Just nu i M3-nätverket
Jump to content

Virus Windows Recovery från Spotify


pelsesnak

Recommended Posts

I fredags (den 25e mars) lyssnade jag på Spotify och fick viruset Windows Recovery. Nästan alla mina filer på skrivbordet blev "genomskinliga".

 

 

Jag försökte ta bort viruset med hjälp av ett AntiVirus-program som hette TrojanKiller. Efter att ha låtit det programmet scanna datorn ville det att jag skulle betala för att ta bort filerna. Det ville inte jag... Så jag tänkte att själv kunde ta bort de filerna. Letade upp dem i bland de temporära filerna och tog bort dem. Men försvann ALLA mina filer. Oops. Sen återställde jag de filerna som jag tog bort med vilje, men mina "riktiga" filer kom inte tillbaka...

 

Så googlade jag lite till och fann ComboFix. Körde den och alla mina filer kom tillbaka och viruset försvann. Trodde jag. Ikonen på skrivbordet låg kvar men jag tog bort hela programmappen. Sen slog av av datorn och idag söndag (27e mars) så slog jag på den för första gången igen och viruset kom upp igen. Inga filer är borta eller genomskinliga dock.

 

Jag körde ComboFix igen och nu kommer det inte upp några jobbiga "varningsmeddelanden" från viruset men genvägen ligger på skrivbordet.

 

Jag har inga antivirus-program installerade på datorn.

 

Är så himla himla tacksam för svar! Ni är änglar som hjälper folk som mig på forum såhär!! Tack!

 

Här är DDS-loggen jag precis gjorde: Jag bifogar Attach.txt och ComoFix-loggen

 

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Else at 20:12:29,20 on 2011-03-27

Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1015.323 [GMT 2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\ATK Hotkey\ASLDRSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AskBarDis\bar\bin\AskService.exe

C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\sdclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Else\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Else\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Else\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Else\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Else\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Else\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [Google Update] "c:\users\else\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [JgUJevQpNnePtDM] c:\programdata\JgUJevQpNnePtDM.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup

mRun: [Desktop SMS] c:\program files\idm\desktop sms\DesktopSMS.exe /auto

mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\else\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\else\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://adfarm.mediaplex.com/ad/ck/7206-44921-9400-2

IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\else\appdata\roaming\mozilla\firefox\profiles\2pris8r2.default\

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com

FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net

.

============= SERVICES / DRIVERS ===============

.

R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-9-6 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-9-6 234888]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-21 21504]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-3-5 476416]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-3 136176]

.

=============== Created Last 30 ================

.

2011-03-27 15:29:13 -------- d-sh--w- C:\$RECYCLE.BIN

2011-03-27 15:07:31 -------- d-----w- C:\ComboFix

2011-03-25 17:54:37 98816 ----a-w- c:\windows\sed.exe

2011-03-25 17:54:37 89088 ----a-w- c:\windows\MBR.exe

2011-03-25 17:54:37 256512 ----a-w- c:\windows\PEV.exe

2011-03-25 17:54:37 161792 ----a-w- c:\windows\SWREG.exe

2011-03-25 10:38:01 546816 ----a-w- c:\progra~2\JgUJevQpNnePtDM.exe

2011-03-25 09:20:55 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{52fc0277-ea4b-4748-854c-3f16b6bb01bc}\mpengine.dll

2011-03-23 22:13:52 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-23 22:13:51 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-23 22:13:51 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-09 18:08:35 -------- d-----r- c:\users\else\Dropbox

2011-03-09 18:01:03 -------- d-----w- c:\users\else\appdata\roaming\Dropbox

2011-03-09 08:06:26 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 08:06:26 322560 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 08:06:25 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 08:06:25 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 08:06:22 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-03-09 08:06:22 2067968 ----a-w- c:\windows\system32\mstscax.dll

2011-02-27 16:51:37 -------- d-----w- c:\users\else\appdata\local\Microsoft_Corporation

.

==================== Find3M ====================

.

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys

2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll

2009-04-24 14:11:32 9812992 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe

.

============= FINISH: 20:13:18,42 ===============

Attach.txt

ComboFix.txt

Link to comment
Share on other sites

Jag klistrar in ComboFix-loggen så att det blir enkelt att gå tillbaka till den.

 

ComboFix 11-03-24.06 - Else 2011-03-27 17:11:38.2.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1015.257 [GMT 2:00]

Körs från: c:\users\Else\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

PEV Error: ProfilesFile

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\38788872.exe

c:\users\Else\AppData\Local\Temp\ppcrlui_3224_2

.

.

(((((((((((((((((((((((( Filer Skapade från 2011-02-27 till 2011-03-27 ))))))))))))))))))))))))))))))

.

.

2011-03-27 15:24 . 2011-03-27 15:24 -------- d-----w- c:\users\Gäst\AppData\Local\temp

2011-03-27 15:24 . 2011-03-27 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-25 10:38 . 2011-03-25 10:38 546816 ----a-w- c:\programdata\JgUJevQpNnePtDM.exe

2011-03-25 09:20 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52FC0277-EA4B-4748-854C-3F16B6BB01BC}\mpengine.dll

2011-03-23 22:13 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-23 22:13 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-23 22:13 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 18:08 . 2011-03-25 09:09 -------- d-----r- c:\users\Else\Dropbox

2011-03-09 18:01 . 2011-03-25 10:51 -------- d-----w- c:\users\Else\AppData\Roaming\Dropbox

2011-03-09 08:06 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 08:06 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 08:06 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 08:06 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 08:06 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 08:06 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-02-27 16:51 . 2011-02-27 16:51 -------- d-----w- c:\users\Else\AppData\Local\Microsoft_Corporation

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-09 17:50 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-02 17:11 . 2009-10-03 10:52 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:37 . 2011-02-10 09:02 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-10 09:02 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-10 09:02 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-10 09:02 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-10 09:02 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:08 . 2011-02-10 09:02 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:07 . 2011-02-10 09:02 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-10 09:02 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-10 09:02 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-10 09:02 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-10 09:02 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-10 09:02 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 16:04 . 2011-02-10 09:02 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 14:28 . 2011-02-10 09:02 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-10 09:02 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-10 09:02 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-10 09:02 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-10 09:02 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-10 09:02 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-10 09:02 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-10 09:02 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14 . 2011-02-10 09:02 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12 . 2011-02-10 09:02 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-10 09:02 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-10 09:02 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-08 08:47 . 2011-02-10 09:01 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28 . 2011-02-10 09:01 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57 . 2011-02-10 09:02 2039808 ----a-w- c:\windows\system32\win32k.sys

2010-12-28 15:55 . 2011-01-23 18:16 413696 ----a-w- c:\windows\system32\odbc32.dll

2009-04-24 14:11 . 2009-04-24 14:11 9812992 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Else\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Else\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Else\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 435768]

"Google Update"="c:\users\Else\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-11 135664]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"JgUJevQpNnePtDM"="c:\programdata\JgUJevQpNnePtDM.exe" [2011-03-25 546816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

.

c:\users\Else\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Else\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-27 23361424]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 136176]

S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]

S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innehållet i mappen 'Schemalagda aktiviteter':

.

2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 15:34]

.

2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 15:34]

.

2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3534465507-960385233-3212640933-1000Core.job

- c:\users\Else\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 14:52]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3534465507-960385233-3212640933-1000UA.job

- c:\users\Else\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 14:52]

.

2011-03-27 c:\windows\Tasks\User_Feed_Synchronization-{79DF92FB-A2A2-4B0B-B27A-832D6BA63CEE}.job

- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]

.

.

------- Extra genomsökning -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Else\AppData\Roaming\Mozilla\Firefox\Profiles\2pris8r2.default\

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com

FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????E/=^?&??X?U???U???U???U?

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Sluttid: 2011-03-27 17:29:06

ComboFix-quarantined-files.txt 2011-03-27 15:29

ComboFix2.txt 2011-03-25 18:13

.

Före genomsökningen: 3 613 519 872 byte ledigt

Efter genomsökningen: 3 589 513 216 byte ledigt

.

- - End Of File - - 09D0021FCAE219A61AD04694B51EC5C5

Link to comment
Share on other sites

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwarebytes.org/mbam-download.php

http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=b4a0904e0f02b40bf2ae9ce030ef5c99&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11375988&mfgId=6290020&merId=6290020&pguid=XI3P-goPjFwAACI-g4wAAAA4&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3Db4a0904e0f02b40bf2ae9ce030ef5c99

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Klicka på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Utför snabb skanning och klicka på Skanna.

Skanningen tar ett tag.

När den är klar så klicka på OK och sedan Visa resultat.

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

Kör DDS igen och klistra in DDS.txt också.

Link to comment
Share on other sites

DDS-loggen:

 

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Else at 11:34:27,07 on 2011-03-28

Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1015.253 [GMT 2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\ATK Hotkey\ASLDRSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AskBarDis\bar\bin\AskService.exe

C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Users\Else\Desktop\dds.scr

C:\Windows\system32\conime.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [Google Update] "c:\users\else\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup

mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\else\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\else\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://adfarm.mediaplex.com/ad/ck/7206-44921-9400-2

IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\else\appdata\roaming\mozilla\firefox\profiles\2pris8r2.default\

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com

FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net

.

============= SERVICES / DRIVERS ===============

.

R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-9-6 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-9-6 234888]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-21 21504]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-3-5 476416]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-3 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-28 38224]

.

=============== Created Last 30 ================

.

2011-03-28 09:12:16 -------- d-----w- c:\users\else\appdata\roaming\Malwarebytes

2011-03-28 09:12:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 09:12:00 -------- d-----w- c:\progra~2\Malwarebytes

2011-03-28 09:11:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-28 09:11:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-27 15:29:13 -------- d-sh--w- C:\$RECYCLE.BIN

2011-03-27 15:07:31 -------- d-----w- C:\ComboFix

2011-03-25 17:54:37 98816 ----a-w- c:\windows\sed.exe

2011-03-25 17:54:37 89088 ----a-w- c:\windows\MBR.exe

2011-03-25 17:54:37 256512 ----a-w- c:\windows\PEV.exe

2011-03-25 17:54:37 161792 ----a-w- c:\windows\SWREG.exe

2011-03-25 09:20:55 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{52fc0277-ea4b-4748-854c-3f16b6bb01bc}\mpengine.dll

2011-03-23 22:13:52 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-23 22:13:51 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-23 22:13:51 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-09 18:08:35 -------- d-----r- c:\users\else\Dropbox

2011-03-09 18:01:03 -------- d-----w- c:\users\else\appdata\roaming\Dropbox

2011-03-09 08:06:26 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 08:06:26 322560 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 08:06:25 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 08:06:25 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 08:06:22 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-03-09 08:06:22 2067968 ----a-w- c:\windows\system32\mstscax.dll

2011-02-27 16:51:37 -------- d-----w- c:\users\else\appdata\local\Microsoft_Corporation

.

==================== Find3M ====================

.

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys

2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll

2009-04-24 14:11:32 9812992 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe

.

============= FINISH: 11:35:41,43 ===============

 

MBAM-log:

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databasversion: 6190

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

 

2011-03-28 11:18:53

mbam-log-2011-03-28 (11-18-53).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 159809

Förfluten tid: 5 minut(er), 43 sekund(er)

 

Infekterade minnesprocesser: 1

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 2

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 2

 

Infekterade minnesprocesser:

c:\program files\IDM\desktop sms\desktopsms.exe (Worm.P2P) -> 3360 -> Unloaded process successfully.

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JgUJevQpNnePtDM (Trojan.Downloader) -> Value: JgUJevQpNnePtDM -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Desktop SMS (Worm.P2P) -> Value: Desktop SMS -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

c:\programdata\jgujevqpnneptdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\program files\IDM\desktop sms\desktopsms.exe (Worm.P2P) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

Nu är Windows Recovery-genvägen fortfarande kvar men den ser inte ut som den ska se ut. Den ser ut som en liksom "fel.symbol"... Viruset har inte kommit upp nu heller när jag startade om datorn, förutom genvägen då. Tack igen!

Link to comment
Share on other sites

Kan du ta bort genvägen själv (lägga i Papperskorgen)?

 

Vet du något om programmet c:\program files\IDM\desktop sms? MBAM tog bort en fil från den mappen.

 

Avinstallera toolbar med spionfunktion:

Vuze Toolbar

 

Avinstallera gamla versioner med kända säkerhetshål:

J2SE Runtime Environment 5.0 Update 6

Java™ 6 Update 13

Java™ 6 Update 23

Java™ SE Runtime Environment 6

 

I Firefox - Verktyg - Tillägg avinstallera/inaktivera "Ask Toolbar for Firefox".

 

Starta om datorn och kör ComboFix, samt klistra in den loggen.

Link to comment
Share on other sites

Det enda jag vet om dekstops-sms-grejen är att när jag fick viruset kom det upp en varningsruta om att det var något fel med den filen, typ.

Om jag söker på Windows Recovery i startmenyn så kommer det upp att det fortfarande är kvar och att jag kan avinstallera det. Jag slängde genvägen som du sa, och tömde papperskorgen, men det ligger ändå kvar. Jag bifogar en bild på hur det ser ut när jag söker på det.

Här är ComboFix-loggen:

 

ComboFix 11-03-24.06 - Else 2011-03-28 18:46:26.3.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1015.448 [GMT 2:00]

Körs från: c:\users\Else\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

PEV Error: ProfilesFile

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Java

c:\program files\Java\jre-windows-i586.exe

c:\program files\Java\jre6\lib\ext\QTJava.zip

.

.

(((((((((((((((((((((((( Filer Skapade från 2011-02-28 till 2011-03-28 ))))))))))))))))))))))))))))))

.

.

2011-03-28 16:58 . 2011-03-28 16:58 -------- d-----w- c:\users\Else\AppData\Local\temp

2011-03-28 16:58 . 2011-03-28 16:58 -------- d-----w- c:\users\Gäst\AppData\Local\temp

2011-03-28 16:58 . 2011-03-28 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-28 09:12 . 2011-03-28 09:12 -------- d-----w- c:\users\Else\AppData\Roaming\Malwarebytes

2011-03-28 09:12 . 2011-03-28 09:12 -------- d-----w- c:\programdata\Malwarebytes

2011-03-28 09:12 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 09:11 . 2011-03-28 09:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-28 09:11 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-25 09:20 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52FC0277-EA4B-4748-854C-3F16B6BB01BC}\mpengine.dll

2011-03-23 22:13 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-23 22:13 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-23 22:13 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 18:08 . 2011-03-28 09:30 -------- d-----r- c:\users\Else\Dropbox

2011-03-09 18:01 . 2011-03-28 09:30 -------- d-----w- c:\users\Else\AppData\Roaming\Dropbox

2011-03-09 08:06 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 08:06 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 08:06 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 08:06 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 08:06 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 08:06 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-02-27 16:51 . 2011-02-27 16:51 -------- d-----w- c:\users\Else\AppData\Local\Microsoft_Corporation

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-09 17:50 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-02 17:11 . 2009-10-03 10:52 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:37 . 2011-02-10 09:02 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-10 09:02 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-10 09:02 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-10 09:02 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-10 09:02 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:08 . 2011-02-10 09:02 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:07 . 2011-02-10 09:02 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-10 09:02 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-10 09:02 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-10 09:02 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-10 09:02 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-10 09:02 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 16:04 . 2011-02-10 09:02 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 14:28 . 2011-02-10 09:02 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-10 09:02 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-10 09:02 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-10 09:02 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-10 09:02 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-10 09:02 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-10 09:02 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-10 09:02 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14 . 2011-02-10 09:02 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12 . 2011-02-10 09:02 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-10 09:02 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-10 09:02 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-08 08:47 . 2011-02-10 09:01 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28 . 2011-02-10 09:01 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57 . 2011-02-10 09:02 2039808 ----a-w- c:\windows\system32\win32k.sys

2009-04-24 14:11 . 2009-04-24 14:11 9812992 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Else\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Else\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Else\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 435768]

"Google Update"="c:\users\Else\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-11 135664]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

c:\users\Else\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Else\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-27 23361424]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innehållet i mappen 'Schemalagda aktiviteter':

.

2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 15:34]

.

2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 15:34]

.

2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3534465507-960385233-3212640933-1000Core.job

- c:\users\Else\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 14:52]

.

2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3534465507-960385233-3212640933-1000UA.job

- c:\users\Else\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 14:52]

.

2011-03-28 c:\windows\Tasks\User_Feed_Synchronization-{79DF92FB-A2A2-4B0B-B27A-832D6BA63CEE}.job

- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]

.

.

------- Extra genomsökning -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-28 18:58

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????E/=^?&??X?U???U???U???U?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Sluttid: 2011-03-28 19:03:16

ComboFix-quarantined-files.txt 2011-03-28 17:03

ComboFix2.txt 2011-03-27 15:29

ComboFix3.txt 2011-03-25 18:13

.

Före genomsökningen: 4 220 760 064 byte ledigt

Efter genomsökningen: 4 125 851 648 byte ledigt

.

- - End Of File - - B05F1D5D88820C63CB786E6610677B69

post-122857-0-10535800-1301332452_thumb.jpg

Link to comment
Share on other sites

hur blir man infekterad av viruset "Windows recovery". klickar man på någon reklam eller kommer det bara automatiskt

 

Jag fick det utan att trycka någonstans! Satt två meter från datorn... :(

Link to comment
Share on other sites

Om du i ditt sökresultat högerklickar på en av de två raderna och väljer Egenskaper så kommer ett nytt fönster upp. Skriv av här vilken plats som anges för filen. Gör samma sak med den andra filen.

 

ComboFix-loggen ser bra ut så klistra in nya DDS-loggar, tack.

Link to comment
Share on other sites

Jag fick det utan att trycka någonstans! Satt två meter från datorn... :(

Förutsättningen är att man har något känt säkerhetshål i Windows eller i något program som en webbsida kan få att starta. I denna dator fanns det åtminstone gamla Java-versioner med flera kända säkerhetshål.

 

oj da. men har du något antivirus eller
Antivirusprogram är inte särskilt bra på dessa falska program utan man behöver oftast ett antimalware-program.
Link to comment
Share on other sites

jag har just nu Kaspersky internet security och Malwarebytes. är jag säker eller

 

i min skoldata har jag F-secure 2009 workstation (dom vägrar att uppgradera) utan malwarebytes är det säkert eller

Link to comment
Share on other sites

DDS-loggen:

 

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Else at 10:25:41,86 on 2011-03-29

Internet Explorer: 8.0.6001.19019

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1015.379 [GMT 2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\ATK Hotkey\ASLDRSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Apple Software Update\SoftwareUpdate.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Else\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [Google Update] "c:\users\else\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup

mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\else\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\else\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://adfarm.mediaplex.com/ad/ck/7206-44921-9400-2

IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-21 21504]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-3-5 476416]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-3 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-28 38224]

.

=============== Created Last 30 ================

.

2011-03-29 08:12:09 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8a3345b6-0d64-4c24-8d4b-0776de7a80da}\mpengine.dll

2011-03-28 17:03:25 -------- d-sh--w- C:\$RECYCLE.BIN

2011-03-28 17:03:19 -------- d-----w- c:\users\else\appdata\local\temp

2011-03-28 16:44:38 -------- d-----w- C:\ComboFix

2011-03-28 09:12:16 -------- d-----w- c:\users\else\appdata\roaming\Malwarebytes

2011-03-28 09:12:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 09:12:00 -------- d-----w- c:\progra~2\Malwarebytes

2011-03-28 09:11:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-28 09:11:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-25 17:54:37 98816 ----a-w- c:\windows\sed.exe

2011-03-25 17:54:37 89088 ----a-w- c:\windows\MBR.exe

2011-03-25 17:54:37 256512 ----a-w- c:\windows\PEV.exe

2011-03-25 17:54:37 161792 ----a-w- c:\windows\SWREG.exe

2011-03-23 22:13:52 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-23 22:13:51 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-23 22:13:51 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-09 18:08:35 -------- d-----r- c:\users\else\Dropbox

2011-03-09 18:01:03 -------- d-----w- c:\users\else\appdata\roaming\Dropbox

2011-03-09 08:06:26 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 08:06:26 322560 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 08:06:25 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 08:06:25 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 08:06:22 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-03-09 08:06:22 2067968 ----a-w- c:\windows\system32\mstscax.dll

2011-02-27 16:51:37 -------- d-----w- c:\users\else\appdata\local\Microsoft_Corporation

.

==================== Find3M ====================

.

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys

2009-04-24 14:11:32 9812992 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe

.

============= FINISH: 10:26:50,05 ===============

Link to comment
Share on other sites

Skulle precis sätta datorn i vänteläge, så ser jag att den vill att jag ska stänga av den så att den kan installera uppdateringar. Ska jag låta den göra det? Jga har ingen aning om vilka uppdateringar det är...

Link to comment
Share on other sites

Det står:C:\ProgramData\38788872.exe 1

 

Men om jag trycker på "säkerhet" kommer detta meddelandet upp:

Själva filen finns tydligen inte kvar utan det som hittas är en genväg. Vad står det för mapp på fliken Allmänt?

Hur är det med det andra sökresultatet?

Link to comment
Share on other sites

Skulle precis sätta datorn i vänteläge, så ser jag att den vill att jag ska stänga av den så att den kan installera uppdateringar. Ska jag låta den göra det? Jga har ingen aning om vilka uppdateringar det är...

Det vore bra om det gick att vänta med uppdateringar tills vi är klara med datorn.

Link to comment
Share on other sites

Flytta ComboFix från mappen c:\users\Else\Downloads till skrivbordet så att nedanstående går att göra.

 

Kopiera alla rader i rutan:

Killall::
DDS::
mURLSearchHooks: H - No File
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://adfarm.mediap...06-44921-9400-2
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Installera Avast (se inlägg 7 för länk) och låt programmet skanna igenom datorn. Klistra in loggen/resultatet från skanningen.

Link to comment
Share on other sites

Själva filen finns tydligen inte kvar utan det som hittas är en genväg. Vad står det för mapp på fliken Allmänt?

Hur är det med det andra sökresultatet?

 

Om jag trycker på Allmänt kommer samma meddelande upp. Samma sak gäller den andra filen.

Link to comment
Share on other sites

Körde ComboFix nu och fick loggen nedan. Men nu kan jag inte öppna några program på datorn. Kommer upp ett meddelande där det står:

"C:\Users\else\Appdata\Local\google\chrome\application\chrome.exe

Ett försök gjordes att utföra en icke tillåten åtgärd på en registernyckel som markerats för borttagning." (beroedne på vilket program jag behöver öppna)

Så nu sitter jag på en annan dator

 

 

 

ComboFix 11-03-24.06 - Else 2011-03-29 11:11:59.4.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1015.393 [GMT 2:00]

Körs från: c:\users\Else\Desktop\ComboFix.exe

Använda kommandoväxlar :: c:\users\Else\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

PEV Error: ProfilesFile

.

(((((((((((((((((((((((( Filer Skapade från 2011-02-28 till 2011-03-29 ))))))))))))))))))))))))))))))

.

.

2011-03-29 09:20 . 2011-03-29 09:23 -------- d-----w- c:\users\Else\AppData\Local\temp

2011-03-29 09:20 . 2011-03-29 09:20 -------- d-----w- c:\users\Gäst\AppData\Local\temp

2011-03-29 09:20 . 2011-03-29 09:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-29 08:12 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A3345B6-0D64-4C24-8D4B-0776DE7A80DA}\mpengine.dll

2011-03-28 09:12 . 2011-03-28 09:12 -------- d-----w- c:\users\Else\AppData\Roaming\Malwarebytes

2011-03-28 09:12 . 2011-03-28 09:12 -------- d-----w- c:\programdata\Malwarebytes

2011-03-28 09:12 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 09:11 . 2011-03-28 09:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-28 09:11 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-23 22:13 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-23 22:13 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-23 22:13 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 18:08 . 2011-03-28 09:30 -------- d-----r- c:\users\Else\Dropbox

2011-03-09 18:01 . 2011-03-28 09:30 -------- d-----w- c:\users\Else\AppData\Roaming\Dropbox

2011-03-09 08:06 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 08:06 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 08:06 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 08:06 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 08:06 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 08:06 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-02-27 16:51 . 2011-02-27 16:51 -------- d-----w- c:\users\Else\AppData\Local\Microsoft_Corporation

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-09 17:50 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-02 17:11 . 2009-10-03 10:52 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:37 . 2011-02-10 09:02 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-10 09:02 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-10 09:02 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-10 09:02 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-10 09:02 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:08 . 2011-02-10 09:02 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:07 . 2011-02-10 09:02 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-10 09:02 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-10 09:02 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-10 09:02 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-10 09:02 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-10 09:02 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 16:04 . 2011-02-10 09:02 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 14:28 . 2011-02-10 09:02 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-10 09:02 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-10 09:02 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-10 09:02 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-10 09:02 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-10 09:02 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-10 09:02 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-10 09:02 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14 . 2011-02-10 09:02 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12 . 2011-02-10 09:02 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-10 09:02 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-10 09:02 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-08 08:47 . 2011-02-10 09:01 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28 . 2011-02-10 09:01 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57 . 2011-02-10 09:02 2039808 ----a-w- c:\windows\system32\win32k.sys

2009-04-24 14:11 . 2009-04-24 14:11 9812992 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Else\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Else\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Else\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 435768]

"Google Update"="c:\users\Else\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-11 135664]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

c:\users\Else\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Else\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-27 23361424]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innehållet i mappen 'Schemalagda aktiviteter':

.

2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 15:34]

.

2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 15:34]

.

2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3534465507-960385233-3212640933-1000Core.job

- c:\users\Else\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 14:52]

.

2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3534465507-960385233-3212640933-1000UA.job

- c:\users\Else\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 14:52]

.

2011-03-28 c:\windows\Tasks\User_Feed_Synchronization-{79DF92FB-A2A2-4B0B-B27A-832D6BA63CEE}.job

- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]

.

.

------- Extra genomsökning -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????E/=^?&??X?U???U???U???U?

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'Explorer.exe'(3972)

c:\users\Else\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program files\ATK Hotkey\ASLDRSrv.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\ATK Hotkey\Hcontrol.exe

c:\windows\system32\conime.exe

c:\windows\system32\wbem\unsecapp.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Sluttid: 2011-03-29 11:29:13 - datorn startades om.

ComboFix-quarantined-files.txt 2011-03-29 09:29

ComboFix2.txt 2011-03-28 17:03

ComboFix3.txt 2011-03-27 15:29

ComboFix4.txt 2011-03-25 18:13

.

Före genomsökningen: 4 007 768 064 byte ledigt

Efter genomsökningen: 3 867 750 400 byte ledigt

.

- - End Of File - - CCEE3C2C2879363B64F149C2F0B1CCEB

Link to comment
Share on other sites

Om jag trycker på Allmänt kommer samma meddelande upp. Samma sak gäller den andra filen.

Då är det ju i alla fall ofarligt eftersom det bara är genvägar till en fil som inte längre finns.

Link to comment
Share on other sites

Har du prövat om det går bättre att starta program efter ytterligare en omstart av datorn?

 

Om det inte hjälper kan du pröva med en systemåterställning till den tidpunkt som skapades närmast innan ComboFix-körningen:

Start - Program - Tillbehör - Systemverktyg

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...