Just nu i M3-nätverket
Jump to content

Vad är detta? THINKPOINT


gallstax

Recommended Posts

Jag får upp ett program som vill scanna min dator. Den hittar en massa fel och säger på slutet "I need a heuristic program", som man kan få köpa för runt 90 dollar.

Vet inte hur jag skall göra eftersom det är svårt att få bort eller komma förbi programmet.

Här följer en DDS-rapport om det kan vara till hjälp?

 

 

DDS (Ver_10-10-10.03) - NTFSx86

Run by Bj”rn at 21:10:55,97 on 2010-10-17

Internet Explorer: 8.0.6001.18975

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1790.1131 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Windows\system32\DllHost.exe

C:\Windows\explorer.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Björn\Documents\Setup\DDS\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=c:\windows\system32\userinit.exe

uWinlogon: Shell=c:\users\björn\appdata\roaming\hotfix.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Power2GoExpress]

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [skytel] Skytel.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download All with FlashGet - c:\progra~1\flashget\jc_all.htm

IE: &Download with FlashGet - c:\progra~1\flashget\jc_link.htm

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\FlashGet.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldsv-se.cab

DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

 

============= SERVICES / DRIVERS ===============

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-3 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101015.003\IDSvix86.sys [2010-10-13 353840]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67656]

R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-2-3 5120]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]

R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2006-12-19 81408]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-2-3 48688]

R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-5 42368]

S2 gupdate1c9b773b1434e9a;Tjänsten Google Update (gupdate1c9b773b1434e9a);c:\program files\google\update\GoogleUpdate.exe [2009-4-7 133104]

S3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2008-12-19 120960]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]

S4 DAHIDI;DAHIDI;c:\windows\system32\drivers\iMON_SS.sys [2008-12-19 24714]

S4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-12-19 150568]

S4 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2008-12-19 272424]

S4 sertouch;sertouch;c:\windows\system32\drivers\sertouch.sys [2008-12-19 107264]

S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2008-12-19 110128]

S4 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-12-19 21048]

S4 xtouch;xtouch;c:\windows\system32\drivers\xtouch.sys [2008-12-19 103936]

 

=============== Created Last 30 ================

 

2010-10-17 17:33:41 522240 ----a-w- c:\users\bjrn~1\appdata\roaming\hotfix.exe

2010-10-17 17:33:41 322 ----a-w- c:\users\bjrn~1\appdata\roaming\40768.bat

2010-10-15 09:56:30 168960 ----a-w- c:\program files\windows media player\wmplayer.exe

2010-10-15 09:56:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-10-05 13:56:51 133 ----a-w- c:\users\bjrn~1\appdata\roaming\srsf.bat

2010-10-05 10:20:12 -------- d-----w- c:\program files\Personal

2010-10-05 10:19:13 42368 ----a-w- c:\windows\system32\drivers\shbecr.sys

2010-10-05 10:18:34 -------- d-----w- c:\users\bjrn~1\appdata\local\Handelsbanken

2010-10-05 10:18:15 -------- d-----w- c:\users\bjrn~1\appdata\roaming\TiFiC

2010-10-05 10:18:15 -------- d-----w- c:\users\bjrn~1\appdata\local\TiFiC

2010-10-05 10:17:57 -------- d-----w- c:\program files\TiFiC

2010-10-05 10:17:43 -------- d-----w- c:\program files\common files\TiFiC

2010-10-01 08:53:45 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-01 08:52:45 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

2010-09-27 07:22:03 -------- d-----w- c:\program files\iPod

2010-09-27 07:22:02 -------- d-----w- c:\program files\iTunes

2010-09-22 16:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2010-09-22 07:55:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-09-22 07:55:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-09-22 07:55:02 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-09-22 07:49:23 -------- d-----w- c:\program files\Bonjour

 

==================== Find3M ====================

 

2010-09-12 14:03:17 203776 --sh--w- c:\progra~2\unrar.exe

2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec

2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll

2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll

2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys

2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll

2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll

2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

2010-07-27 16:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-07-27 16:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-07-27 16:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

 

============= FINISH: 21:11:18,73 ===============

Link to comment
Share on other sites

Hej,

saknar Attach.txt som också skapas i samband med körningen av DDS.

Kan du posta den med, endera bifoga genom att använda Full Redigerare, eller klistra in som du gjorde med DDS.txt

Mvh

Mats H

Link to comment
Share on other sites

Hej Mats H!

 

Jag körde Anti-Malware redan igår, utan problem.

Här kommer dagens Attach.txt:

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-10-10.03)

 

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 2008-12-19 09:10:30

System Uptime: 2010-10-18 15:27:11 (1 hours ago)

 

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7501

Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | CPU 1 | 2594/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 233 GiB total, 165,536 GiB free.

D: is CDROM ()

E: is Removable

G: is FIXED (FAT32) - 76 GiB total, 8,916 GiB free.

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP191: 2010-05-26 21:51:22 - Windows Update

RP192: 2010-06-03 22:18:32 - Windows Update

RP194: 2010-06-09 11:46:18 - Installationsprogram för Windows-moduler

RP195: 2010-06-09 11:46:51 - Installationsprogram för Windows-moduler

RP196: 2010-06-09 11:47:38 - Installationsprogram för Windows-moduler

RP197: 2010-06-09 11:48:34 - Installationsprogram för Windows-moduler

RP198: 2010-06-16 11:48:51 - Windows Säkerhetskopiering

RP199: 2010-06-23 12:17:10 - Windows Update

RP200: 2010-07-17 14:07:33 - Windows Update

RP201: 2010-07-18 15:20:36 - Windows Säkerhetskopiering

RP202: 2010-08-03 11:52:52 - Windows Update

RP203: 2010-08-15 18:04:07 - Windows Update

RP204: 2010-08-20 17:28:08 - Windows Säkerhetskopiering

RP205: 2010-09-09 08:37:44 - Windows Update

RP206: 2010-09-09 12:37:50 - Installed Java 6 Update 21

RP207: 2010-09-15 16:44:07 - Removed LimeWire Toolbar.

RP208: 2010-09-15 19:56:03 - Removed Java 6 Update 7

RP209: 2010-09-15 19:57:56 - Removed Java 6 Update 18

RP210: 2010-09-16 11:26:12 - Windows Update

RP211: 2010-09-17 14:20:49 - Schemalagd kontrollpunkt

RP212: 2010-09-21 14:47:18 - Windows Säkerhetskopiering

RP213: 2010-09-22 09:49:42 - Installation av enhetsdrivrutinspaket: Apple, Inc. USB-styrenheter

RP214: 2010-09-22 09:50:23 - Installation av enhetsdrivrutinspaket: Apple Nätverkskort

RP215: 2010-10-02 14:02:00 - Windows Update

RP216: 2010-10-05 12:19:15 - Installation av enhetsdrivrutinspaket: Todos Data System AB Smartkortsläsare

RP217: 2010-10-07 17:45:13 - Windows Update

RP218: 2010-10-09 11:32:33 - Windows Update

RP219: 2010-10-15 13:33:37 - Windows Update

 

==== Installed Programs ======================

 

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.0 - Svenska

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5.5

ATI Catalyst Install Manager

BankID säkerhetsprogram 4.10.4

Bonjour

Business Contact Manager för Outlook 2007 SP2

Canon CanoScan Toolbox 5.0

CanoScan 4400F

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

CATraxx 2000

ccc-core-static

ccc-utility

CCC Help English

CCleaner

CleanMem

DivX Converter

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

DVD Suite

DX-Ball 1.09

Easy Bridge

EO Video 1.36

FlashGet 1.9.6.1073

Free Tetrix

GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)

getPlus® for Adobe

Google Chrome

Google Earth

Google Update Helper

Handelsbanken Installationsguide

HandyBits File Shredder

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Indeo® Software

Intel A/V Codecs V2.0

IrfanView (remove only)

iTunes

Java Auto Updater

Java 6 Update 21

LightScribe System Software 1.12.33.2

LimeWire 5.5.14

Malwarebytes' Anti-Malware

MediaShow

Microsoft .NET Framework 3.5 Language Pack SP1 - sve

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

miFiles - My Internet Files

MosChip Multi-IO Controller

Move Networks Media Player for Internet Explorer

MP4 Player

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicTime Deluxe 3.5.5

Nero 8 Essentials

neroxml

Norton Internet Security

Norton Security Scan

OGA Notifier 2.0.0048.0

OpenOffice.org 3.2

PhotoNow!

Power2Go 5.0

PowerBackup

PowerDirector Express

PowerDVD

PowerDVD Copy

PowerProducer

Presto! PageManager 7.15.13

QuickTime

RealPlayer

Realtek High Definition Audio Driver

ReNamer

Samsung CLP-310 Series

ScanSoft OmniPage SE 4.0

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Sibelius Scorch (ActiveX Only)

SIW version 2009-09-09

Skins

Spelling Dictionaries Support For Adobe Reader 9

Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve

Startprogram för installationen av Microsoft Works 2001

SUPERAntiSpyware Free Edition

Symantec Technical Support Web Controls

TweakNow RegCleaner

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.4053

Windows Driver Package - Todos Data System AB (Tdsshbecr) SmartCardReader (05/30/2008 1.0.9.2)

Windows Live Communications Platform

Windows Live Essentials

Windows Live inloggningsassistenten

Windows Live Messenger

Windows Live Upload Tool

WinRAR archiver

VLC media player 1.1.4

Works-synkronisering

Works Suite OS-paket

Xvid 1.1.3 final uninstall

Link to comment
Share on other sites

Hittade MBAM något igår? För det brukar kunna åtgärda åtminstone en av de misstänkta filer som syns i DDS-loggen. Har du kommit ihåg att uppdatera MBAM?

Link to comment
Share on other sites

Jag kör MBAM version 1.46 2010-04-30. Det finns ingen senare vad jag kan se...

SÅ här ser rapporten ut, helt ok tycker jag:

 

Björn

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4621

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

 

2010-10-18 17:24:24

mbam-log-2010-10-18 (17-24-24).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 134421

Förfluten tid: 4 minut(er), 58 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

Link to comment
Share on other sites

He,

kan du köra om Malwarebytes en gång till, när du startat programmet se efter fliken Uppdatera, 3: från vänster.

Tryck på den och låt Malwarebytes uppdatera, kör sedan en ny skanner.

Återkom med logg.

Mvh

Mats H

Link to comment
Share on other sites

Hej!

 

Idag kom inte ThinkPoint upp när jag startade datorn, märkligt nog.

Kanske MBAM fixade det igår?

Har uppdaterat MBAM, som du sa, och här ser du resultatet:

 

Björn

 

Den hittade en infekterad fil, som jag tog bort!!

Vet du möjligen vad det är för typ av virus?

 

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4880

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

 

2010-10-19 13:44:55

mbam-log-2010-10-19 (13-44-55).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 136540

Förfluten tid: 5 minut(er), 14 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Users\Björn\AppData\Roaming\srsf.bat (Malware.Trace) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

Hej,

jag föreslår att vi fortsätter och tar en en titt till i din dator.

Den hittade filen, har ofta en eller annan följeslagare.

Kör en DDS till, så får vi se.

Mvh

Mats H

Link to comment
Share on other sites

Ursäkta dröjsmålet, har varit på en liten resa.

 

Här kommer dds.txt:

 

--------------------------------------------------------------------------------------

DDS (Ver_10-10-10.03) - NTFSx86

Run by Bj”rn at 16:44:50,46 on 2010-10-21

Internet Explorer: 8.0.6001.18975

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1790.906 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Björn\Documents\Setup\DDS\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Power2GoExpress]

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [skytel] Skytel.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download All with FlashGet - c:\progra~1\flashget\jc_all.htm

IE: &Download with FlashGet - c:\progra~1\flashget\jc_link.htm

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\FlashGet.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldsv-se.cab

DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

 

============= SERVICES / DRIVERS ===============

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-3 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101020.001\IDSvix86.sys [2010-10-19 353840]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67656]

R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-2-3 5120]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]

R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2006-12-19 81408]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-2-3 48688]

R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-5 42368]

S2 gupdate1c9b773b1434e9a;Tjänsten Google Update (gupdate1c9b773b1434e9a);c:\program files\google\update\GoogleUpdate.exe [2009-4-7 133104]

S3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2008-12-19 120960]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]

S4 DAHIDI;DAHIDI;c:\windows\system32\drivers\iMON_SS.sys [2008-12-19 24714]

S4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-12-19 150568]

S4 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2008-12-19 272424]

S4 sertouch;sertouch;c:\windows\system32\drivers\sertouch.sys [2008-12-19 107264]

S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2008-12-19 110128]

S4 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-12-19 21048]

S4 xtouch;xtouch;c:\windows\system32\drivers\xtouch.sys [2008-12-19 103936]

 

=============== Created Last 30 ================

 

2010-10-17 17:33:41 322 ----a-w- c:\users\bjrn~1\appdata\roaming\40768.bat

2010-10-15 09:56:30 168960 ----a-w- c:\program files\windows media player\wmplayer.exe

2010-10-15 09:56:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-10-05 10:20:12 -------- d-----w- c:\program files\Personal

2010-10-05 10:19:13 42368 ----a-w- c:\windows\system32\drivers\shbecr.sys

2010-10-05 10:18:34 -------- d-----w- c:\users\bjrn~1\appdata\local\Handelsbanken

2010-10-05 10:18:15 -------- d-----w- c:\users\bjrn~1\appdata\roaming\TiFiC

2010-10-05 10:18:15 -------- d-----w- c:\users\bjrn~1\appdata\local\TiFiC

2010-10-05 10:17:57 -------- d-----w- c:\program files\TiFiC

2010-10-05 10:17:43 -------- d-----w- c:\program files\common files\TiFiC

2010-10-01 08:53:45 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-01 08:52:45 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

2010-09-27 07:22:03 -------- d-----w- c:\program files\iPod

2010-09-27 07:22:02 -------- d-----w- c:\program files\iTunes

2010-09-22 16:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2010-09-22 07:55:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-09-22 07:55:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-09-22 07:55:02 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-09-22 07:49:23 -------- d-----w- c:\program files\Bonjour

 

==================== Find3M ====================

 

2010-09-12 14:03:17 203776 --sh--w- c:\progra~2\unrar.exe

2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec

2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll

2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll

2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys

2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll

2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll

2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

2010-07-27 16:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-07-27 16:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-07-27 16:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

 

============= FINISH: 16:45:29,29 ===============

 

 

Och här kommer DDS-attach.txt

 

--------------------------------------------------------------------------------------

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-10-10.03)

 

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 2008-12-19 09:10:30

System Uptime: 2010-10-21 16:19:06 (0 hours ago)

 

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7501

Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | CPU 1 | 2594/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 233 GiB total, 164,979 GiB free.

D: is CDROM ()

E: is Removable

G: is FIXED (FAT32) - 76 GiB total, 8,916 GiB free.

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.0 - Svenska

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5.5

ATI Catalyst Install Manager

BankID säkerhetsprogram 4.10.4

Bonjour

Business Contact Manager för Outlook 2007 SP2

Canon CanoScan Toolbox 5.0

CanoScan 4400F

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

CATraxx 2000

ccc-core-static

ccc-utility

CCC Help English

CCleaner

CleanMem

DivX Converter

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

DVD Suite

DX-Ball 1.09

Easy Bridge

EO Video 1.36

FlashGet 1.9.6.1073

Free Tetrix

GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)

getPlus® for Adobe

Google Chrome

Google Earth

Google Update Helper

Handelsbanken Installationsguide

HandyBits File Shredder

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Indeo® Software

Intel A/V Codecs V2.0

IrfanView (remove only)

iTunes

Java Auto Updater

Java 6 Update 21

LightScribe System Software 1.12.33.2

LimeWire 5.5.14

Malwarebytes' Anti-Malware

MediaShow

Microsoft .NET Framework 3.5 Language Pack SP1 - sve

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

miFiles - My Internet Files

MosChip Multi-IO Controller

Move Networks Media Player for Internet Explorer

MP4 Player

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicTime Deluxe 3.5.5

Nero 8 Essentials

neroxml

Norton Internet Security

Norton Security Scan

OGA Notifier 2.0.0048.0

OpenOffice.org 3.2

PhotoNow!

Power2Go 5.0

PowerBackup

PowerDirector Express

PowerDVD

PowerDVD Copy

PowerProducer

Presto! PageManager 7.15.13

QuickTime

RealPlayer

Realtek High Definition Audio Driver

ReNamer

Samsung CLP-310 Series

ScanSoft OmniPage SE 4.0

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Sibelius Scorch (ActiveX Only)

SIW version 2009-09-09

Skins

Spelling Dictionaries Support For Adobe Reader 9

Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve

Startprogram för installationen av Microsoft Works 2001

SUPERAntiSpyware Free Edition

Symantec Technical Support Web Controls

TweakNow RegCleaner

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.4053

Windows Driver Package - Todos Data System AB (Tdsshbecr) SmartCardReader (05/30/2008 1.0.9.2)

Windows Live Communications Platform

Windows Live Essentials

Windows Live inloggningsassistenten

Windows Live Messenger

Windows Live Upload Tool

WinRAR archiver

VLC media player 1.1.4

Works-synkronisering

Works Suite OS-paket

Xvid 1.1.3 final uninstall

 

==== End Of File ===========================

Link to comment
Share on other sites

Hej,

en följeslagare kanske.

c:\users\bjrn~1\appdata\roaming\40768.bat

Ladda upp på Virustotal, hittas här:

http://www.virustotal.com/index.html

Klicka på fliken Upload a File, leta reda på den med hjälp av Bläddraknappen, tryck Send File.

Återkom med svarslänken färdiganalyserad här i din tråd.

Mvh

Mats H

Link to comment
Share on other sites

Hej!

 

Här kommer resultatet:

Vad jag, som amatör, kan utläsa så finns det inga konstigheter...

 

Björn

--------------------------------------------------------------------------------------

 

File name: 40768.bat

Submission date: 2010-10-22 08:34:31 (UTC)

Current status: queued (#4) queued (#4) analysing finished

 

 

Result: 0/ 43 (0.0%)

VT Community

 

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2010.10.22.01 2010.10.22 -

AntiVir 7.10.13.16 2010.10.22 -

Antiy-AVL 2.0.3.7 2010.10.22 -

Authentium 5.2.0.5 2010.10.22 -

Avast 4.8.1351.0 2010.10.21 -

Avast5 5.0.594.0 2010.10.21 -

AVG 9.0.0.851 2010.10.21 -

BitDefender 7.2 2010.10.22 -

CAT-QuickHeal 11.00 2010.10.22 -

ClamAV 0.96.2.0-git 2010.10.22 -

Comodo 6473 2010.10.22 -

DrWeb 5.0.2.03300 2010.10.22 -

Emsisoft 5.0.0.50 2010.10.22 -

eSafe 7.0.17.0 2010.10.21 -

eTrust-Vet 36.1.7926 2010.10.22 -

F-Prot 4.6.2.117 2010.10.22 -

F-Secure 9.0.16160.0 2010.10.22 -

Fortinet 4.2.249.0 2010.10.22 -

GData 21 2010.10.22 -

Ikarus T3.1.1.90.0 2010.10.22 -

Jiangmin 13.0.900 2010.10.22 -

K7AntiVirus 9.66.2805 2010.10.21 -

Kaspersky 7.0.0.125 2010.10.22 -

McAfee 5.400.0.1158 2010.10.22 -

McAfee-GW-Edition 2010.1C 2010.10.22 -

Microsoft 1.6301 2010.10.22 -

NOD32 5554 2010.10.22 -

Norman 6.06.10 2010.10.22 -

nProtect 2010-10-22.01 2010.10.22 -

Panda 10.0.2.7 2010.10.21 -

PCTools 7.0.3.5 2010.10.22 -

Prevx 3.0 2010.10.22 -

Rising 22.70.03.01 2010.10.22 -

Sophos 4.58.0 2010.10.22 -

Sunbelt 7115 2010.10.22 -

SUPERAntiSpyware 4.40.0.1006 2010.10.22 -

Symantec 20101.2.0.161 2010.10.22 -

TheHacker 6.7.0.1.064 2010.10.21 -

TrendMicro 9.120.0.1004 2010.10.22 -

TrendMicro-HouseCall 9.120.0.1004 2010.10.22 -

VBA32 3.12.14.1 2010.10.21 -

ViRobot 2010.9.25.4060 2010.10.22 -

VirusBuster 12.69.11.0 2010.10.21 -

Additional informationShow all

MD5 : 43324e1525994637c265dcb6c9f925ad

SHA1 : 09efd577303522286fc5e6184b90bb410f495108

SHA256: 48042d5a1c8c7379b16dd43fb115ce138810c0c1cfa423496761b1bfde1131b7

Link to comment
Share on other sites

Hej!

Bra att det inte var ngt infekterat där.

Vill kolla med ComboFix också. Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Mvh

Mats H

Link to comment
Share on other sites

Hej igen Mats!

 

Det var lite trixigt att stänga av alla säkerhetsfunktioner, men det gick bra till sist.

Jag körde ComboFix enl. reglerna och det verkar också ha gått bra.

Här kommer loggfilen:

 

 

ComboFix 10-10-23.01 - Björn 2010-10-24 14:06:19.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1790.1212 [GMT 2:00]

Körs från: c:\users\Björn\Desktop\ComboFix.exe

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\SysWoW32

c:\programdata\SysWoW32\mu571349741v4

c:\programdata\SysWoW32\mu571349741v4.kwd

c:\programdata\SysWoW32\mu571349741v5

c:\programdata\SysWoW32\mu571349741v5.kwd

c:\programdata\SysWoW32\mu571349741v6

c:\programdata\SysWoW32\mu571349741v6.kwd

c:\programdata\SysWoW32\mu571349741v7

c:\programdata\SysWoW32\mu571349741v7.kwd

c:\programdata\SysWoW32\wu571349741v0

c:\programdata\SysWoW32\wu571349741v0.kwd

c:\programdata\SysWoW32\wu571349741v1

c:\programdata\SysWoW32\wu571349741v1.kwd

c:\programdata\SysWoW32\wu571349741v2

c:\programdata\SysWoW32\wu571349741v2.kwd

c:\programdata\SysWoW32\wu571349741v3

c:\programdata\SysWoW32\wu571349741v3.kwd

c:\programdata\unrar.exe

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-09-24 till 2010-10-24 ))))))))))))))))))))))))))))))

.

 

2010-10-24 12:15 . 2010-10-24 12:16 -------- d-----w- c:\users\Björn\AppData\Local\temp

2010-10-24 12:15 . 2010-10-24 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-23 14:25 . 2010-10-24 09:18 -------- d-----w- c:\users\Björn\AppData\Local\Windows Live

2010-10-23 14:23 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll

2010-10-17 17:33 . 2010-10-17 17:33 322 ----a-w- c:\users\Björn\AppData\Roaming\40768.bat

2010-10-15 09:56 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2010-10-15 09:56 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-10-05 10:20 . 2010-10-05 10:20 -------- d-----w- c:\program files\Personal

2010-10-05 10:19 . 2010-10-05 10:19 -------- d-----w- c:\program files\DIFX

2010-10-05 10:19 . 2009-10-22 09:49 42368 ----a-w- c:\windows\system32\drivers\shbecr.sys

2010-10-05 10:18 . 2010-10-05 10:21 -------- d-----w- c:\users\Björn\AppData\Local\Handelsbanken

2010-10-05 10:18 . 2010-10-05 10:18 -------- d-----w- c:\users\Björn\AppData\Local\TiFiC

2010-10-05 10:18 . 2010-10-05 10:18 -------- d-----w- c:\users\Björn\AppData\Roaming\TiFiC

2010-10-05 10:17 . 2010-10-05 10:17 -------- d-----w- c:\program files\TiFiC

2010-10-05 10:17 . 2010-10-05 10:17 -------- d-----w- c:\program files\Common Files\TiFiC

2010-10-01 08:53 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-01 08:52 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-09-27 07:22 . 2010-09-27 07:22 -------- d-----w- c:\program files\iPod

2010-09-27 07:22 . 2010-09-27 07:22 -------- d-----w- c:\program files\iTunes

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-17 17:33 . 2010-10-17 17:33 322 ----a-w- c:\users\Björn\AppData\Roaming\40768.bat

2010-10-17 17:33 . 2010-10-17 17:33 322 ----a-w- c:\users\Björn\AppData\Roaming\40768.bat

2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-08-17 14:11 . 2010-09-15 13:56 128000 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-01 2424560]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"Skytel"="Skytel.exe" [2008-06-25 1826816]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-05-07 524288]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID s„kerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2010-10-5 939920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2010-04-01 09:13 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Personal.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Personal.lnk

backup=c:\windows\pss\Personal.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Påminnelser för Kalendern i Microsoft Works.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Påminnelser för Kalendern i Microsoft Works.lnk

backup=c:\windows\pss\Påminnelser för Kalendern i Microsoft Works.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-12-12 07:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-01-08 21:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2003-09-29 23:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service]

2009-02-24 11:25 19456 --s-a-w- c:\progra~1\COMMON~1\TEKNUM~1\update.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R2 gupdate1c9b773b1434e9a;Tjänsten Google Update (gupdate1c9b773b1434e9a);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 133104]

R3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2008-05-19 120960]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-04-01 12872]

R4 DAHIDI;DAHIDI;c:\windows\system32\drivers\imon_ss.sys [2004-04-26 24714]

R4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-10 150568]

R4 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2008-09-01 272424]

R4 sertouch;sertouch;c:\windows\system32\drivers\sertouch.sys [2008-05-19 107264]

R4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2007-02-01 110128]

R4 UGURU;UGURU;c:\windows\system32\drivers\uguru.sys [2006-10-02 21048]

R4 xtouch;xtouch;c:\windows\system32\drivers\xtouch.sys [2008-05-20 103936]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]

S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101021.003\IDSvix86.sys [2010-10-19 353840]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-04-01 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656]

S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]

S3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2006-12-19 81408]

S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys [2009-10-22 42368]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

getPlusHelper REG_MULTI_SZ getPlusHelper

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 11:26]

 

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 11:26]

 

2010-10-02 c:\windows\Tasks\Norton Security Scan for Björn.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-11 07:48]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = *.local

IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Power2GoExpress - (no file)

MSConfigStartUp-359F5809-00B8-4455-A73A-9EA62A51101B - c:\programdata\3CF08698.exe

MSConfigStartUp-371413122 - c:\programdata\816534143\371413122.exe

MSConfigStartUp-Microsoft Works Portfolio - c:\program files\Microsoft Works\WksSb.exe

MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MSConfigStartUp-WorksFUD - c:\program files\Microsoft Works\wkfud.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-24 14:16

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

.

Sluttid: 2010-10-24 14:18:49

ComboFix-quarantined-files.txt 2010-10-24 12:18

 

Före genomsökningen: 177 226 227 712 byte ledigt

Efter genomsökningen: 177 374 105 600 byte ledigt

 

- - End Of File - - 38D7FC1D127A644EB54EFFCA8EE11B7F

Link to comment
Share on other sites

Hej,

hur fungerar din dator nu?

Vad denna .bat används till vet jag inte, men tycker att du kan ta bort den.

c:\users\Björn\AppData\Roaming\40768.bat

Efter att du tagit bort och förutsatt att datorn nu funkar som den ska, starta om och städa enligt följande:

 

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

  1. Öppna System genom att klicka på Start4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.png, Kontrollpanelen, System och underhåll och sedan på System.
  2. Klicka på Systemskydd i den vänstra fönsterrutan. 18abb370-ac1e-4b6b-b663-e028a75bf05b.png Om du uppmanas att ange administratörslösenord eller bekräftelse, följer du uppmaningen.
  3. Klicka på fliken Systemskydd och sedan på Skapa.
  4. Skriv en beskrivning i dialogrutan Systemskydd och klicka sedan på Skapa.

Vista: http://windows.micro...asked-questions

 

 

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Läs bifogad länk, se:

Fliken Fler alternativ är tillgänglig om du väljer att rensa filer från alla användare på datorn.

Den här fliken inkluderar ytterligare två metoder som du kan använda för att frigöra ännu mer diskutrymme:

Systemåterställning och skuggkopior.

Uppmanar dig att ta bort alla utom den senaste återställningspunkten på disken.

http://windows.micro...ng-Disk-Cleanup

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och de olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn. Ta bort DDS-programmet och dess loggar. Om något är kvar efter det så fråga hur du ska ta bort det.

 

3. Spara TFC av OldTimer på Skrivbordet.

http://oldtimer.geekstogo.com/TFC.exe

 

Stäng alla program och fönster.

Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).

Klicka på Start-knappen för att starta städningen.

Det kan ta några minuter och låt datorn vara ifred under tiden.

 

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv.

 

 

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot...iggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

http://sites.google....lstockholm/home

 

Att uppdatera:

Java™ 6 Update 21 till Java™ 6 Update 22.

 

Återkom med frågor om något är oklart eller om något problem kvarstår.

Mvh

Mats H

Link to comment
Share on other sites

Hej MAts!

 

Först och främst, datorn verkar frisk och funkar bra!!! Mycket tack!

 

Jag tog bort filen 40768.bat!

 

Sedan blir jag lite kluven och törs inte fortsätta.

Det finns inget "System och underhåll" på kontrollpanelen???

Menar du kanske "System", som innehåller dom fyra funktionerna:

Enhetshanteraren

Fjärrinställningar

Systemskydd

Avancerade systeminställningar

 

?

 

Björn

Link to comment
Share on other sites

Hej,

tog texten direkt från MS länken

trodde nog att det stämde på Vista.

Menar du kanske "System"?

Ja absolut och sedan Systemskydd.

 

Kul att datorn fungerar igen!

Bra jobbat!

Mvh

Mats H

Link to comment
Share on other sites

Om man ser "System och underhåll" i Kontrollpanelen beror på om man har ställt in Klassisk vy eller inte i Kontrollpanelen.

Link to comment
Share on other sites

Hej Mats!

 

Det var fånigt av mig att inte begripa skillnaden mellan klassisk och ny vy....

 

Jag skapade en ny återställningspunkt och tog bort de gamla inkl. skuggkopior.

Tog bort DDS + loggen! Varför?

Körde programmen OTC och FTC utan problem.

Även Java är uppdaterad!

 

Jag såg på nätet att THINKPOINT redan ställt till en massa tråkigheter se:

http://se.pcthreat.com/parasitebyid-13022se.html

 

Ser nu fram mot en bekymmers- och virusfri datorframtid!

 

TACK!! ännu en gång!

 

Björn

Link to comment
Share on other sites

E1ajas:

Du har fått din egen tråd här: //eforum.idg.se/topic/224322-e1ajas-thinkpoint/

Detta för att det blir problem om loggar och information om två datorer blandas.

 

Cecilia

Moderator

Link to comment
Share on other sites

Hej Mats!

Tog bort DDS + loggen! Varför?

Björn

 

Hej,

inget du behöver ha liggande för framtiden!.

DDS finns allltid att hämta här om det skulle behövas!

Kul att allt fungerar bra!

Mvh

Mats H

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...