.04.03 2010.01.10 - nProtect 2009.1.8.0 2010.01.10 - Panda 10.0.2.2 2010.01.10 - PCTools 7.0.3.5 2010.01.10 - Prevx 3.0 2010.01.10 - Rising 22.29.06.04 2010.01.10 - Sophos 4.49.0 2010.01.10 - Sunbelt 3.2.1858.2 2010.01.10 - Symantec 20091.2.0.41 2010.01.10 - TheHacker 6.5.0.3.145 2010.01.10 - TrendMicro 9.120.0.1004 2010.01.10 - VBA32 3.12.12.1 2010.01.09 - ViRobot 2010.1.8.2128 2010.01.08 - VirusBuster 5.0.21.0 2010.01.10 - Quote
hubalon Posted January 12, 2010 Author Posted January 12, 2010 Senaste ZAISS (2010) Inga "fulprogram" I mappen Autostart = OpenOffice.org.3.1 Quote
Cecilia Posted January 12, 2010 Posted January 12, 2010 Det var ju bra att det inte var en virut-infektion för det brukar vara en vanlig kombination med C:\Users\asta\AppData\Local\Temp\nvvscv.exe. Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på. Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html Kör ComboFix och följ anvisningarna som visas. Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja. VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig. När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet. Om du får problem med att komma ut på internet: Kontrollpanelen - Nätverksanslutningar högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn. Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix. Quote
hubalon Posted January 12, 2010 Author Posted January 12, 2010 ComboFix 10-01-11.04 - asta 2010-01-12 17:17:34.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2038.1143 [GMT 1:00] Körs från: c:\users\asta\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat c:\recycler\S-1-5-21-583907252-1500820517-725345543-1004 c:\windows\system32\ujvh.dro ----- BITS: Troligen infekterade webbplatser ----- hxxp://nds1.nokia.com . (((((((((((((((((((((((( Filer Skapade från 2009-12-12 till 2010-01-12 )))))))))))))))))))))))))))))) . 2010-01-12 18:12 . 2010-01-12 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-12 16:13 . 2010-01-12 16:14 -------- d-----w- C:\32788R22FWJFW 2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\users\asta\AppData\Roaming\Malwarebytes 2010-01-12 12:00 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\programdata\Malwarebytes 2010-01-12 12:00 . 2010-01-12 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-12 12:00 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-10 16:14 . 2010-01-10 16:14 -------- d-----w- c:\users\asta\AppData\Local\Diagnostics 2009-12-30 15:17 . 2009-12-30 15:17 -------- d-----w- c:\program files\MSXML 4.0 2009-12-30 11:27 . 2009-12-30 11:27 -------- d-----w- c:\users\asta\AppData\Local\Mozilla 2009-12-30 11:06 . 2010-01-06 07:04 -------- d-----w- c:\users\asta\AppData\Roaming\TeamViewer 2009-12-30 11:06 . 2009-12-30 11:06 -------- d-----w- c:\program files\TeamViewer 2009-12-30 07:20 . 2009-12-30 07:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2009-12-30 07:20 . 2009-12-30 07:20 346944 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-30 07:18 . 2009-12-30 07:18 -------- d-----w- c:\program files\Media Center Plugin 2009-12-29 09:50 . 2009-11-05 15:38 1669120 ----a-w- c:\windows\system32\BootMan.exe 2009-12-29 09:50 . 2009-09-16 15:55 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys 2009-12-29 09:50 . 2009-09-14 08:21 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll 2009-12-29 09:50 . 2009-08-26 11:45 14216 ----a-w- c:\windows\system32\epmntdrv.sys 2009-12-29 09:50 . 2009-04-22 13:28 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2009-12-29 09:34 . 2009-12-29 09:34 567296 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5FC672F4-A4D4-EB5D-F32A-29F02DEC8C47}-VersitConverter.dll 2009-12-29 09:34 . 2009-12-29 09:34 -------- d-----w- c:\program files\Speccy 2009-12-29 08:33 . 2009-12-29 08:33 -------- d-----w- c:\users\asta\AppData\Roaming\Lexmark Imaging Studio 2009-12-29 08:30 . 2009-12-30 08:41 -------- d-----w- c:\program files\Lx_cats 2009-12-29 08:29 . 2007-02-27 04:16 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdjdrpp.dll 2009-12-29 06:36 . 2009-12-29 06:36 -------- d-----w- c:\program files\uTorrent 2009-12-29 06:35 . 2009-12-29 09:48 -------- d-----w- c:\users\asta\AppData\Roaming\uTorrent 2009-12-29 06:23 . 2009-12-29 06:23 45608 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{7952B7FB-4830-63CE-14DB-3AE918E91E8E}-whirl-pinch.exe 2009-12-29 06:23 . 2009-12-29 06:23 45104 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{2A39E020-37BC-22B8-6E02-ED751AD07221}-wind.exe 2009-12-29 06:20 . 2009-12-29 06:20 -------- d-----w- c:\program files\Google 2009-12-29 06:15 . 2009-12-29 06:19 -------- d-----w- c:\users\asta\.gimp-2.6 2009-12-29 06:14 . 2009-12-29 06:14 -------- d-----w- c:\program files\GIMP-2.0 2009-12-29 06:07 . 2009-12-29 06:07 -------- d-----w- c:\users\asta\AppData\Roaming\Canneverbe_Limited 2009-12-29 06:07 . 2009-12-29 06:07 -------- d-----w- c:\programdata\Canneverbe Limited 2009-12-29 06:06 . 2009-09-28 19:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-12-29 06:06 . 2009-12-29 06:10 -------- d-----w- c:\program files\CDBurnerXP 2009-12-29 06:03 . 2010-01-07 11:00 -------- d-----w- c:\users\asta\AppData\Roaming\ImgBurn 2009-12-29 06:02 . 2009-12-29 06:03 -------- d-----w- c:\program files\ImgBurn 2009-12-29 05:49 . 2009-12-29 05:49 -------- d-----w- c:\programdata\Nokia 2009-12-29 05:47 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\Nokia Ovi Suite 2009-12-29 05:47 . 2009-12-29 05:47 77824 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{74AB8BEF-101B-83AD-06E7-0DA8E8D00CCC}-Run_XML6_SP1.exe 2009-12-29 05:45 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\Nokia 2009-12-29 05:45 . 2009-12-29 05:45 -------- d-----w- c:\users\asta\AppData\Local\Nokia 2009-12-29 05:45 . 2009-12-29 05:45 -------- d-----w- c:\programdata\PC Suite 2009-12-29 05:45 . 2009-12-29 05:47 -------- d-----w- c:\users\asta\AppData\Roaming\PC Suite 2009-12-29 05:45 . 2009-12-29 05:46 -------- d-----w- c:\users\asta\AppData\Local\NokiaAccount 2009-12-29 05:42 . 2009-12-29 05:42 -------- d-----w- c:\program files\Common Files\Nokia 2009-12-29 05:42 . 2009-12-29 05:42 -------- d-----w- c:\program files\DIFX 2009-12-28 20:03 . 2009-12-28 11:25 -------- d-----w- c:\windows\Panther 2009-12-28 15:05 . 2009-12-28 15:05 -------- d-----w- c:\users\asta\AppData\Local\ElevatedDiagnostics 2009-12-28 14:53 . 2010-01-06 15:04 -------- d-----w- c:\users\asta\AppData\Roaming\skypePM 2009-12-28 14:52 . 2010-01-06 16:05 -------- d-----w- c:\users\asta\AppData\Roaming\Skype 2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----w- c:\program files\Common Files\Skype 2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----r- c:\program files\Skype 2009-12-28 14:51 . 2009-12-28 14:51 -------- d-----w- c:\programdata\Skype 2009-12-28 14:28 . 2009-12-29 09:49 -------- d-----w- c:\program files\EASEUS 2009-12-28 13:35 . 2009-12-28 13:35 -------- d-----w- c:\windows\system32\Macromed 2009-12-28 12:29 . 2010-01-12 09:30 617232 ----a-w- c:\windows\system32\perfh01D.dat 2009-12-28 12:29 . 2010-01-12 09:30 120596 ----a-w- c:\windows\system32\perfc01D.dat 2009-12-28 12:29 . 2009-12-28 12:27 37052 ----a-w- c:\windows\system32\perfd01D.dat 2009-12-28 12:29 . 2009-12-28 12:27 294764 ----a-w- c:\windows\system32\perfi01D.dat 2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\XPSViewer 2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\sv 2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\drivers\sv-SE 2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\sv-SE 2009-12-28 12:28 . 2009-12-28 12:28 -------- d-----w- c:\windows\system32\wbem\sv-SE 2009-12-28 12:27 . 2009-12-28 12:27 -------- d-----w- c:\windows\sv-SE 2009-12-28 12:01 . 2009-12-28 12:01 -------- d-----w- c:\programdata\Kaspersky SDK 2009-12-28 11:56 . 2009-12-28 11:56 -------- d-----w- c:\users\asta\AppData\Roaming\MailFrontier 2009-12-28 11:52 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe 2009-12-28 11:52 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2009-12-28 11:51 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll 2009-12-28 11:51 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2009-12-28 11:51 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2009-12-28 11:51 . 2010-01-06 06:56 -------- d-----w- c:\windows\system32\ZoneLabs 2009-12-28 11:51 . 2009-10-17 00:41 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2009-12-28 11:51 . 2009-12-28 11:51 -------- d-----w- c:\program files\Zone Labs 2009-12-28 11:50 . 2009-12-28 11:50 -------- d-----w- c:\programdata\CheckPoint 2009-12-28 11:50 . 2010-01-12 18:09 -------- d-----w- c:\windows\Internet Logs 2009-12-28 11:37 . 2009-12-29 06:21 -------- d-----w- c:\users\asta\AppData\Local\Google 2009-12-28 11:37 . 2009-12-29 06:07 61736 ----a-w- c:\users\asta\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-28 11:37 . 2009-12-28 11:37 -------- d-----w- c:\users\asta\AppData\Local\Deployment 2009-12-28 11:37 . 2009-12-28 11:37 -------- d-----w- c:\users\asta\AppData\Local\Apps 2009-12-28 11:32 . 2009-12-28 11:32 -------- d-----w- c:\windows\system32\x64 2009-12-28 11:32 . 2009-09-11 16:15 1002008 ----a-w- c:\windows\system32\igxpun.exe 2009-12-28 11:31 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll 2009-12-28 11:30 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-28 11:29 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-28 11:26 . 2009-12-28 11:26 -------- d-----w- c:\program files\Common Files\logishrd 2009-12-28 11:19 . 2010-01-12 09:30 -------- d-----w- c:\windows\system32\wbem\Performance 2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-12 18:08 . 2010-01-12 18:08 699983 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-01-12 14:01 . 2009-12-28 11:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-01-12 12:15 . 2010-01-12 12:16 2237952 ----a-w- c:\windows\Internet Logs\xDB66C0.tmp 2010-01-12 12:15 . 2010-01-12 12:16 627712 ----a-w- c:\windows\Internet Logs\xDB651A.tmp 2010-01-12 08:39 . 2010-01-12 08:41 2217472 ----a-w- c:\windows\Internet Logs\xDB88FF.tmp 2010-01-11 09:28 . 2010-01-11 09:30 2214400 ----a-w- c:\windows\Internet Logs\xDB62BA.tmp 2010-01-09 18:03 . 2010-01-10 15:45 190464 ----a-w- c:\windows\Internet Logs\xDB673C.tmp 2010-01-09 18:03 . 2010-01-10 15:45 2210816 ----a-w- c:\windows\Internet Logs\xDB6885.tmp 2010-01-05 15:31 . 2010-01-06 06:44 2169856 ----a-w- c:\windows\Internet Logs\xDB3DB3.tmp 2010-01-05 15:31 . 2010-01-06 06:44 155648 ----a-w- c:\windows\Internet Logs\xDB3C47.tmp 2010-01-01 16:15 . 2010-01-02 14:23 2168320 ----a-w- c:\windows\Internet Logs\xDB3CF2.tmp 2009-12-29 16:39 . 2009-12-30 07:07 2134016 ----a-w- c:\windows\Internet Logs\xDB49CE.tmp 2009-12-29 16:39 . 2009-12-30 07:07 311296 ----a-w- c:\windows\Internet Logs\xDB474E.tmp 2009-12-29 08:28 . 2009-12-29 08:28 -------- d-----w- c:\program files\Lexmark 1400 Series 2009-12-29 06:10 . 2009-12-29 06:10 1895936 ----a-w- c:\windows\Internet Logs\xDB4397.tmp 2009-12-29 05:45 . 2009-12-29 05:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-12-29 05:44 . 2009-12-29 05:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-12-29 05:42 . 2009-12-29 05:40 -------- d-----w- c:\program files\Nokia 2009-12-29 05:41 . 2009-12-29 05:41 -------- d-----w- c:\program files\PC Connectivity Solution 2009-12-29 05:40 . 2009-12-29 05:40 12212040 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe 2009-12-29 05:40 . 2009-12-29 05:40 13930312 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe 2009-12-29 05:40 . 2009-12-29 05:40 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe 2009-12-29 05:40 . 2009-12-29 05:40 61440 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe 2009-12-29 05:40 . 2009-12-29 05:40 58880 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe 2009-12-29 05:40 . 2009-12-29 05:40 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe 2009-12-29 05:40 . 2009-12-29 05:40 -------- d-----w- c:\programdata\OviInstallerCache 2009-12-29 05:40 . 2009-12-29 05:40 95992424 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL.exe 2009-12-29 05:23 . 2009-12-29 06:10 8704 ----a-w- c:\windows\Internet Logs\xDB4210.tmp 2009-12-28 16:26 . 2009-12-29 05:23 165888 ----a-w- c:\windows\Internet Logs\xDB42BC.tmp 2009-12-28 15:33 . 2009-12-28 13:54 -------- d-----w- c:\program files\Java 2009-12-28 14:53 . 2009-12-28 14:53 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-12-28 14:32 . 2009-12-28 14:46 103424 ----a-w- c:\windows\Internet Logs\xDBE64A.tmp 2009-12-28 14:32 . 2009-12-28 14:46 1784832 ----a-w- c:\windows\Internet Logs\xDBF0B7.tmp 2009-12-28 14:06 . 2009-12-28 14:06 -------- d-----w- c:\users\asta\AppData\Roaming\Foxit 2009-12-28 14:06 . 2009-12-28 13:39 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-12-28 14:06 . 2009-12-28 14:06 -------- d-----w- c:\program files\Foxit Software 2009-12-28 13:57 . 2009-12-28 13:57 1 ----a-w- c:\users\asta\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-28 13:57 . 2009-12-28 13:57 -------- d-----w- c:\users\asta\AppData\Roaming\OpenOffice.org 2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\program files\JRE 2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\program files\OpenOffice.org 3 2009-12-28 13:40 . 2009-12-28 13:40 -------- d-----w- c:\users\asta\AppData\Roaming\Thunderbird 2009-12-28 12:31 . 2009-12-28 12:32 68608 ----a-w- c:\windows\Internet Logs\xDBBA99.tmp 2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar 2009-12-28 12:28 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker 2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer 2009-12-28 12:28 . 2009-07-14 07:49 -------- d-----w- c:\program files\Windows Journal 2009-12-28 12:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender 2009-12-28 12:27 . 2009-12-28 12:28 37052 ----a-w- c:\windows\inf\PERFLIB\041D\perfd.dat 2009-12-28 12:27 . 2009-12-28 12:28 37052 ----a-w- c:\windows\inf\PERFLIB\041D\perfc.dat 2009-12-28 12:27 . 2009-12-28 12:28 294764 ----a-w- c:\windows\inf\PERFLIB\041D\perfi.dat 2009-12-28 12:27 . 2009-12-28 12:28 294764 ----a-w- c:\windows\inf\PERFLIB\041D\perfh.dat 2009-12-28 11:52 . 2009-12-28 11:51 423031 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-12-28 11:30 . 2009-12-28 11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-28 135664] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2009-04-27 25256] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] c:\users\asta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [2009-07-14 48128] R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\System32\drivers\KMWDFILTER.sys [2009-04-29 25088] R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\System32\drivers\Dnetr28u.sys [2009-08-06 750592] S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [2009-12-29 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [2009-12-29 8456] . Innehållet i mappen 'Schemalagda aktiviteter': 2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3128610318-2832286723-3432330886-1000Core.job - c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-28 11:37] 2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3128610318-2832286723-3432330886-1000UA.job - c:\users\asta\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-28 11:37] . . ------- Extra genomsökning ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 FF - ProfilePath - c:\users\asta\AppData\Roaming\Mozilla\Firefox\Profiles\yz26u1xf.default\ FF - prefs.js: browser.startup.homepage - hxxp://aftonbladet.se/ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\users\asta\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICY ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85950841]<< kernel: MBR read successfully detected MBR rootkit hooks: IoDeviceObjectType -> DumpProcedure -> 0xd46a624f SecurityProcedure -> 0x84cace88 QueryNameProcedure -> 0x84caa558 user & kernel MBR OK ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Sluttid: 2010-01-12 19:19:06 ComboFix-quarantined-files.txt 2010-01-12 18:19 Före genomsökningen: 103 284 056 064 byte ledigt Efter genomsökningen: 103 593 152 512 byte ledigt - - End Of File - - 9050C8F7AC4A72534FEE55B2B0E4477B Quote
Cecilia Posted January 12, 2010 Posted January 12, 2010 1. Spara denna fil på Skrivbordet: http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe Kör programmet. När det är klart så skapas en loggfil Win32kDiag.txt på Skrivbordet. Klistra in den i ditt svar. 2. Spara denna fil på Skrivbordet: http://rootrepeal.googlepages.com/RootRepeal.zip Packa upp zip-filen (extrahera) så att du får en programfil. Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram. Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html Starta RootRepeal (i Vista och Windows 7 som vanligt genom att högerklicka på ikonen och välja Kör som administratör). Välj Report-fliken och tryck på Scan. Bocka för alla sju valen och tryck sedan på Yes/Ja. Välj C: och tryck Ok. Det tar ett tag för RootRepeal att söka igenom C:. När sökningen är klar så tryck på Save Report och spara den med namnet rootrepeal.log. Sätt igång antivirusprogram och brandvägg innan du ansluter till internet. Klistra in innehållet i rootrepeal.log i ditt svar. 3. Spara Gmer på Skrivbordet från en av dessa sidor: http://www.gmer.net/files.php välj Gmer application http://www.majorgeeks.com/GMER_d5198.html Packa upp filen till Skrivbordet. Dra ur internetanslutningen. Stäng alla program, även antivirusprogram och brandvägg. Starta programmet gmer.exe. Om det kommer upp en fråga om "scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer. Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på. Tryck på Save och spara resultatet på Skrivbordet. Sätt igång antivirusprogram och brandvägg innan du ansluter till internet. Klistra in resultatet i ditt svar. Quote
hubalon Posted January 13, 2010 Author Posted January 13, 2010 Running from: C:\Users\asta\Desktop\Win32kDiag.exe Log file at : C:\Users\asta\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [1] 2010-01-13 05:18:27 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl [1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl [1] 2010-01-13 05:18:03 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl [1] 2010-01-13 05:20:43 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl [1] 2010-01-13 05:18:35 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat [1] 2009-12-28 16:23:18 8192 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 [1] 2009-12-28 16:23:17 5120 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 [1] 2009-12-28 16:23:17 0 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TM.blf [1] 2009-12-28 16:23:17 65536 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TM.blf () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000001.regtrans-ms [1] 2009-12-28 16:23:17 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000001.regtrans-ms () Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000002.regtrans-ms [1] 2009-12-28 16:23:17 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{afaa7370-f3bf-11de-bd06-001372b95a35}.TMContainer00000000000000000002.regtrans-ms () Finished! Quote
hubalon Posted January 13, 2010 Author Posted January 13, 2010 2. Kan inte köra Root Repeal ROOTREPEAL CRASH REPORT ------------------------- Windows Version: Windows Vista SP0 Exception Code: 0xc0000005 Exception Address: 0x00422bf2 Attempt to read from address: 0x00000004 Quote
hubalon Posted January 13, 2010 Author Posted January 13, 2010 GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-13 06:13:25 Windows 6.1.7600 Running: 2j9gm4sv.exe; Driver: C:\Users\asta\AppData\Local\Temp\kxldrpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8DD3A7D6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x8DD3B0A6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8DD3A22C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8DD337EA] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8DD5208A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8DD3AD36] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8DD4E5F4] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8DD4EA1C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8DD5697A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8DD4EE90] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8DD3AE94] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8DD346B6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8DD53AAA] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8DD5339E] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8DD4D42E] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8DD54478] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8DD546B6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8DD54B68] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0x8DD56D38] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8DD341A4] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8DD50652] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8DD55912] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8DD54E32] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8DD39DC0] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8DD55550] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8DD3A4F8] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8DD34AC2] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8DD55E9C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8DD52ABE] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8DD4F71A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x8DD4F44A] INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828343F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D2D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281C898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828341DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828346F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82834F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828351A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82894579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828B8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 248 828C0748 8 Bytes [D6, A7, D3, 8D, A6, B0, D3, ...] {SALC ; CMPSD ; ROR DWORD [EBP-0x722c4f5a], CL} .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 828C07DC 4 Bytes [2C, A2, D3, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 2F8 828C07F8 4 Bytes JMP 958DD337 .text ntkrnlpa.exe!RtlSidHashLookup + 308 828C0808 4 Bytes [8A, 20, D5, 8D] {MOV AH, [EAX]; AAD 0x8d} .text ntkrnlpa.exe!RtlSidHashLookup + 324 828C0824 4 Bytes [36, AD, D3, 8D] .text ... .text peauth.sys A961DC9D 28 Bytes [0F, 9F, DF, B7, 2E, 5E, 52, ...] .text peauth.sys A961DCC1 28 Bytes [0F, 9F, DF, B7, 2E, 5E, 52, ...] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[644] ole32.dll!CoCreateInstance 775A57FC 5 Bytes JMP 005D000A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [8DD3F6CA] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [8DD3DC76] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [8DD3FD12] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [8DD3F520] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Filterhanteraren för Microsofts filsystem/Microsoft Corporation) Device -> \Driver\atapi \Device\Harddisk0\DR0 8594E841 ---- Files - GMER 1.0.15 ---- File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ---- Quote
nothing Posted January 13, 2010 Posted January 13, 2010 tja har precis genomlidit detta på min bärbara med 7 home premiu o microsoft security essential som inte tog denna dök upp igen bytte plats osv o min lösning vart en testversion av nod32 testade diverse sätt malwarebytes osv mm mvh nothing (varit oinfekterad i 24 timmar iaf) Quote
hubalon Posted January 13, 2010 Author Posted January 13, 2010 Tack Cecilia och andra för goda råd, men en ominstallation går snabbare. Räcker det att göra en "clean install" för att bli av med eländet? Eller måste jag formatera hela HD:n. Det skapas ju en Win.old, finns eländet kvar där-och är det i s f isolerat? Skapas det inte en dold partition om ca: 100MB. Finns den kvar från den "gamla" inst - och kan den vara infekterad? Andra goda råd om installation mottages med tacksamhet. Jag har Win 7 Home Premium Family (updateversion). Quote
Cecilia Posted January 13, 2010 Posted January 13, 2010 Du kan ju se vad Nod32 hittar och åtgärdar vid en online-skanning eftersom det hade hjälpt nothing: http://www.eset.com/onlinescan/ Spara loggen och klistra in i ditt svar. Det körs ju inga program från Win.old-mappen så man kan ju säga att det blir isolerat i den. Quote
hubalon Posted January 13, 2010 Author Posted January 13, 2010 Redan provat Nod32. Tack Cecilia för ditt tålamod. Vad jag kunde förstå (från Nod32) så härrörde eländet från 91.212.226.189/inst_n82.exe. Googlade på det - och där såg det eländigt ut. Quote
Cecilia Posted January 13, 2010 Posted January 13, 2010 Nu hänger jag inte med riktigt. Vad har IP-adressen med infekterade filer i din dator att göra? Hittade Nod32 en fil som heter inst_n82.exe i din dator? Quote
hubalon Posted January 13, 2010 Author Posted January 13, 2010 Nu har jag avinstallerat Nod32 och installerat om, men när Nod 32 scannade datorn så satte den infekterade filer i karantän. När jag sedan gick till karantän för att ta bort dem så fanns IP-adressen med i textsträngen. Jag kommer inte ihåg exakt vad det stod, men kanske var det därifrån trojanerna kom ? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.