Just nu i M3-nätverket
Jump to content

Seg dator med msn-virus


Zyren

Recommended Posts

Hej!

 

Jag skulle behöva hjälp med att bli av med ett msn-virus. Samtidigt som detta virus kom känns det som att datorn även blivit seg.

 

Hoppas någon vill hjälpa mig.

 

Bifogar DDS.txt och Attach.zip

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by G”ran at 20:26:11,72 on 2010-06-14

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_15

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3070.1688 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\stacsv.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Users\Public\msnl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Göran\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.club-vaio.com

mDefault_Page_URL = hxxp://www.club-vaio.com

uInternet Settings,ProxyOverride = *.local

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Windows System Guard] c:\users\public\msnl.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [Windows System Guard] c:\users\public\msnl.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: intervideo.com

Trusted Zone: intervideo.com\www

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.hagebyfestivalen.com/auth/controls/IlosoftImageUpload.dll

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: VESWinlogon - VESWinlogon.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\gran~1\appdata\roaming\mozilla\firefox\profiles\jhfsamvj.default\

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin2.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin3.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin4.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin5.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin6.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-3 164048]

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-3 19024]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-3 51792]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 40384]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 40384]

R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-7-26 75008]

R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-7-26 43904]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-7-26 812544]

R3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-6-12 673136]

S2 gupdate1c98dd6f433e397;Tjänsten Google Update (gupdate1c98dd6f433e397);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-7-26 28464]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368]

S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-8-18 745472]

S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-8-18 397312]

S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-8-18 1089536]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-8-18 292152]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-5-31 87328]

 

============== File Associations ===============

 

.txt=

 

=============== Created Last 30 ================

 

2010-06-10 17:30:03 67072 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-10 17:29:29 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-06-10 17:29:25 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-06-10 17:27:57 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-05-26 11:18:24 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-18 00:19:52 738816 ----a-w- c:\windows\system32\inetcomm.dll

 

==================== Find3M ====================

 

2010-06-14 18:26:14 2359296 --sha-w- c:\users\göran\ntuser.dat

2010-06-14 14:30:01 4268 ----a-w- c:\windows\bthservsdp.dat

2010-06-12 07:46:06 597836 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-12 07:46:06 117416 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-06 20:34:10 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-24 21:46:14 86016 ----a-w- c:\windows\inf\infstor.dat

2009-12-24 21:46:14 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-12-24 21:46:14 51200 ----a-w- c:\windows\inf\infpub.dat

2009-12-24 21:46:14 143360 ----a-w- c:\windows\inf\infstrng.dat

2008-09-20 17:30:02 174 --sha-w- c:\program files\desktop.ini

2007-07-26 20:53:50 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2007-07-26 20:53:50 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2007-07-26 20:53:50 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2007-07-26 20:53:50 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2010-01-09 20:46:28 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat

2010-01-09 20:46:28 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat

2010-01-09 20:46:28 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

2009-06-25 16:18:50 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-10-17 06:53:24 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-01-24 18:56:18 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat

2008-01-24 18:56:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008012420080125\index.dat

 

============= FINISH: 20:28:32,97 ===============

Attach.zip

Link to comment
Share on other sites

Hej,

installera Malwarebytes och kör en ssabbskanner, så får vi se vad den hittar.

Malwarebytes' Anti-Malware : Malwarebytes

Följ programmets instruktioner.

Återkom med logg efter avslutad körning.

Om det av någon anledning inte går att installera eller köra Malwarebytes, återkom direkt.

Mvh

Mats H

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4198

 

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18928

 

2010-06-14 21:52:04

mbam-log-2010-06-14 (21-52-04).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 157776

Förfluten tid: 7 minut(er), 44 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 2

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 3

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (Trojan.Mnless) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (Trojan.Mnless) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Users\Public\msnl.exe (Trojan.Mnless) -> Quarantined and deleted successfully.

C:\Users\Göran\AppData\Local\Temp\hkm.exe (Trojan.Mnless) -> Quarantined and deleted successfully.

C:\Windows\System32\winsvncs.txt (Malware.Trace) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

Hej,

hur verkar datorn nu?

Kan du nu köra en DDS till?

Räcker med loggen!

Mvh

Mats H

 

Hej, den känns bättre. Hoppas att maleware lyckades ta bort allt. Du ser inget annat lustigt?

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by G”ran at 22:09:22,57 on 2010-06-14

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_15

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3070.1851 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\stacsv.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Users\Göran\Desktop\dds.scr

C:\Windows\system32\conime.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.club-vaio.com

mDefault_Page_URL = hxxp://www.club-vaio.com

uInternet Settings,ProxyOverride = *.local

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: intervideo.com

Trusted Zone: intervideo.com\www

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.hagebyfestivalen.com/auth/controls/IlosoftImageUpload.dll

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: VESWinlogon - VESWinlogon.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\gran~1\appdata\roaming\mozilla\firefox\profiles\jhfsamvj.default\

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin2.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin3.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin4.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin5.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin6.dll

FF - plugin: c:\program\quicktime\plugins\npqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-3 164048]

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-3 19024]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-3 51792]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 40384]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 40384]

R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-7-26 75008]

R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-7-26 43904]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-7-26 812544]

R3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-6-12 673136]

S2 gupdate1c98dd6f433e397;Tjänsten Google Update (gupdate1c98dd6f433e397);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-7-26 28464]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368]

S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-8-18 745472]

S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-8-18 397312]

S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-8-18 1089536]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-8-18 292152]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-5-31 87328]

 

============== File Associations ===============

 

.txt=

 

=============== Created Last 30 ================

 

2010-06-14 19:29:15 0 d-----w- c:\users\gran~1\appdata\roaming\Malwarebytes

2010-06-14 19:28:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-14 19:28:58 0 d-----w- c:\programdata\Malwarebytes

2010-06-14 19:28:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-14 19:28:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 17:30:03 67072 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-10 17:29:29 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-06-10 17:29:25 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-06-10 17:27:57 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-05-26 11:18:24 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-18 00:19:52 738816 ----a-w- c:\windows\system32\inetcomm.dll

 

==================== Find3M ====================

 

2010-06-14 20:09:26 2359296 --sha-w- c:\users\göran\ntuser.dat

2010-06-14 19:30:08 4268 ----a-w- c:\windows\bthservsdp.dat

2010-06-12 07:46:06 597836 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-12 07:46:06 117416 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-06 20:34:10 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-24 21:46:14 86016 ----a-w- c:\windows\inf\infstor.dat

2009-12-24 21:46:14 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-12-24 21:46:14 51200 ----a-w- c:\windows\inf\infpub.dat

2009-12-24 21:46:14 143360 ----a-w- c:\windows\inf\infstrng.dat

2008-09-20 17:30:02 174 --sha-w- c:\program files\desktop.ini

2007-07-26 20:53:50 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2007-07-26 20:53:50 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2007-07-26 20:53:50 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2007-07-26 20:53:50 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2010-01-09 20:46:28 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat

2010-01-09 20:46:28 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat

2010-01-09 20:46:28 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

2009-06-25 16:18:50 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-10-17 06:53:24 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-01-24 18:56:18 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat

2008-01-24 18:56:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008012420080125\index.dat

 

============= FINISH: 22:12:34,59 ===============

Link to comment
Share on other sites

Hej,

nej jag hittar inget anmärkningsvärt.

Avinstallera följande gamla Java versioner, kontrollpanelen Lägg till/ Ta bort program

Java SE Runtime Environment 6 Update 1

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java 6 Update 15

Installera Java 6 Update 20 http://www.java.com/sv/

 

Uppdatera:

Adobe Reader 8.1.3 - Svenska, starta programmet, titta under hjälp i meny raden, sök efter uppdateringar.

Version 9.3.2

Avsluta med att köra en diskrensning, se systemverktyg i Program.

 

Återkom om du har några frågor.

Mvh

Mats H

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...