Just nu i M3-nätverket
Jump to content

Datorn låser sig/väldigt seg att använda


Street_Tiger

Recommended Posts

Hej!

Jag kan börja med att jag är inte speciellt datorkunnig. Under dagen idag så har jag inte upplevt några som helst konstigheter med min dator först nu mot kvällen då en ruta ploppar upp som är en varningsruta från eset att jag har ett virus: (Win32/HackKMS.A). Därefter låser sig datorn och kan inte göra något. Varför jag kan skriva nu ett inlägg är för att jag har avaktiverat eset för tillfället och då kan jag använda datorn men den är väldigt seg, nästan oanvändbar. Jag har försökt starta windows med felsäkert läge men då kan jag inte koppla upp mig mot internet då mitt mobila bredband hittas ej av datorn (jag är utomlands och har ingen möjlighet att sitta med vanligt bredband).

Jag skulle vara väldigt tacksam ifall någon skulle kunna hjälpa mig med mitt problem.

 

MVH

 

Tony

Link to comment
Share on other sites

Kan du hitta i någon logg i vilken fil och mapp som Eset hittade Win32/HackKMS.A?

Den benämningen brukar användas för cracks och liknande. Har du sådant i datorn?

 

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites

Det verkar som att det var lavasoft som låste min dator när eset var på samtidigt (jag har aldrig upplvet det här innan) efter att jag gjorde en uppdatering på lavasoft igår. Nu har jag avinstallerat lavasoft och man kan använda datorn men jag upplever den fortfarande som segare än innan detta skedde. Här är loggen:

 

 

DDS (Ver_10-11-10.01) - NTFS_AMD64

Run by Tony at 22:11:40,13 on 2010-11-14

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4063.2110 [GMT 1:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Tony\Desktop\dds.scr

C:\Windows\system32\conhost.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Google Update] "C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe

mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Skicka bild till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {5B560386-2E43-47A3-B67A-2B4E8A67D42E} = 192.168.0.1

TCP: 45F64716C6361627 = 192.168.0.1

TCP: {B1A1878E-49BE-42EB-91AA-7F2D6776EC3E} = 212.73.32.3 212.73.32.67

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: VESWinlogon - VESWinlogon.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

mRun-x64: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

mRun-x64: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

 

================= FIREFOX ===================

 

FF - ProfilePath - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\pwqzn344.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Tony\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-6 55856]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2010-11-4 49752]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-19 203264]

R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-6-24 166984]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-6-24 810144]

R2 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-4-28 50600]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 14112]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-19 189984]

R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-6 120104]

R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-6 70952]

R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-6 427304]

R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-6 75048]

R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-6 91432]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-6 104960]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-6 411496]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]

R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2010-1-19 9216]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-9-27 845312]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-9-6 19968]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-19 35104]

R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2010-9-7 133632]

R3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2010-9-7 114304]

R3 NETw5s64;Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-19 11392]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-5-7 480624]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-3-9 1223024]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-8-19 393216]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-6 133104]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-23 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-8 5435904]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;C:\Windows\System32\drivers\nordecr.sys [2010-5-26 28672]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-7 1255736]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-3-28 361840]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-6 110888]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

 

=============== Created Last 30 ================

 

2010-11-13 19:16:07 64600 ----a-w- C:\Windows\System32\drivers\sbapifs.sys

2010-11-12 20:21:40 -------- d-----w- C:\Program Files\iPod

2010-11-12 20:21:39 -------- d-----w- C:\Program Files\iTunes

2010-11-12 20:21:39 -------- d-----w- C:\Program Files (x86)\iTunes

2010-11-12 18:39:20 163840 ----a-w- C:\Windows\SysWow64\ArtFfct.dll

2010-11-12 18:39:20 -------- d-----w- C:\Program Files (x86)\Arturia

2010-11-12 16:39:46 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{47EA9BAA-C819-499A-B83C-06FDC0BB601F}\mpengine.dll

2010-11-11 23:42:59 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign

2010-11-11 23:38:41 710496 ----a-w- C:\Program Files (x86)\Uninstall Information\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}\unins000.exe

2010-11-11 23:37:06 691545 ----a-w- C:\Program Files (x86)\unins000.exe

2010-11-11 23:37:06 1859584 ----a-w- C:\Program Files (x86)\Vanguard.dll

2010-11-11 23:37:06 -------- d-----w- C:\Program Files (x86)\Presets

2010-11-11 23:37:06 -------- d-----w- C:\Program Files (x86)\Manual

2010-11-11 23:30:43 -------- d-----w- C:\Program Files (x86)\Steinberg

2010-11-11 23:30:22 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2010-11-11 22:14:42 2240 ----a-w- C:\Windows\LENDIG.sys

2010-11-11 22:14:40 -------- d-----w- C:\Program Files\Steinberg

2010-11-10 13:30:28 614400 ----a-w- C:\Windows\AutoKMS.exe

2010-11-08 16:26:17 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2010-11-08 16:24:57 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2010-11-08 11:58:39 -------- d-----w- C:\Program Files (x86)\MSECache

2010-11-04 11:40:18 -------- d-----w- C:\Program Files\Lavasoft

2010-11-04 11:30:46 -------- d-----w- C:\Users\Tony\AppData\Local\Sunbelt Software

2010-11-04 11:29:59 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2010-11-04 10:48:46 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2010-11-01 21:10:22 -------- d-----w- C:\Users\Tony\AppData\Roaming\Cycling '74

2010-11-01 21:10:10 -------- d-----w- C:\Users\Tony\AppData\Local\PACE Anti-Piracy

2010-11-01 21:10:10 -------- d-----w- C:\PROGRA~3\PACE Anti-Piracy

2010-11-01 21:10:09 -------- d-----w- C:\Users\Tony\AppData\Roaming\PACE Anti-Piracy

2010-11-01 21:03:14 -------- d-----w- C:\Program Files (x86)\Cycling '74

2010-11-01 18:15:04 -------- d-----w- C:\Program Files (x86)\Ableton

2010-10-26 21:34:03 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2010-10-26 21:34:03 552960 ----a-w- C:\Windows\System32\msdri.dll

2010-10-26 21:34:02 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2010-10-26 21:34:02 288256 ----a-w- C:\Windows\System32\MSNP.ax

2010-10-26 21:34:02 258560 ----a-w- C:\Windows\System32\mpg2splt.ax

2010-10-26 21:34:02 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

2010-10-26 21:34:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2010-10-26 21:33:04 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2010-10-23 15:25:42 -------- d-----w- C:\Windows\sv

2010-10-23 15:23:14 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2010-10-23 15:21:31 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2010-10-23 15:21:31 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2010-10-23 15:21:30 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2010-10-23 15:21:30 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2010-10-23 15:20:31 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d338804a1cb72c51d\InstallManager_WLE_WLE.exe

2010-10-23 15:20:26 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d18021b71cb72c51c\DSETUP.dll

2010-10-23 15:20:26 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d18021b71cb72c51c\DXSETUP.exe

2010-10-23 15:20:26 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d18021b71cb72c51c\dsetup32.dll

2010-10-23 15:20:25 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d0e7c9a61cb72c51b\MeshBetaRemover.exe

2010-10-23 15:20:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cc0f9cb71cb72c519\DSETUP.dll

2010-10-23 15:20:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cc0f9cb71cb72c519\DXSETUP.exe

2010-10-23 15:20:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cc0f9cb71cb72c519\dsetup32.dll

2010-10-23 15:19:11 -------- d-----w- C:\Users\Tony\AppData\Local\Windows Live

2010-10-23 15:18:33 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2010-10-23 15:18:33 206848 ----a-w- C:\Windows\System32\mfps.dll

2010-10-23 15:18:32 4068864 ----a-w- C:\Windows\System32\mf.dll

2010-10-23 15:18:32 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2010-10-23 15:18:32 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2010-10-23 15:18:32 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2010-10-23 15:18:31 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2010-10-20 12:21:52 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll

2010-10-20 12:21:52 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll

2010-10-20 12:03:52 -------- d-----w- C:\Program Files (x86)\Propellerhead

2010-10-19 21:27:36 -------- d-----w- C:\Users\Tony\AppData\Roaming\Ableton

2010-10-19 21:27:36 -------- d-----w- C:\PROGRA~3\Ableton

 

==================== Find3M ====================

 

2010-10-19 10:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-09-22 22:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-09-22 22:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-09-21 12:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

2010-09-21 12:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

2010-09-15 02:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2010-09-08 09:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-09-08 09:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 20:36:28 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

 

============= FINISH: 22:12:08,78 ===============

Attach.txt

Link to comment
Share on other sites

Kan du hitta i någon logg i vilken fil och mapp som Eset hittade Win32/HackKMS.A?

 

Har du installerat någon produkt från Sunbelt?

Det här brukar vara en drivrutin från dem, men jag kan inte se någon av deras produkter i avinstallationslistan.

2010-11-13 19:16:07 64600 ----a-w- C:\Windows\System32\drivers\sbapifs.sys

 

2010-11-12 18:39:20 -------- d-----w- C:\Program Files (x86)\Arturia

Vad är det för program?

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

C:\Windows\AutoKMS.exe

C:\Windows\System32\drivers\sbapifs.sys

Link to comment
Share on other sites

Det såg ju inte så bra ut. Du kan läsa om den typen av skadlig fil på http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fMeredrop

 

Kan du hitta i någon logg i vilken fil och mapp som Eset hittade Win32/HackKMS.A?

 

Har du installerat någon produkt från Sunbelt?

 

2010-11-12 18:39:20 -------- d-----w- C:\Program Files (x86)\Arturia

Vad är det för program?

Link to comment
Share on other sites

Den ska tydligen vara här: C:\Windows\KMSEmulator.exe

 

Det skulle jag inte tro att jag har gjort, inget jag kommer ihåg.

 

Det är en plugin (VST) för ett musikprogram.

Link to comment
Share on other sites

Ska jag tolka den information som jag hittar när jag söker på filnamnen KMSEmulator och AutoKMS att det är en illegal MS Office i datorn?

Link to comment
Share on other sites

Ja mycket möjligt, men detta har dock aldrig varit ett problem förut för min dator utan problemet uppkom när jag uppdaterade ad-aware och då låste datorn sig och var seg. Nu sen jag har avinstallerat ad-aware så har jag inte märkt några större probem förutom att datorn kan möjligtvis vara något segare än den var innan.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.×
×
  • Create New...