Jump to content

Recurring Trojan?

Oyen

By Oyen
in Resolved Malware Removal Logs

 Share

Recommended Posts

Oyen

Oyen

Posted
  • Author
Posted

Things seem to run very well now. I ran a Full Scan with AVG and it found an infection though. The log comes below.

Scan "Whole computer scan" completed.

Infections;"1";"1";"0"

Warnings;"2";"2";"0"

Folders selected for scanning:;"Whole computer scan"

Scan started:;"den 12 december 2011, 12:05:04"

Scan finished:;"den 12 december 2011, 12:23:27 (18 minute(s) 22 second(s))"

Total object scanned:;"840946"

User who launched the scan:;"Lars"

Infections

;"File";"Infection";"Result"

;"C:\WINDOWS\system32\dllcache\redbook.sys";"Trojan horse BackDoor.Generic14.BYEP";"Moved to Virus Vault"

Warnings

;"File";"Infection";"Result"

;"C:\Documents and Settings\Lars\Cookies\1IGN78EA.txt:\real.com.66561182";"Found Tracking cookie.Real";"Moved to Virus Vault"

;"C:\Documents and Settings\Lars\Cookies\1IGN78EA.txt";"Found Tracking cookie.Real";"Healed"

I thought the C:\WINDOWS\system32\dllcache\redbook.sys was replaced with the other file in the OTL fix? Since it´s now in the Vault, is there anything to worry about?

Link to post
Share on other sites
Oyen

Oyen

Posted
  • Author
Posted

C:\WINDOWS\ServicePackFiles\i386\redbook.sys

http://www.virustotal.com/file-scan/report.html?id=029c107a643a17b78a94af1174f8d2e88853ba65b2a02c821fd73e706dd91487-1323891502

____________________________________________________________

C:\WINDOWS\system32\dllcache\redbook.sys

File could not be found.

____________________________________________________________

C:\WINDOWS\system32\drivers\redbook.sys

http://www.virustotal.com/file-scan/report.html?id=e9be9dc2e8ba251019c1ad62046444b041dff57477eda1ddb54dc89dc9356601-1323891846

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:files
C:\WINDOWS\ServicePackFiles\i386\redbook.sys | C:\WINDOWS\system32\drivers\redbook.sys /replace

:Commands
[emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites
Oyen

Oyen

Posted
  • Author
Posted

All processes killed

========== FILES ==========

File C:\WINDOWS\ServicePackFiles\i386\redbook.sys successfully replaced with C:\WINDOWS\system32\drivers\redbook.sys

========== COMMANDS ==========

[EMPTYTEMP]

User: Administratör

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Lars

->Temp folder emptied: 76067 bytes

->Temporary Internet Files folder emptied: 591725 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 6528958 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 722 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 55862 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12152011_151603

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

My apologies for the delay.

Maniac is away and I will be helping you instead.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Describe what issues you are currently experiencing.

-screen317

Link to post
Share on other sites
Oyen

Oyen

Posted
  • Author
Posted

Hi, here´s the MBAM log followed by the DDS log

___________________________________________________

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Databasversion: v2012.01.02.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Lars :: LARS-52D1C95ED3 [administratör]

Skydd: Aktiverad

2012-01-02 15:11:55

mbam-log-2012-01-02 (15-11-55).txt

Skanningstyp: Snabbskanning

Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM

Inaktiverade skanningsalternativ: P2P

Antal skannade objekt: 202552

Förfluten tid: 3 minut(er), 50 sekund(er)

Upptäckta minnesprocesser: 0

(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0

(Inga skadliga poster hittades)

Upptäckta registernycklar: 0

(Inga skadliga poster hittades)

Upptäckta registervärden: 0

(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0

(Inga skadliga poster hittades)

Upptäckta mappar: 0

(Inga skadliga poster hittades)

Upptäckta filer: 0

(Inga skadliga poster hittades)

(klar)

____________________________________________________

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Lars at 16:50:01 on 2012-01-02

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1206 [GMT 1:00]

.

AV: AVG Internet Security Business Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\Program\AVG\AVG2012\avgrsx.exe

C:\Program\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\AVG\AVG2012\avgfws.exe

C:\Program\AVG\AVG2012\avgwdsvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program\Nero\Update\NASvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program\Delade filer\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

C:\Program\AVG\AVG2012\AVGIDSAgent.exe

C:\Program\AVG\AVG2012\avgnsx.exe

C:\Program\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\DELADE~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Razer\Diamondback 3G\razerhid.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program\Logitech Gaming Software\LCore.exe

C:\Program\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\AVG\AVG2012\avgtray.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Pando Networks\Media Booster\PMB.exe

C:\Program\Razer\Diamondback 3G\razertra.exe

C:\Program\Razer\Diamondback 3G\razerofa.exe

C:\Documents and Settings\Lars\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Lars\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Lars\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Lars\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Lars\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.se/

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg2012\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

TB: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Pando Media Booster] c:\program\pando networks\media booster\PMB.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe

mRun: [soundMAXPnP] c:\program\analog devices\core\smax4pnp.exe

mRun: [Diamondback] c:\program\razer\diamondback 3g\razerhid.exe

mRun: [GrooveMonitor] "c:\program\microsoft office\office12\GrooveMonitor.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [Launch LCore] "c:\program\logitech gaming software\LCore.exe" /minimized

mRun: [updatePDRShortCut] "c:\program\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0"

mRun: [vProt] "c:\program\avg secure search\vprot.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "c:\program\avg\avg2012\avgtray.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t

mPolicies-system: DisableStatusMessages = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\program\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\lars\application data\dvdvideosoftiehelpers\youtubetomp3.htm

IE: Save YouTube Video - c:\program\delade filer\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm

IE: Save YouTube Video as MP3 - c:\program\delade filer\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office12\REFIEBAR.DLL

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.254

TCP: Interfaces\{1DB92874-42DA-4F43-BC76-5F57B3B4351D} : DhcpNameServer = 192.168.0.254

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program\belarc\advisor\system\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program\delade filer\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll

Notify: MCPClient - c:\program\delade~1\stardock\mcpstub.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\program\delade~1\stardock\MCPCore.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\program\wifd1f~1\MpShHook.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]

R2 avgfws;AVG Firewall;c:\program\avg\avg2012\avgfws.exe [2011-8-19 2399560]

R2 AVGIDSAgent;AVGIDSAgent;c:\program\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

R2 avgwd;AVG WatchDog;c:\program\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;c:\program\malwarebytes' anti-malware\mbamservice.exe [2010-1-12 652872]

R2 NAUpdate;@c:\program\nero\update\nasvc.exe,-200;c:\program\nero\update\NASvc.exe [2011-9-23 641832]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-30 2253120]

R2 vToolbarUpdater;vToolbarUpdater;c:\program\delade filer\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2012-1-2 869216]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-9-15 19720]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-9-15 14856]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-12 20464]

R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-3-14 13225]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-2-8 135664]

S3 appliandMP;appliandMP; [x]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

S3 CME_1394;CME_1394;c:\windows\system32\drivers\CME_1394.sys [2008-3-14 113664]

S3 CME_avs;CME_avs;c:\windows\system32\drivers\CME_avs.sys [2008-3-14 28672]

S3 cpudrv;cpudrv;\??\c:\program\systemrequirementslab\cpudrv.sys --> c:\program\systemrequirementslab\cpudrv.sys [?]

S3 DBKDRVR54;DBKDRVR54;\??\c:\program\cheat engine\dbk32.sys --> c:\program\cheat engine\dbk32.sys [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-10-19 13224]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2010-2-8 135664]

S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-5-15 13312]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-10-31 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-10-31 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-10-31 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-10-31 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-10-31 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-10-31 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-10-31 110120]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-11-1 155344]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-3-15 18432]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-01-02 14:37:16 98816 ----a-w- c:\windows\sed.exe

2012-01-02 14:37:16 518144 ----a-w- c:\windows\SWREG.exe

2012-01-02 14:37:16 256000 ----a-w- c:\windows\PEV.exe

2012-01-02 14:37:16 208896 ----a-w- c:\windows\MBR.exe

2012-01-02 13:58:03 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search

2011-12-07 14:54:08 -------- d-----w- c:\program\ESET

2011-12-07 14:47:03 -------- d-----w- c:\program\MALWAREBYTES ANTI-MALWARE

2011-12-05 16:33:10 -------- d-----w- C:\_OTL

.

==================== Find3M ====================

.

2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-01 22:08:17 317200 ----a-w- C:\aswclear.exe

2011-12-01 14:13:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-23 14:40:46 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-06 14:19:47 286052 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-11-06 14:19:47 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-11-06 14:19:32 286052 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-11-04 19:13:23 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13:22 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25:39 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:11 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:32:19 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-26 10:49:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 10:49:54 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll

2011-10-18 11:13:35 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:54 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-15 18:15:26 20188776 ----a-w- c:\program\CheetahDVDBurner.exe

2010-01-19 17:03:16 13976672 ----a-w- c:\program\ichords2.exe

2009-09-02 18:54:05 32829864 ----a-w- c:\program\AVSAudioEditor.exe

2008-05-05 19:42:52 774144 ----a-w- c:\program\RngInterstitial.dll

.

============= FINISH: 16:56:21,84 ===============

Link to post
Share on other sites
Oyen

Oyen

Posted
  • Author
Posted

ComboFix 12-01-02.01 - Lars 2012-01-02 15:39:04.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1204 [GMT 1:00]

Körs från: c:\documents and settings\Lars\Skrivbord\ComboFix.exe

AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

* Skapade en ny återställningspunkt

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB48641$\2571016285

c:\windows\isRS-000.tmp

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\79558d6cddf1c680.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

.

---- Föregående körning -------

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.ilg

c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe

c:\documents and settings\All Users\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\0B4227B4.TMP

c:\documents and settings\Lars\Application Data\.#

c:\documents and settings\Lars\Application Data\.#\MBX@29C@3E41B8.###

c:\documents and settings\Lars\Application Data\.#\MBX@29C@3E41E8.###

c:\documents and settings\Lars\Application Data\.#\MBX@29C@3E4218.###

c:\documents and settings\Lars\Application Data\.#\MBX@688@3E41B8.###

c:\documents and settings\Lars\Application Data\.#\MBX@688@3E41E8.###

c:\documents and settings\Lars\Application Data\.#\MBX@688@3E4218.###

c:\documents and settings\Lars\Application Data\.#\MBX@938@3E41B8.###

c:\documents and settings\Lars\Application Data\.#\MBX@938@3E41E8.###

c:\documents and settings\Lars\Application Data\.#\MBX@938@3E4218.###

c:\documents and settings\Lars\Application Data\.#\MBX@A4C@3E41B8.###

c:\documents and settings\Lars\Application Data\.#\MBX@A4C@3E41E8.###

c:\documents and settings\Lars\Application Data\.#\MBX@A4C@3E4218.###

c:\documents and settings\Lars\Application Data\.#\MBX@A84@3E41B8.###

c:\documents and settings\Lars\Application Data\.#\MBX@A84@3E41E8.###

c:\documents and settings\Lars\Application Data\.#\MBX@A84@3E4218.###

c:\documents and settings\Lars\Application Data\.#\MBX@B68@3E41B8.###

c:\documents and settings\Lars\Application Data\.#\MBX@B68@3E41E8.###

c:\documents and settings\Lars\Application Data\.#\MBX@B68@3E4218.###

c:\documents and settings\Lars\WINDOWS

C:\install.exe

c:\program\SiL

c:\windows\$NtUninstallKB48641$

c:\windows\$NtUninstallKB48641$\3192913841\@

c:\windows\$NtUninstallKB48641$\3192913841\L\znrkwgjv

c:\windows\$NtUninstallKB48641$\3192913841\U\$00000001

c:\windows\$NtUninstallKB48641$\3192913841\U\$000000c0

c:\windows\$NtUninstallKB48641$\3192913841\U\$000000cb

c:\windows\$NtUninstallKB48641$\3192913841\U\$000000cf

c:\windows\$NtUninstallKB48641$\3192913841\U\$80000000

c:\windows\$NtUninstallKB48641$\3192913841\U\$800000c0

c:\windows\$NtUninstallKB48641$\3192913841\U\$800000cb

c:\windows\$NtUninstallKB48641$\3192913841\U\$800000cf

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\abc145d1825133a3.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\usmt\migwiz_a.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_H8SRTD.SYS

-------\Legacy_H8SRTD.SYS

.

.

(((((((((((((((((((((((( Filer skapade från 2011-12-02 till 2012-01-02 ))))))))))))))))))))))))))))))

.

.

2012-01-02 13:58 . 2012-01-02 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2011-12-07 14:54 . 2011-12-07 14:54 -------- d-----w- c:\program\ESET

2011-12-07 14:47 . 2012-01-02 14:46 -------- d-----w- c:\program\MALWAREBYTES ANTI-MALWARE

2011-12-05 16:33 . 2011-12-05 16:33 -------- d-----w- C:\_OTL

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 14:24 . 2010-01-12 15:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-01 22:08 . 2011-12-01 22:08 317200 ----a-w- C:\aswclear.exe

2011-12-01 14:13 . 2010-06-18 23:38 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-23 14:40 . 2007-10-29 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:13 . 2007-10-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2007-10-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2007-10-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2007-10-29 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2007-10-29 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:32 . 2007-10-29 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-26 10:49 . 2007-10-29 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 10:49 . 2004-08-04 01:25 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll

2011-10-18 11:13 . 2007-10-29 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2008-03-13 11:14 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-08 04:50 . 2011-08-09 20:01 919872 ----a-w- c:\windows\system32\nvdispco32.dll

2011-10-08 04:50 . 2011-08-09 20:01 877376 ----a-w- c:\windows\system32\nvgenco32.dll

2011-10-08 04:50 . 2011-06-01 20:18 331776 ----a-w- c:\windows\system32\nvrshe.dll

2011-10-08 04:50 . 2011-06-01 20:18 286720 ----a-w- c:\windows\system32\nvrsfr.dll

2011-10-08 04:50 . 2011-06-01 20:18 282624 ----a-w- c:\windows\system32\nvrsit.dll

2011-10-08 04:50 . 2011-06-01 20:18 282624 ----a-w- c:\windows\system32\nvrses.dll

2011-10-08 04:50 . 2011-06-01 20:18 282624 ----a-w- c:\windows\system32\nvrsel.dll

2011-10-08 04:50 . 2011-06-01 20:18 278528 ----a-w- c:\windows\system32\nvrsde.dll

2011-10-08 04:50 . 2011-06-01 20:18 274432 ----a-w- c:\windows\system32\nvrspt.dll

2011-10-08 04:50 . 2011-06-01 20:18 274432 ----a-w- c:\windows\system32\nvrsnl.dll

2011-10-08 04:50 . 2011-06-01 20:18 274432 ----a-w- c:\windows\system32\nvrsesm.dll

2011-10-08 04:50 . 2011-06-01 20:18 270336 ----a-w- c:\windows\system32\nvrsru.dll

2011-10-08 04:50 . 2011-06-01 20:18 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2011-10-08 04:50 . 2011-06-01 20:18 270336 ----a-w- c:\windows\system32\nvrsja.dll

2011-10-08 04:50 . 2011-06-01 20:18 266240 ----a-w- c:\windows\system32\nvrsko.dll

2011-10-08 04:50 . 2011-06-01 20:18 262144 ----a-w- c:\windows\system32\nvrshu.dll

2011-10-08 04:50 . 2011-06-01 20:18 258048 ----a-w- c:\windows\system32\nvrstr.dll

2011-10-08 04:50 . 2011-06-01 20:18 258048 ----a-w- c:\windows\system32\nvrssl.dll

2011-10-08 04:50 . 2011-06-01 20:18 258048 ----a-w- c:\windows\system32\nvrssk.dll

2011-10-08 04:50 . 2011-06-01 20:18 258048 ----a-w- c:\windows\system32\nvrspl.dll

2011-10-08 04:50 . 2011-06-01 20:18 253952 ----a-w- c:\windows\system32\nvrsth.dll

2011-10-08 04:50 . 2011-06-01 20:18 253952 ----a-w- c:\windows\system32\nvrssv.dll

2011-10-08 04:50 . 2011-06-01 20:18 253952 ----a-w- c:\windows\system32\nvrsno.dll

2011-10-08 04:50 . 2011-06-01 20:18 253952 ----a-w- c:\windows\system32\nvrsda.dll

2011-10-08 04:50 . 2011-06-01 20:18 249856 ----a-w- c:\windows\system32\nvrsfi.dll

2011-10-08 04:50 . 2011-06-01 20:18 249856 ----a-w- c:\windows\system32\nvrseng.dll

2011-10-08 04:50 . 2011-06-01 20:18 249856 ----a-w- c:\windows\system32\nvrscs.dll

2011-10-08 04:50 . 2011-06-01 20:18 229376 ----a-w- c:\windows\system32\nvrszhc.dll

2011-10-08 04:50 . 2011-06-01 20:18 126976 ----a-w- c:\windows\system32\nvrszht.dll

2011-10-08 04:50 . 2011-06-01 20:18 335872 ----a-w- c:\windows\system32\nvrsar.dll

2011-10-08 04:50 . 2011-04-30 16:11 65536 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-08 04:50 . 2011-04-30 16:11 2398016 ----a-w- c:\windows\system32\nvcuvid.dll

2011-10-08 04:50 . 2011-04-30 16:11 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-10-08 04:50 . 2011-04-30 16:11 17240064 ----a-w- c:\windows\system32\nvcompiler.dll

2011-10-08 04:50 . 2011-04-07 20:15 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-10-08 04:50 . 2011-04-07 20:15 54272 ----a-w- c:\windows\system32\nvwddi.dll

2011-10-08 04:50 . 2011-04-07 20:15 203072 ----a-w- c:\windows\system32\nvmctray.dll

2011-10-08 04:50 . 2011-04-07 20:15 16744256 ----a-w- c:\windows\system32\nvcpl.dll

2011-10-08 04:50 . 2011-04-07 20:15 298304 ----a-w- c:\windows\system32\nvsvc32.exe

2011-10-08 04:50 . 2011-04-07 20:15 220992 ----a-w- c:\windows\system32\nvcolor.exe

2011-10-08 04:50 . 2007-12-05 00:41 5595136 ----a-w- c:\windows\system32\nvcuda.dll

2011-10-08 04:50 . 2007-12-05 00:41 4226688 ----a-w- c:\windows\system32\nv4_disp.dll

2011-10-08 04:50 . 2007-12-05 00:41 2449408 ----a-w- c:\windows\system32\nvapi.dll

2011-10-08 04:50 . 2007-12-05 00:41 17956864 ----a-w- c:\windows\system32\nvoglnt.dll

2011-10-08 04:50 . 2007-12-05 00:41 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-10-07 03:48 . 2011-11-27 13:54 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{3BD33955-8A1F-4C3A-83CE-099308AD0E91}\mpengine.dll

2011-10-07 03:48 . 2009-04-29 15:12 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-03-15 18:15 . 2011-03-15 18:15 20188776 ----a-w- c:\program\CheetahDVDBurner.exe

2010-01-19 17:03 . 2010-01-19 17:03 13976672 ----a-w- c:\program\ichords2.exe

2009-09-02 18:54 . 2009-09-02 18:48 32829864 ----a-w- c:\program\AVSAudioEditor.exe

2008-05-05 19:42 . 2008-05-05 19:43 774144 ----a-w- c:\program\RngInterstitial.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-02 13:57 1574240 ----a-w- c:\program\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll" [2012-01-02 1574240]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-01-19 11:45 135168 ------w- c:\program\Alwil Software\Avast5\snxPlugins.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856]

"Pando Media Booster"="c:\program\Pando Networks\Media Booster\PMB.exe" [2011-10-27 3077528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]

"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]

"Diamondback"="c:\program\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]

"GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-07 273544]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"Launch LCore"="c:\program\Logitech Gaming Software\LCore.exe" [2011-07-28 101144]

"UpdatePDRShortCut"="c:\program\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"vProt"="c:\program\AVG Secure Search\vprot.exe" [2012-01-02 892768]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]

"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]

"nwiz"="c:\program\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 13:13 49152 ----a-w- c:\program\DELADE~1\Stardock\MCPStub.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\program\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]

2011-09-23 04:31 2404704 ----a-w- c:\program\AVG\AVG2012\avgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Sony Ericsson PCCompanion"=3 (0x3)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\World of Warcraft\\Launcher.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=

"c:\\Program\\Maxima-5.16.3\\wxMaxima\\wxMaxima.exe"=

"c:\\Program\\Ventrilo\\Ventrilo.exe"=

"c:\\Program\\Delade filer\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=

"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=

"c:\\Program\\Java\\jre6\\bin\\java.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Xfire\\Xfire.exe"=

"c:\\Program\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program\\World of Warcraft\\Launcher.patch.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program\\AVG\\AVG2012\\avgwdsvc.exe"=

"c:\\Program\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"1119:TCP"= 1119:TCP:Blizzard Downloader

"1120:TCP"= 1120:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

"8396:TCP"= 8396:TCP:League of Legends Launcher

"8396:UDP"= 8396:UDP:League of Legends Launcher

"6917:TCP"= 6917:TCP:League of Legends Launcher

"6917:UDP"= 6917:UDP:League of Legends Launcher

"8397:TCP"= 8397:TCP:League of Legends Launcher

"8397:UDP"= 8397:UDP:League of Legends Launcher

"6933:TCP"= 6933:TCP:League of Legends Launcher

"6933:UDP"= 6933:UDP:League of Legends Launcher

"6974:TCP"= 6974:TCP:League of Legends Launcher

"6974:UDP"= 6974:UDP:League of Legends Launcher

"6931:TCP"= 6931:TCP:League of Legends Launcher

"6931:UDP"= 6931:UDP:League of Legends Launcher

"8398:TCP"= 8398:TCP:League of Legends Launcher

"8398:UDP"= 8398:UDP:League of Legends Launcher

"8393:TCP"= 8393:TCP:League of Legends Lobby

"8393:UDP"= 8393:UDP:League of Legends Lobby

"8390:TCP"= 8390:TCP:League of Legends Game Client

"8390:UDP"= 8390:UDP:League of Legends Game Client

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

"58750:TCP"= 58750:TCP:Pando Media Booster

"58750:UDP"= 58750:UDP:Pando Media Booster

"58427:TCP"= 58427:TCP:Pando Media Booster

"58427:UDP"= 58427:UDP:Pando Media Booster

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-09-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-09-07 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-09-07 229840]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-09-07 295248]

R2 avgwd;AVG WatchDog;c:\program\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

R2 MBAMService;MBAMService;c:\program\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-12 652872]

R2 NAUpdate;@c:\program\Nero\Update\NASvc.exe,-200;c:\program\Nero\Update\NASvc.exe [2011-09-23 641832]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-30 2253120]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-05-23 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-08-19 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-08-19 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-08-19 16720]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-09-15 19720]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-09-15 14856]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-01-12 20464]

R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-03-14 13225]

S2 avgfws;AVG Firewall;c:\program\AVG\AVG2012\avgfws.exe [2011-08-19 2399560]

S2 AVGIDSAgent;AVGIDSAgent;c:\program\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-02-08 135664]

S3 appliandMP;appliandMP; [x]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-05-23 30944]

S3 CME_1394;CME_1394;c:\windows\system32\drivers\CME_1394.sys [2008-03-14 113664]

S3 CME_avs;CME_avs;c:\windows\system32\drivers\CME_avs.sys [2008-03-14 28672]

S3 cpudrv;cpudrv;\??\c:\program\SystemRequirementsLab\cpudrv.sys --> c:\program\SystemRequirementsLab\cpudrv.sys [?]

S3 DBKDRVR54;DBKDRVR54;\??\c:\program\Cheat Engine\dbk32.sys --> c:\program\Cheat Engine\dbk32.sys [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-10-19 13224]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [2010-02-08 135664]

S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-05-15 13312]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-10-31 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-10-31 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-10-31 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-10-31 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-10-31 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-10-31 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-10-31 110120]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-03-15 18432]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-11-01 155344]

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2011-12-07 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Scan and Repair.job

- c:\program\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-10-28 18:00]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-02-08 08:55]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-02-08 08:55]

.

2011-12-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

.

2012-01-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1788223648-725345543-1003.job

- c:\program\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]

.

2012-01-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1788223648-725345543-1003.job

- c:\program\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]

.

2012-01-02 c:\windows\Tasks\User_Feed_Synchronization-{06CB29FF-B097-4BAF-92E1-A6B704347D75}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://google.se/

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\program\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\Lars\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Save YouTube Video - c:\program\Delade filer\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm

IE: Save YouTube Video as MP3 - c:\program\Delade filer\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program\Delade filer\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

SafeBoot-WinDefend

AddRemove-CME Matrix K FW Audio Driver V2.27.0 Setup - c:\program\CME\Matrix_K_FW\uninst.exe Software\CME\1394AudioDriver_Matrix_K_FW\Setup

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-02 15:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_USERS\S-1-5-21-823518204-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

.

[HKEY_USERS\S-1-5-21-823518204-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BA54A59-77FF-5FD2-2113-3F8369CF91D8}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oahegkjmgnebigiabmldmeaikdhdhi"=hex:64,61,67,6b,6c,68,6e,6e,00,70

"oaddgjdhnlaaledpoonhpjlfngflpm"=hex:69,61,62,6d,68,65,6c,62,64,65,6d,64,61,65,

6b,64,6b,63,00,00

"najeilgonghdlkngpenmhgfeljbh"=hex:69,61,62,6d,68,65,6c,62,64,65,6d,64,61,65,

6b,64,6b,63,00,00

.

[HKEY_USERS\S-1-5-21-823518204-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EC5FD694-A651-4859-294C-B8E98966CFCD}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaojbopodaocmlnlmj"=hex:6b,61,63,64,6d,61,61,68,6d,6a,70,65,65,64,61,68,69,6e,

67,68,69,6c,00,7c

"haijpakljkllbdpe"=hex:6a,61,63,64,6e,61,68,67,70,6a,6c,6e,66,62,65,62,67,63,

6a,70,00,41

.

--------------------- DLL'er som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'winlogon.exe'(1708)

c:\program\DELADE~1\Stardock\mcpstub.dll

.

- - - - - - - > 'explorer.exe'(1388)

c:\program\Windows Media Player\wmpband.dll

c:\windows\system32\msi.dll

c:\program\DELADE~1\Stardock\MCPCore.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\IoctlSvc.exe

c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

c:\program\Delade filer\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

c:\program\DELADE~1\Stardock\SDMCP.exe

c:\windows\system32\RunDLL32.exe

c:\program\Razer\Diamondback 3G\razertra.exe

c:\program\Razer\Diamondback 3G\razerofa.exe

.

**************************************************************************

.

Sluttid: 2012-01-02 16:19:47 - datorn startades om.

ComboFix-quarantined-files.txt 2012-01-02 15:19

.

Före genomsökningen: 107 865 624 576 byte ledigt

Efter genomsökningen: 107 738 497 024 byte ledigt

.

- - End Of File - - 0F46FB8DE4A2C29991393C641704C55D

Currently I´m not experiencing any problems, I think I´ve got rid of the most infections. But you can´t be 100% sure. It felt like we had gone through everything when Maniac left, I was just waiting for a confirmation that my computer was cured when we replaced the Redbook.sys files. But maybe you can get back on his track and sort this out :)

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites
  • 1 month later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.