Just nu i M3-nätverket
Gå till innehåll

No-1

Medlem
  • Antal inlägg

    57
  • Gick med

  • Senaste besök

Allt postat av No-1

  1. Ja det funkade vid ytterligare en omstart. Det fanns ingen fil under C: med det namnet däremot låg det en i mappen Combofix som stämmer bra med tidpunkten. Den såg dock lite bristfällig ut: ComboFix 12-12-29.02 - 2012-12-29 11:11:34.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.14341 [GMT 1:00] Körs från: C:\Users\Kristofer - 1\Desktop\ComboFix.exe Kommandoväxlar som använts :: C:\Users\Kristofer - 1\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((( Filer skapade från 2012-11-28 till 2012-12-29 ))))))))))))))))))))))))))))))
  2. Hej! Dessvärre uppstod ett konstigt fel efter Combofix. Datorn startade om sig per automatik, vilket säkerligen var avsett, däremot fick jag ingen logg och vid inlogg på mitt infekterade konto så startade Combofix sig självt men blev hela tiden avslutat/försökte stängas när det öppnades vilket resulterade i att Combofix startade och avslutade sig okontrollerat = flimmer i det fönstret på skrivbordet. Jag bytte då användare (till admin) och återvände därefter till det infekterade kontot igen och då var Combofönstret stängt, men således ingen logg. Problem två är att jag nu som administratör inte längre har access till internet eftersom datorn säger att filer ändrats. So long so fine... Men när jag försöker ändra / felsöka som du tidigare beskrev (Kontrollpanelen - nätverksanslutningar) så kan jag inte det heller eftersom datorn säger att det är fel/att det saknas vissa filer. (bl.a. RUNDLL och någon mer fil) Jag kan dock surfa som vanligt på mitt infekterade konto. DDS ser ut som följer: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13905 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Kristofer - 1\AppData\Roaming\Spotify\spotify.exe C:\Users\Kristofer - 1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbengine.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\vds.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Skype\Updater\Updater.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{FBB10A48-4C68-43FC-B65E-DD076634270C} : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760] R0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-27 19224] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-27 233328] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-27 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-27 189608] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 161560] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-8-27 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-8-27 126392] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 363800] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-27 356632] R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-27 789272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-11-3 155320] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736] . =============== Created Last 30 ================ . 2012-12-29 10:16:49 -------- d-----w- C:\$RECYCLE.BIN 2012-12-29 10:13:52 -------- d-----w- C:\Users\Kristofer\AppData\Local\temp 2012-12-29 10:10:51 -------- d-----w- C:\ComboFix 2012-12-29 00:04:37 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F1CE8EE-421C-4BF6-B7F6-9EAE549FCB13}\mpengine.dll 2012-12-28 23:44:08 98816 ----a-w- C:\Windows\sed.exe 2012-12-28 23:44:08 256000 ----a-w- C:\Windows\PEV.exe 2012-12-28 23:44:08 208896 ----a-w- C:\Windows\MBR.exe 2012-12-28 18:21:18 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-28 17:28:40 -------- d-----w- C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185} 2012-12-28 17:28:26 -------- d-----w- C:\Users\Kristofer\AppData\Roaming\Personal 2012-12-21 21:04:27 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 21:04:27 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 21:04:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 21:04:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-11 18:32:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ==================== Find3M ==================== . 2012-12-14 23:18:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 23:18:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys . ============= FINISH: 11:26:09,06 ===============
  3. TDSSKiller hittade inget alls och heller således inget att sätta i karantän. Vet inte om det räckte så för det fanns ingen log etc. mer än att det stod noll på de tre raderna... Här kommer det andra: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-29 01:30:08 ----------------------------- 01:30:08.725 OS Version: Windows x64 6.1.7601 Service Pack 1 01:30:08.725 Number of processors: 8 586 0x3A09 01:30:10.004 Initialize success 01:31:07.326 AVAST engine defs: 12122801 01:31:14.502 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 01:31:14.502 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3 01:31:14.502 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 01:31:14.502 Disk 1 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3 01:31:14.518 Disk 0 MBR read successfully 01:31:14.518 Disk 0 MBR scan 01:31:14.518 Disk 0 Windows 7 default MBR code 01:31:14.533 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 01:31:14.565 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848 01:31:14.611 Disk 0 scanning C:\Windows\system32\drivers 01:31:28.152 Service scanning 01:31:46.654 Modules scanning 01:31:46.654 Disk 0 trace - called modules: 01:31:46.685 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 01:31:46.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d831790] 01:31:46.685 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa800d22ae40] 01:31:46.701 5 ACPI.sys[fffff88000f297a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d229050] 01:31:47.777 AVAST engine scan C:\Windows 01:31:51.381 AVAST engine scan C:\Windows\system32 01:34:20.938 AVAST engine scan C:\Windows\system32\drivers 01:34:31.375 AVAST engine scan C:\Users\Kristofer 01:36:26.362 Disk 0 MBR has been saved successfully to "C:\Users\Kristofer\Desktop\MBR.dat" 01:36:26.362 The log file has been saved successfully to "C:\Users\Kristofer\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-29 01:30:08 ----------------------------- 01:30:08.725 OS Version: Windows x64 6.1.7601 Service Pack 1 01:30:08.725 Number of processors: 8 586 0x3A09 01:30:10.004 Initialize success 01:31:07.326 AVAST engine defs: 12122801 01:31:14.502 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 01:31:14.502 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3 01:31:14.502 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 01:31:14.502 Disk 1 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3 01:31:14.518 Disk 0 MBR read successfully 01:31:14.518 Disk 0 MBR scan 01:31:14.518 Disk 0 Windows 7 default MBR code 01:31:14.533 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 01:31:14.565 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848 01:31:14.611 Disk 0 scanning C:\Windows\system32\drivers 01:31:28.152 Service scanning 01:31:46.654 Modules scanning 01:31:46.654 Disk 0 trace - called modules: 01:31:46.685 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 01:31:46.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d831790] 01:31:46.685 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa800d22ae40] 01:31:46.701 5 ACPI.sys[fffff88000f297a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d229050] 01:31:47.777 AVAST engine scan C:\Windows 01:31:51.381 AVAST engine scan C:\Windows\system32 01:34:20.938 AVAST engine scan C:\Windows\system32\drivers 01:34:31.375 AVAST engine scan C:\Users\Kristofer 01:36:26.362 Disk 0 MBR has been saved successfully to "C:\Users\Kristofer\Desktop\MBR.dat" 01:36:26.362 The log file has been saved successfully to "C:\Users\Kristofer\Desktop\aswMBR.txt" 01:37:33.671 Disk 0 MBR has been saved successfully to "C:\Users\Kristofer\Desktop\MBR.dat" 01:37:33.671 The log file has been saved successfully to "C:\Users\Kristofer\Desktop\aswMBR.txt" Däremot har det efter förra körningen uppstått en del saker: Skrivbordets bakgrundsbild blev samma på mitt konto (det infekterade) som på administratörens. Massa nya mappar dök upp på skrivbordet där en del sparades ner t.ex. en mapp med mitt namn och hela skrivbordet i och mappen ligger just på skrivbordet med alla de filerna också... skall sådant raderas? Datorn har t.ex. också fått en ikon (genväg) på skrivbordet, har inte funnits förut... etc.
  4. Well... här är det... RogueKiller V8.4.1 _x64_ [Dec 28 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode Mode : Remove -- Date : 12/29/2012 00:33:45 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1345392832-2581349035-1269282427-1001\$5e67c4ade7389ad96c76ce5fa0dcd2d9\@ --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1345392832-2581349035-1269282427-1001\$5e67c4ade7389ad96c76ce5fa0dcd2d9\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1345392832-2581349035-1269282427-1001\$5e67c4ade7389ad96c76ce5fa0dcd2d9\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> E:\windows\system32\config\SOFTWARE -> E:\Documents and Settings\Administratör\NTUSER.DAT -> E:\Documents and Settings\Default User\NTUSER.DAT -> E:\Documents and Settings\Kristofer\NTUSER.DAT -> E:\Documents and Settings\LocalService\NTUSER.DAT -> E:\Documents and Settings\NetworkService\NTUSER.DAT ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 +++++ --- User --- [MBR] ca59728e3a98146be6fe8bd5bb5199f5 [bSP] c5ca265d97398da1a35aad0dbbb280d6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD103SJ +++++ --- User --- [MBR] 63431229979095f84d15f265f8bbd094 [bSP] bbc7d10465252df158fb840619ee3381 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_12292012_02d0033.txt >> RKreport[1]_S_12282012_02d2106.txt ; RKreport[2]_D_12292012_02d0033.txt OCH SÅ COMBON! Ser en lurig sak... under Skapade filer 20121128-20121228 2012-12-28 15:15 . 2012-12-28 15:15 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js Denna posten stämmer med såväl tidpunkten för infektionen och namnet på en del som raderats. Frågan är om filen är helt väck. Detta kanske enbart är historia om du förstår vad jag menar över alla händelser som skett på datorn det senaste... HÄR ÄR COMBON: ComboFix 12-12-28.02 - 2012-12-29 0:44.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13489 [GMT 1:00] Körs från: c:\users\Kristofer - 1\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\dsgsdgdsgdsgw.pad c:\users\Kristofer - 1\hctyzrjhtrwllocgu.exe c:\users\Kristofer - 1\hhlcgdbfyxjbuuljil.exe c:\users\Kristofer - 1\oalwwvvithmnuuposp.exe c:\users\Kristofer - 1\sftxtqspxzrlgy.exe c:\users\Kristofer - 1\wgsdgsdgdsgsd.exe . . (((((((((((((((((((((((( Filer skapade från 2012-11-28 till 2012-12-28 )))))))))))))))))))))))))))))) . . 2012-12-28 23:47 . 2012-12-28 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-28 23:43 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E788089F-2E8F-4638-9D08-F1FEBDE06BC9}\mpengine.dll 2012-12-28 18:21 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-28 17:28 . 2012-12-28 17:28 -------- d-----w- c:\users\Kristofer\AppData\Roaming\Personal 2012-12-28 15:15 . 2012-12-28 15:15 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js 2012-12-21 21:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 21:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 21:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 21:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-03 20:00 . 2012-12-03 20:00 -------- d-----w- c:\users\Kristofer - 1\AppData\Roaming\dvdcss . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 23:18 . 2012-08-27 19:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 23:18 . 2012-08-27 19:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-11 22:32 . 2012-09-01 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-28 21:06 . 2012-11-28 21:06 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll 2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-16 21:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-16 21:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-16 21:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-16 21:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-11 18:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-16 21:44 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-16 21:44 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-16 21:44 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-16 21:44 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-16 21:44 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-16 21:44 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-16 21:44 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-16 21:44 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-16 21:44 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-16 21:44 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-16 21:44 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-10-02 18:15 . 2012-10-02 18:16 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 ppldopsy;ppldopsy;c:\windows\system32\drivers\ppldopsy.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760] S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632] S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272] . . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15] . 2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248] . ------- Extra genomsökning ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1" . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Sluttid: 2012-12-29 00:48:48 ComboFix-quarantined-files.txt 2012-12-28 23:48 . Före genomsökningen: 559 218 515 968 byte ledigt Efter genomsökningen: 559 711 825 920 byte ledigt . - - End Of File - - 4ED0B546F94B3E9D77B465CFA30A8A1E
  5. Här kommer dem! DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.14155 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Kristofer - 1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{FBB10A48-4C68-43FC-B65E-DD076634270C} : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760] R0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-27 19224] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-27 233328] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-27 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-27 189608] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 161560] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-8-27 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-8-27 126392] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 363800] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-27 356632] R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-27 789272] R3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-11-3 155320] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736] SUnknown xeydfaxb;xeydfaxb; [x] . =============== Created Last 30 ================ . 2012-12-28 19:22:48 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58F3E3EB-26BA-40D6-88B7-305CEC455560}\offreg.dll 2012-12-28 18:21:18 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58F3E3EB-26BA-40D6-88B7-305CEC455560}\mpengine.dll 2012-12-28 17:28:40 -------- d-----w- C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185} 2012-12-28 17:28:26 -------- d-----w- C:\Users\Kristofer\AppData\Roaming\Personal 2012-12-27 17:48:34 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-21 21:04:27 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 21:04:27 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 21:04:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 21:04:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-11 18:32:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-28 21:06:12 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll . ==================== Find3M ==================== . 2012-12-14 23:18:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 23:18:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys . ============= FINISH: 21:04:53,21 =============== Rougekiller: RogueKiller V8.4.1 _x64_ [Dec 28 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Kristofer [Admin rights] Mode : Scan -- Date : 12/28/2012 21:06:22 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1345392832-2581349035-1269282427-1001\$5e67c4ade7389ad96c76ce5fa0dcd2d9\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1345392832-2581349035-1269282427-1001\$5e67c4ade7389ad96c76ce5fa0dcd2d9\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1345392832-2581349035-1269282427-1001\$5e67c4ade7389ad96c76ce5fa0dcd2d9\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> E:\windows\system32\config\SOFTWARE -> E:\Documents and Settings\Administratör\NTUSER.DAT -> E:\Documents and Settings\Default User\NTUSER.DAT -> E:\Documents and Settings\Kristofer\NTUSER.DAT -> E:\Documents and Settings\LocalService\NTUSER.DAT -> E:\Documents and Settings\NetworkService\NTUSER.DAT ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 +++++ --- User --- [MBR] ca59728e3a98146be6fe8bd5bb5199f5 [bSP] c5ca265d97398da1a35aad0dbbb280d6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD103SJ +++++ --- User --- [MBR] 63431229979095f84d15f265f8bbd094 [bSP] bbc7d10465252df158fb840619ee3381 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12282012_02d2106.txt >> RKreport[1]_S_12282012_02d2106.txt
  6. Hej igen! Vid omstart av datorn (jag missade deleteknappen för att ändra bootordning för att köra från Win 7-skivan) skedde det märkliga att nu kunde jag direkt logga in på det infekterade kontot utan några problem, trots att jag själv inte utfört någon som helst åtgärd. Och när jag loggade in som administratör fick jag upp ett fönster (systemåterställning) där det stod att datorn ställts tillbaka till 23 november 2012. Frågan är om allt nu är OK utan ytterligare åtgärder?
  7. Så du menar att det räcker med att reparera Windows 7 via skivan? Det där programmet jag skulle ladda ner orsakade en säkerhetsvarning som säger att det inte är vanligt att man laddar ner detta program...
  8. Hej! Har ånyo infekterats med detta elände. Dessbättre i Win 7 denna gången så jag kan utan vidare byta konto och logga in som administratör vilket borde underlätta borttagningsprocessen? Har INTE gjort något försök att leta upp filen eller ens genomsökt datorn med antivirusprogram. Vill invänta experthjälp på hur jag helst bör göra! Bifogar dock min DDS redan nu, skulle vara tacksam för översyn. Frågan är om jag gjort rätt som kört DDS etc. inloggad som annan användare än det infekterade kotot men även med det infekterade kontot aktivt (bara bytt användare) Eller kanske måste genomsökningen göras från det låsta kontot? Hittade en eventuellt lurig sak under created last 30 xeydfaxb.sys som ligger i mappen system 32....? Nåt mer som krävs? DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.12324 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Users\Kristofer - 1\AppData\Roaming\Spotify\spotify.exe C:\Users\Kristofer - 1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Vuze\Azureus.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe C:\Program Files (x86)\Java\jre7\bin\java.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_5_502_135_ActiveX.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{FBB10A48-4C68-43FC-B65E-DD076634270C} : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760] R0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-27 19224] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-27 233328] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-27 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-27 189608] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 161560] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-8-27 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-8-27 126392] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 363800] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-27 356632] R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-27 789272] R3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S1 xeydfaxb;xeydfaxb;C:\Windows\System32\drivers\xeydfaxb.sys [2012-12-28 49872] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-11-3 155320] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736] . =============== Created Last 30 ================ . 2012-12-28 17:28:40 -------- d-----w- C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185} 2012-12-28 17:28:26 -------- d-----w- C:\Users\Kristofer\AppData\Roaming\Personal 2012-12-28 15:16:11 49872 ----a-w- C:\Windows\System32\drivers\xeydfaxb.sys 2012-12-28 15:16:00 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{986B7562-65C4-4440-ACFD-5A21BE46D49F}\offreg.dll 2012-12-27 17:48:34 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{986B7562-65C4-4440-ACFD-5A21BE46D49F}\mpengine.dll 2012-12-27 00:06:03 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-21 21:04:27 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 21:04:27 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 21:04:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 21:04:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-11 18:32:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-28 21:06:12 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll . ==================== Find3M ==================== . 2012-12-14 23:18:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 23:18:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys . ============= FINISH: 18:47:43,61 =============== Tack på förhand!
  9. Jag hade också problem att nå fram ens till valet mellan felsäkert läge och att starta Windows normalt efter ett par försök. Kanske hade jag tur som lyckades nå Windows igen... men det gick. Trägen vinner! Om du gett upp efter ett par försök så är det nog dessvärre läge för total ominstallation av Windows genom att följa Cecilias råd här... :/
  10. Sannolikt var det ett av mina 4 RAM-minnen.... körde MEMTEST 86 och fann närmare 4000 fel på ena stickan... minnet är nu reklamerat och utbytt! =)
  11. Hej Maria! Du verkar ha fått samma skräp som jag hade! Riktigt jobbig trojan kan jag lova! Jag skrev en tråd om detta den 18 juli, som heter Polisen Enheten för databrott //eforum.idg.se/topic/337062-polisen-enheten-for-databrott/page__p__1583747__fromsearch__1?do=findComment&comment=1583747 Läs där hur jag gjorde. Jag lyckades, dock med flera omstarter komma in i ordinarie Windows utan att göra någon ominstallation. Jag läste att du nu inte ens kom vidare för att ladda Windows, men ge det ett par försök i olika felsäkra lägen samt att välja Windows - Starta normalt. Det funkade för mig! INGA virusprogram eller andra anti-malwares hjälpte mig eftersom de inte ens hittade filen. Jag körde bl.a. Kaspersky och Malwarebytes... Oavsett om du försöker med felsäkert läge eller om du väljer att starta Windows normalt så kan du trycka ctrl+shift+esc precis när du kommer till Windows. OM du lyckas så startas aktivitetshanteraren... detta före att datorn låser sig med rutan om att du ska betala, alltså precis före att du får upp rutan om att betala 1000 kr, (vilket du givetvis absolut inte skall göra). Försök då avsluta själva programmet som orsakar att rutan kommer upp. När du får upp aktivitetshanteraren så leta snabbt upp programmet (oftast har de konstiga filnamn, i mitt fall hette den fest0r_ot.exe) och välj avsluta aktivitet! Den kan heta något annat i ditt fall men leta efter skumma filer, särskilt sådana med .exe på slutet. Om du lyckas komma till Windows och få upp aktivitetshanteraren men inte hittar rätt fil... fota skärmen eller filma den och lägg upp fotot här så ska vi se om vi kan lura ut vilken fil det är som skall tas bort! Allt ovanstående går på ett par mycket få sekunder, men OM du lyckas, pröva gärna flera gånger, så kommer du att komma in i din dator och kan då säkerhetskopiera allt samt få hjälp här att rensa bort trojanen. Jag lyckades komma in i Windows och kunde då säkerhetskopiera allt jag ville. Därefter så fick jag hjälp av Cecilia här att kontrollera så att allt skräp togs bort och det krävdes inte ens en ominstallation av Windows. OM du kommer in i Windows enligt min metod, så STÄNG ABSOLUT INTE AV DATORN förrän problemet är löst och datorn rensad! Lycka till!
  12. Hej! Jag har precis byggt en ny dator som jag fått igång. Installerade WIn 7 (64-bit) och allt fungerade, vad det verkade felfritt. Valde från början att enbart använda mig av 8 GB RAM (Köpte 16 GB = 4*4096 Corsair Vengeance LP CL9). Eftersom allt flöt på satte jag i min gamla hårddisk (Samsung Spinpoint F3 HD103SJ) samt de ytterligare 8 GB RAM-minnena. Jag fortsatte installera diverse drivrutiner, bl.a. de senaste för grafikkortet HD Radeon 5670, vilka jag tankade ner från ATI:s hemsida. Surfade därefter omkring lite på nätet och utforskade min dator. MEN helt plötsligt uppkom ett felmeddelande i Windows, vilket jag vill minnas handlade om fel i minnet. Jag tryckte då OK. Efter denna incident är datorn enormt instabil, och det har uppstått flera olika bluescreens. Datorn kan också krascha eller starta om utan förvarning. Den ger mig helt utan förvarning och när som helst bluescreens av olika slag. Bl.a. följande (se bifogade filer) Jag har också fått en bluescreen om Memory_Management som sammanfattningsvis säger att jag skall kontrollera så att hårdvara samt mjukvara är korrekt och fullständigt installerade. Teknisk information: STOP 0x0000001A. Jag har också fått en bluescreen med följande innehåll: irql_not_less_or_equal. Jag skall köra MEMTEST 86 men det verkar som jag har en gammal version av programmet eftersom det vägrar starta när jag bootar det från CD:n... Det kanske är konfigurerat för XP som jag hade tidigare... I vilket fall som helst har jag kört Windows 7 eget minnestest utan att finna några fel. Jag skall bränna en ny version av MEMTEST 86 från en annan dator under dagen. Någon som annars har en idé om vad som är fel? D.v.s. om det nu inte är minnena? Är det drivrutinerna för grafikkortet eller vad? Andra drivutiner? Är det fel på hårdvaran eller mjukvaran? Jag har ju knappt installerat något mer... Jo, Office 2007. mvh Kristofer fel 3.txt fel 4.txt fel 5.txt
  13. Tack för svar. Jag har dock hittills varit utan problem med Abit. Dock har de slutat göra moderkort alternativt gått i konkurs! Jag kunde nämligen inte få någon support av dem och hittade då det svaret via Google. Men en sak till är att jag tidigare hade ett likande fel, men sannolikt vad jag minns vid ett senare skede av uppstartsprocessen. Då var det nätaggregatet och vid ett tredje tillfälle var det faktiskt fel på Ram-minnet. Jag tror dock att jag får ge nätagget ett sista test annars har jag ju en riktigt bra anledning att belöna mig själv med en helt ny dator!! B-) Nån som enkelt vet hur man testar nätaggregatet?
  14. Hej! Jag har nog drabbats av datorförbannelsen! Tre olika fel på två veckor och den brukar ju fungera som en klocka! Nåväl, kommer hem och startar datorn. När jag kommer tillbaka till datorn efter uppstart så är muspekaren "fryst". Jag kan inte göra något så jag resetar manuellt på datorlådan. Därefter kommer inte datorn igång. Det som sker är att datorn går igång och stannar i påsatt läge utan skärmbild. På skärmen står det Ingen signal. Till saken hör att datorn INTE ens hinner till pipet vid uppstart innan den "stannar". Alltså det lyser fortfarande på flera ställen i datorn, fläktarna går (processer, systemfläkt och grafikkortsfläkt) och såväl hårddisklampan samt lampan för internetkabeln lyser, men alltså ingen fortsättning på uppstartsprocessen. Jag har regelbundet bytt ut delar i datorn och den senast köpta (knappt två år gammal) är just grafikkortet. Jag har provat att ta ut mina ram-minnen (haft det felet förr) och satt i dem separat etc. Enligt mitt moderkort som har koder (Abit AA8XE) så är det kod 9.0 då den stannar i uppstartsskedet. Det är sista koden i uppstartsprocessen (power on sequence) och då är datorn i detta läge: Complete Mikroguru initial process, AWARD BIOS take over booting job. Någon som vet vad som är fel? Grafikkortet igen? Kan det verkligen stoppa datorns uppstartsprocess? Moderkortet? Det verkar i vart fall inte vara Ram-minnena... Irriterande detta!!
  15. Simple as it can be! Jag prövade att köra en återställning av IE och Voila! Nu funkar det... frågan är hur något bara kan sluta fungera utan att man ändrat något. Men men så verkar det ha varit i vart fall. Det kan dock hända att jag inte varit inloggad på länge och att det var en rest från polis-infektionen eller så! THX! =)
  16. Här är resultatet av virusskanningen: C:\Documents and Settings\Kristofer\Application Data\Sun\Java\Deployment\cache\6.0\32\2b078a20-733175f8 a variant of Java/Exploit.Blacole.AN trojan C:\Documents and Settings\Kristofer\Application Data\Sun\Java\Deployment\cache\6.0\43\2ca7fa6b-1b165ae4 Java/Exploit.Agent.NBR trojan Börjar bli OTROLIGT frustrerad nu för jag förstår verkligen inte vad som är fel och det är min privata mejl som är drabbad. Har googlat etc och det finns många teorier i olika forum, någon pratar om DNS-fel. (Jag är mycket okunnig om sådant.) Jag har även kontaktat min bredbandsleverantör som inte ansågs sig ha något fel, detta var nämligen en teori i ett forum. Det mest frustrerande är att det inte ens går att mejla Microsoft om problemet, för såfort jag klickar på logga in, på någon support-sida hos dem, så är antagligen den inloggningen länkad på samma sätt som vid hotmail.com inloggning. Och således får jag bara återigen upp en vit ruta i IE med info längst ner till vänster (utropstecken klar) och helt blank sida. Jag har även prövat att tömma alla certifikat, historiken etc i IE.
  17. Hej igen! MSE hittade även denna Exploit:Java/CVE-2012-0507.D!ldr som ansågs vara allvarlig (sattes i karantän), resten togs bort. Kategori: Kryphål Beskrivning: Det här programmet är farligt och utnyttjar datorn som det körs på. Rekommenderad åtgärd: Ta bort programvaran omedelbart. Objekt: file:C:\Documents and Settings\Kristofer\Application Data\Sun\Java\Deployment\cache\6.0\1\ef55dc1-1f163a9f Nedan följer DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Kristofer at 17:21:44 on 2012-08-02 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2559.1860 [GMT 2:00] . AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program\ABIT\ABIT uGuru\uGuru.exe C:\Program\Voddler\service\VNetManager.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe C:\WINDOWS\ALCWZRD.EXE C:\Program\DivX\DivX Update\DivXUpdate.exe C:\Program\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\Program\Spotify\Data\SpotifyWebHelper.exe svchost.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program\Jamcast\jamcastsvc.exe C:\Program\Secunia\PSI\PSIA.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program\Secunia\PSI\sua.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nasdaqomxnordic.com/nordic/Nordic.aspx mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot - search & destroy\SDHelper.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program\ekort\EKortHelper.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program\ekort\EKortToolbar.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background uRun: [spybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe uRun: [spotify Web Helper] "c:\program\spotify\data\SpotifyWebHelper.exe" uRun: [skype] "c:\program\skype\phone\Skype.exe" /minimized /regrun mRun: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe mRun: [ABIT uGuru] c:\program\abit\abit uguru\uGuru.exe mRun: [GuruClock] c:\program\abit\abit uguru\GuruClock.exe mRun: [sony Ericsson PC Suite] "c:\program\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe mRun: [ATICustomerCare] "c:\program\ati\aticustomercare\ATICustomerCare.exe" mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [e-kort] c:\program\ekort\ekort.exe /dontopenmycards /Autostart mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe" mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [DivXUpdate] "c:\program\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [MSC] "c:\program\microsoft security client\msseces.exe" -hide -runkey dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\secuni~1.lnk - c:\program\secunia\psi\psi_tray.exe IE: E&xportera till Microsoft Excel - c:\program\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~4\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot - search & destroy\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289417172515 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{07499630-388D-4B08-8B63-3989AE170E7A} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-2 64512] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2010-11-10 10752] R1 MpKsl9fda0ffc;MpKsl9fda0ffc;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3dc840e4-d638-4606-8769-9f8d0f16bb1e}\MpKsl9fda0ffc.sys [2012-8-2 29904] R2 Jamcast;Jamcast;c:\program\jamcast\jamcastsvc.exe [2010-12-18 62704] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program\secunia\psi\psia.exe --start-service --> c:\program\secunia\psi\PSIA.exe --start-service [?] R2 Secunia Update Agent;Secunia Update Agent;c:\program\secunia\psi\sua.exe --start-service --> c:\program\secunia\psi\sua.exe --start-service [?] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136] R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2011-2-22 1039640] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-2-12 100368] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2011-3-2 2152152] S2 SkypeUpdate;Skype Updater;c:\program\skype\updater\Updater.exe [2012-7-3 160944] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2011-2-25 49904] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-10-9 13224] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program\lavasoft\ad-aware\kernexplorer.sys [2011-3-2 15232] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2011-10-9 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2011-10-9 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2011-10-9 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2011-10-9 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2011-10-9 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2011-10-9 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2011-10-9 115752] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2010-11-16 61536] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2010-11-16 9360] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2010-11-16 97088] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2010-11-16 88624] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2010-11-16 18704] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2010-11-16 86432] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2010-11-16 90800] S3 Sony PC Companion;Sony PC Companion;c:\program\sony\sony pc companion\PCCService.exe [2011-10-9 155320] . =============== Created Last 30 ================ . 2012-08-02 15:20:31 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3dc840e4-d638-4606-8769-9f8d0f16bb1e}\MpKsl9fda0ffc.sys 2012-08-02 15:02:28 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3dc840e4-d638-4606-8769-9f8d0f16bb1e}\mpengine.dll 2012-08-01 20:23:10 -------- d-----w- c:\program\DVD Shrink 2012-08-01 13:57:03 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-07-30 21:21:42 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-07-30 21:21:42 -------- d-----w- c:\windows\system32\wbem\Repository 2012-07-23 13:39:41 -------- d-----w- c:\program\Secunia 2012-07-15 11:14:00 -------- d-----w- c:\documents and settings\kristofer\application data\Malwarebytes 2012-07-14 20:16:10 -------- d-----w- c:\program\HitmanPro 2012-07-14 20:16:08 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro 2012-07-14 18:02:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes . ==================== Find3M ==================== . 2012-07-31 10:57:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-31 10:57:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-13 13:55:19 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-06 20:41:25 81920 ----a-w- c:\windows\ALCFDRTM.VER 2012-06-06 20:41:25 81920 ----a-w- c:\windows\ALCFDRTM.EXE 2012-06-05 15:49:58 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:49:58 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:34 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19:24 23064 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18:58 17648 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:03 602112 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09:37 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44:07 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44:07 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39:29 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:14:59 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14:57 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 17:21:58,59 =============== Attach bifogas. Funderade själv över dessa fynd: Junkmail filter VC80CRTRedist - 8.0.50727.6195 WebFldrs XP attach.txt
  18. Har nu kört en fullständig virussökning med Microsoft Security Essentials och hittade diverse otrevliga saker enligt programmet. Det som verkar mest suspekt är något som heter VirTool:Win32/Obfuscator.XI samt diverse varningar för Exploit:Java/ och därefter med olika ändelser och filer involverade. bl.a. en som heter Blagole.GD på slutet. Antar att det således krävs en ny runda med diverse registerscanningsprogram? MSE har satt programmet i karantän. Såhär säger MSE om Obfuscator: Kategori: Verktyg Beskrivning: Det här programmet används för att skapa virus, maskar och annan skadlig kod. Rekommenderad åtgärd: Ta bort programvaran omedelbart. Objekt: file:C:\System Volume Information\_restore{7760C53A-F526-4F1C-9CBC-EDA00FE4D707}\RP646\A0096010.exe Jag kan även surfa in på hotmail.com via min mobiltelefon som då är uppkopplad WIFI mot samma router som datorn.
  19. Jag har precis hittat en riktigt skum mapp av en slump! Den heter Tracing och ligger i Documents and settings och sen mitt användarnamn. I denna mapp finns en skum fil som är av formatet UCCAPILO-fil. Vad jag vet tror jag inte ens att mappen funnits där tidigare. Filen är associerade med MSN Messenger eftersom det står WindowsLiveMessenger-uccapi-0.uccapilog om man håller muspekaren över... Jag tycker det verkar rätt misstänkt! Orkar inte med detta!! Vid Googling på det namnet verkar det ges dubbla budskap om filen... är rädd att det är nån keylogger eller nåt...
  20. Hmm varför går det inte för mig då? Funkar inte alls... måste la vara nåt skräp i datorn då? Kan det vara en rest från tidigare problem för jag tror faktiskt inte att jag loggat in på hotmail via den sidan sedan dess...? Jag får upp att det är fel på sidan om jag klickar på din andra länk, d.v.s. den här: http://mail.live.com/ då ser det ut som bilden jag bifogar...
  21. Nej, alltså jag försökte köra en systemåterställning fyra dagar bakåt i tiden, valde i fredags. Det är lugnt ur perspektiv på den tidigare infektionen. Men nu fungerar alltså inte hotmail.com. Inte ens om jag söker upp hotmail.com på google och klickar på länken... Jag kan surfa hit http://se.msn.com/ sen klicka på hotmail uppe till vänster... sen försöker datorn gå till sidan och då kommer felet... :S Är det virus? Kan du surfa till log-in siten på hotmail.com?
  22. Då är frågan varför datorn (IE 8) inte tillåter mig att surfa till hotmail.com? Ok, tack! Körde en systemåterställning häromdagen, så de kan vara därför då.
  23. Hej! Är det fler än jag som har problem att surfa till hotmail.com? Kan ej logga in... det står bara att sidan innehåller fel... sen blir den blank. Däremot kan jag logga in på MSN och sedan få access till min andra mejl som är kopplad till mitt MSN-konto om jag går via messengers autoinlog (högerklick på MSN-ikonen sen: Inkorgen för e-post). Jag kan dessutom surfa till alla andra sidor vad det verkar! Har jag fått virus eller? Min kompis kan logga in på hotmail.com på sin dator. Jag fick ett meddelande från Microsoft Security Essentials som säger att det verkar finna en "skum" fil i registret som jag bifogar namnet på som en bifogad fil. Kan inte skriva in det här för det är en för lång söksträng.
  24. Tack för all hjälp! *bugar* Jag antar att du syftar på att websidorna laddas trögt? Det är framförallt t.ex. GP.se som jag i jämförelse med en del andra datorer märker skillnad på. Min dator stannar upp innan den laddar in hela sidan vilket gör att om jag då skrollar (under tiden som sidan laddas) så far sidan upp och ner en kort stund. Och detta upprepas varje gång jag klickar på en artikel inne på sidan, vilket väcker viss irritation. (Pröva själv om du har samma problem) Detta menar jag inte alls sker i samma utsträckning på en del andra datorer jag surfar på. Jag har ändå 100 mbit fibernät i väggen här hemma. Vad kan vara fel? Menar du att det skulle vara relaterat till gamla versioner av program som jag hade installerade? Jag har nu tömt datorn d.v.s. avinstallerat och bytt lösenord och följt de råd du gav mig. Den där trojanen som du beskrev i punkt två verkar inte direkt vara något man vill ha... Men den har väl inte jag?
  25. Senaste OTL för de två sista filerna: ========== OTL ========== Service raoetaji stopped successfully! Service raoetaji deleted successfully! File C:\WINDOWS\system32\drivers\raoetaji.sys File not found not found. Service psepawfg stopped successfully! Service psepawfg deleted successfully! File C:\WINDOWS\system32\drivers\psepawfg.sys File not found not found. ========== COMMANDS ========== Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.54.0 log created on 07202012_234651 DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Kristofer at 23:50:55 on 2012-07-20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2559.1955 [GMT 2:00] . AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program\ABIT\ABIT uGuru\uGuru.exe C:\Program\Voddler\service\VNetManager.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe C:\WINDOWS\ALCWZRD.EXE C:\Program\Delade filer\Java\Java Update\jusched.exe C:\Program\DivX\DivX Update\DivXUpdate.exe C:\Program\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\Program\Spotify\Data\SpotifyWebHelper.exe C:\Program\Skype\Phone\Skype.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe svchost.exe C:\Program\Jamcast\jamcastsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nasdaqomxnordic.com/nordic/Nordic.aspx mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program\ekort\EKortHelper.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program\ekort\EKortToolbar.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background uRun: [spybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe uRun: [spotify Web Helper] "c:\program\spotify\data\SpotifyWebHelper.exe" uRun: [skype] "c:\program\skype\phone\Skype.exe" /minimized /regrun mRun: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe mRun: [ABIT uGuru] c:\program\abit\abit uguru\uGuru.exe mRun: [GuruClock] c:\program\abit\abit uguru\GuruClock.exe mRun: [sony Ericsson PC Suite] "c:\program\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe mRun: [ATICustomerCare] "c:\program\ati\aticustomercare\ATICustomerCare.exe" mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [e-kort] c:\program\ekort\ekort.exe /dontopenmycards /Autostart mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe" mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [MSC] "c:\program\microsoft security client\msseces.exe" -hide -runkey dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe IE: E&xportera till Microsoft Excel - c:\program\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~4\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot - search & destroy\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289417172515 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{07499630-388D-4B08-8B63-3989AE170E7A} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-2 64512] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2010-11-10 10752] R2 Jamcast;Jamcast;c:\program\jamcast\jamcastsvc.exe [2010-12-18 62704] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136] R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2011-2-22 1039640] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-2-12 100368] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2011-3-2 2152152] S2 SkypeUpdate;Skype Updater;c:\program\skype\updater\Updater.exe [2012-7-3 160944] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2011-2-25 49904] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-10-9 13224] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2011-10-9 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2011-10-9 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2011-10-9 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2011-10-9 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2011-10-9 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2011-10-9 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2011-10-9 115752] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2010-11-16 61536] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2010-11-16 9360] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2010-11-16 97088] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2010-11-16 88624] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2010-11-16 18704] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2010-11-16 86432] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2010-11-16 90800] S3 Sony PC Companion;Sony PC Companion;c:\program\sony\sony pc companion\PCCService.exe [2011-10-9 155320] . =============== Created Last 30 ================ . 2012-07-20 15:48:01 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22315598-ebff-4e97-a961-52ad218701b7}\mpengine.dll 2012-07-20 13:58:58 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-07-20 13:33:53 -------- d-----w- C:\_OTL 2012-07-15 11:14:00 -------- d-----w- c:\documents and settings\kristofer\application data\Malwarebytes 2012-07-14 20:16:10 -------- d-----w- c:\program\HitmanPro 2012-07-14 20:16:08 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro 2012-07-14 18:02:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes . ==================== Find3M ==================== . 2012-06-13 13:55:19 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 17:46:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-12 17:46:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-06 20:41:25 81920 ----a-w- c:\windows\ALCFDRTM.VER 2012-06-06 20:41:25 81920 ----a-w- c:\windows\ALCFDRTM.EXE 2012-06-05 15:49:58 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:49:58 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:34 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19:24 23064 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18:58 17648 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:03 602112 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09:37 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44:07 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44:07 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39:29 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:14:59 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14:57 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 23:51:38,87 =============== And now? =)
×
×
  • Skapa nytt...