lockdog Skrevet 3. mai 2009 Del Skrevet 3. mai 2009 Hei Problemet på pc'n er at den fryser i det man taster passord for å logge på. Sikkermodus fungerer fint. Tror hu har pådratt seg et msn-virus også. Har i hvertfall sendt meg noe slike meldinger. MBAM-logg: Malwarebytes' Anti-Malware 1.36 Databaseversjon: 1945 Windows 6.0.6001 Service Pack 1 03.05.2009 16:58:39 mbam-log-2009-05-03 (16-58-39).txt Skanntype: Full Skann (C:\|) Objekter skannet: 184124 Tid tilbakelagt: 26 minute(s), 32 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 11 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 5 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully. C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully. Combofix-logg: ComboFix 09-05-02.4 - Kaja 03.05.2009 17:37.1 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3070.2594 [GMT 2:00] Kjører fra: c:\users\Kaja\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1229 [VPS 081202-0] *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Kaja\AppData\Roaming\.# . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-03 til 2009-05-03 ))))))))))))))))))))))))))))))))) . 2009-05-03 15:11 . 2009-05-03 15:11 -------- d-sh--w C:\found.000 2009-05-03 14:27 . 2009-05-03 14:27 -------- d-----w c:\users\Kaja\AppData\Roaming\Malwarebytes 2009-05-03 14:27 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-03 14:27 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-03 14:27 . 2009-05-03 14:27 -------- d-----w c:\progra~2\Malwarebytes 2009-05-03 14:27 . 2009-05-03 14:27 -------- d-----w c:\users\All Users\Malwarebytes 2009-05-03 14:27 . 2009-05-03 14:27 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-21 18:25 . 2009-04-21 18:25 -------- d-----w c:\windows\system32\IOSUBSYS 2009-04-12 18:30 . 2009-05-01 15:21 12 ----a-w c:\windows\bthservsdp.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-03 15:32 . 2008-01-21 06:14 75894 ----a-w c:\windows\system32\perfc014.dat 2009-05-03 15:32 . 2008-01-21 06:14 451340 ----a-w c:\windows\system32\perfh014.dat 2009-05-03 15:14 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-02 16:26 . 2008-08-29 15:39 27744 ----a-w c:\users\All Users\nvModes.dat 2009-05-02 16:26 . 2008-08-29 15:39 27744 ----a-w c:\progra~2\nvModes.dat 2009-04-21 18:25 . 2008-08-31 18:53 -------- d-----w c:\program files\Google 2009-04-20 19:42 . 2009-02-13 20:42 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job 2009-04-17 10:40 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-03-28 21:35 . 2009-03-28 21:34 -------- d-----w c:\program files\iTunes 2009-03-28 21:34 . 2009-03-28 21:34 -------- d-----w c:\program files\iPod 2009-03-28 21:34 . 2008-11-05 21:43 -------- d-----w c:\program files\Common Files\Apple 2009-03-28 21:33 . 2008-12-06 15:49 -------- d-----w c:\program files\QuickTime 2009-03-28 21:30 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-03-28 21:30 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-03-28 21:30 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat 2009-03-23 20:42 . 2009-02-13 21:11 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-23 20:42 . 2009-03-23 20:43 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-03-21 18:26 . 2008-08-29 19:03 -------- d-----w c:\program files\Windows Live 2009-03-21 18:25 . 2009-03-21 18:25 -------- d-----w c:\program files\Microsoft 2009-03-21 18:25 . 2009-03-21 18:25 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-21 18:20 . 2009-03-21 18:20 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-17 03:38 . 2009-04-16 11:50 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:38 . 2009-04-16 11:50 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 11:50 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-03 04:46 . 2009-04-16 11:50 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-16 11:50 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-16 11:50 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-03 04:39 . 2009-04-16 11:50 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-16 11:50 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-16 11:50 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-16 11:50 78336 ----a-w c:\windows\system32\ieencode.dll 2009-03-03 04:37 . 2009-04-16 11:50 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-16 11:50 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-16 11:50 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-16 11:50 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-16 11:50 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-03 02:28 . 2009-04-16 11:50 26624 ----a-w c:\windows\system32\ieUnatt.exe 2009-02-13 08:49 . 2009-04-16 11:50 72704 ----a-w c:\windows\system32\secur32.dll 2009-02-13 08:49 . 2009-04-16 11:50 1255936 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 03:10 . 2009-03-10 19:52 2033152 ----a-w c:\windows\system32\win32k.sys 2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-05 21:06 . 2008-10-12 16:00 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885400] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-23 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-23 92704] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-08-29 3659264] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2008-01-30 104712] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-23 515416] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-11 5296128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-04-06 1277584] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-8-29 1216512] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2008-08-29 15:43 3024896 ----a-w c:\program files\Acer\Acer Bio Protection\WinNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Acer\Acer Bio Protection\PwdFilter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3F8FC558-C273-4496-8037-5F167DD1BBFA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{53D0E573-E4C7-4CE9-A59B-975D8683C546}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4044E06A-FEC8-4293-9F4B-1E18733DBE0B}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{AFFBA766-8750-423D-B688-8B75DE5AE238}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{67C85612-9B16-40A3-A873-0AE6C7FC702D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{15EA37F3-4435-44E7-A6B6-C6006BC1FADE}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{DAF62DB6-B2D1-4AA9-8492-CF1473E662DC}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{1604EFC1-72BA-4EE5-A83E-F1539A7CBE4A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{8008B26F-C9C6-4819-89ED-B1F8D937F9CE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{D1865EAC-2C90-4AC9-AD55-83843C097857}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{3205520C-D709-4ED7-834D-96A30811C7E0}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM "{2F9A1B19-EB3A-4A14-A851-0646621A6A6A}"= UDP:c:\program files\DNA\btdna.exe:DNA "{2B9D7CC2-7241-4E21-93A5-19B41A934F2C}"= TCP:c:\program files\DNA\btdna.exe:DNA "TCP Query User{D956837D-3844-4ADD-8E6B-3043AD3BA322}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent "UDP Query User{11B3735D-D30F-48BD-9E7A-3E29844C4344}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent "{35EB7ABF-802A-4612-BF8A-3DB63F0FD247}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire "{A9AC1577-A099-486C-A653-BF380B0E578B}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire "{D3B7807A-8E77-4526-8963-D41C757BAC42}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{77C3488C-164D-4E42-997D-B7EE833F969C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{B7E04116-D053-4D37-826D-70EC70252F84}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "UDP Query User{A8774DC7-48D1-4C9A-826C-A867E683A712}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "TCP Query User{B86B16E9-FD19-4458-938F-555A756C4796}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{B707100B-D5E1-4FF5-A4FB-3D87A342001E}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire "{EBB5673E-74B0-43DA-8AE8-19C6BA8E9E2F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{1A7BE947-46E0-47D3-8880-3CC3D1A6DC66}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{1DA15F82-81B1-409C-80E0-A76D1A36C8F9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{146B3DA1-2EA0-4E72-A0E3-0599C8884072}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{63AFE31A-52BE-43FD-A604-2D788F546DB1}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify "UDP Query User{08F22C31-636A-484B-AA35-07CFB0294298}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify "{C0609D76-EF47-46BC-87F9-F45DEEB38B55}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{04A5C473-F9EA-48D7-AE39-BC27BF46F114}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{4CD08CCA-313B-4D3A-A0ED-12E64BA1A461}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{1CFF58D9-A099-43E9-A6CC-7A56B8A879D8}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 aswSP;avast! Self Protection; [x] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-08-29 3474432] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472] R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-22 599344] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [2008-03-11 48128] R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\DRIVERS\tap0901.sys [2008-01-30 25216] R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-22 40752] S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-08-29 43184] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-23 64160] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-23 951632] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-eRecoveryService - (no file) HKLM-RunOnce-<NO NAME> - (no file) . ------- Tilleggsskanning ------- . uStart Page = hxxp://no.intl.acer.yahoo.com mStart Page = hxxp://no.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: skandiabanken.no FF - ProfilePath - c:\users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\7brw0n2p.default\ FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\7brw0n2p.default\extensions\[email protected]\plugins\npRACtrl.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-03 17:42 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(456) c:\program files\Acer\Acer Bio Protection\PwdFilter.dll - - - - - - - > 'Explorer.exe'(1272) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Tidspunkt ferdig: 2009-05-03 17:45 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-05-03 15:45 Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Post-Run: 79 605 604 352 byte ledig 253 --- E O F --- 2009-04-30 12:13 Lenke til kommentar
snippsat Skrevet 4. mai 2009 Del Skrevet 4. mai 2009 (endret) Ser bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Surf trygt. Endret 4. mai 2009 av SNIPPSAT Lenke til kommentar
lockdog Skrevet 4. mai 2009 Forfatter Del Skrevet 4. mai 2009 (endret) Vel, pc'n fryser i det man skal skrive inn påloggingspassord, så frisk er den hvertfall ikke. Men da tyder det ikke på at det er noe virus som har skylda? Mulig det er noen korrupte filer eller noe slikt. Endret 4. mai 2009 av lockdog Lenke til kommentar
snippsat Skrevet 4. mai 2009 Del Skrevet 4. mai 2009 Prøv og rydde litt. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Auslogics Disk Defrag(gratis) http://www.auslogics.com/en/software/disk-defrag Du kan sjekke om det samme skjer i sikkerhetmodus. Boot trykk F8 flere ganger,velg sikkerhetmodus. For og sjekke systemfiler. Klikk Start > Kjør > skriv: sfc /scannow Husk at det skal være mellomrom etter sfc I forbindelse med denne reparasjon kan du bli møtt med en beskjed om, at du skal sette din Windows XP CD Lenke til kommentar
lockdog Skrevet 4. mai 2009 Forfatter Del Skrevet 4. mai 2009 Hehe, har kjør alt fra sikkermodus, da jeg ikke får logget på normalt. Skal teste de programmene og se om jeg kommer noe videre av det. Lenke til kommentar
snippsat Skrevet 4. mai 2009 Del Skrevet 4. mai 2009 (endret) Lag en ny bruker i sikkerhetmodus(kontrollpanel->brukerkontoer) Logg deg på den se om det samme skjer. Lenge siden dette skjedde? Sette den tilbake er en mulighet. Endret 4. mai 2009 av SNIPPSAT Lenke til kommentar
lockdog Skrevet 4. mai 2009 Forfatter Del Skrevet 4. mai 2009 SFC fant en feil på noen filer, men var ikke i stand til å reparere disse. Kan legge ut en kopi av loggen, men den var utrolig stor. (38MB .txt fil) Laget en ny bruker i sikkermodus, men ser ikke ut til at jeg får logget på med denne heller Utdrag fra loggen: POQ 73 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\b6c70d3bd0ccc901262000005005f004._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\b6c70d3bd0ccc901272000005005f004.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\1629103bd0ccc901282000005005f004.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms" 3: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\d6eb143bd0ccc901292000005005f004.$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms" 4: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\364d173bd0ccc9012a2000005005f004.$$_inf_ugthrsvc_0414_8451c272df70bf9e.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_0414_8451c272df70bf9e.cdf-ms" 5: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\364d173bd0ccc9012b2000005005f004.$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms" 6: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\96ae193bd0ccc9012c2000005005f004.$$_inf_ugatherer_0414_046b59a3f9ca338d.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_0414_046b59a3f9ca338d.cdf-ms" 7: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\f60f1c3bd0ccc9012d2000005005f004.$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms" 8: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenam 2009-05-04 17:51:48, Info CSI es\56711e3bd0ccc9012e2000005005f004.$$_inf_wsearchidxpi_0414_2e6e3e8eaf9fcb5f.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_0414_2e6e3e8eaf9fcb5f.cdf-ms" 9: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\1697ce3bd0ccc9012f2000005005f004.$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms" 10: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\d659d33bd0ccc901302000005005f004.$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms" 11: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\961cd83bd0ccc901312000005005f004.$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms" 12: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{ba3dd3dd-27e8-3b8c-feb3-aa882aa02408}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c006d007300 3007200630068002e0064006c006c002c004d00530053007200630068005f00530079007300500072006500700 5f0043006c00650061006e00750070000000} POQ 73 ends. 2009-05-04 17:51:48, Info CSI 0000018b [sR] Verify complete 2009-05-04 17:51:49, Info CSI 0000018c [sR] Verifying 74 (0x0000004a) components 2009-05-04 17:51:49, Info CSI 0000018d [sR] Beginning Verify and Repair transaction 2009-05-04 17:51:52, Info CSI 0000018e Repair results created: POQ 74 starts: POQ 74 ends. 2009-05-04 17:51:52, Info CSI 0000018f [sR] Verify complete 2009-05-04 17:51:52, Info CSI 00000190 [sR] Repairing 1 components 2009-05-04 17:51:52, Info CSI 00000191 [sR] Beginning Verify and Repair transaction 2009-05-04 17:51:52, Info CSI 00000192 Hashes for file member \SystemRoot\WinSxS\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_cedcabbd26a81ad6\settings.ini do not match actual file [l:24{12}]"settings.ini" : Found: {l:32 b:ceS/bmgz5Fkqs00J27mkzYn/b2SuD9mJsx/R1y3hPqA=} Expected: {l:32 b:v6OQf2AJO5FVbRBJuIwXxkdkCoOaSk3y0ol6uTH491o=} 2009-05-04 17:51:52, Info CSI 00000193 [sR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2009-05-04 17:51:52, Info CSI 00000194 Hashes for file member \SystemRoot\WinSxS\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_cedcabbd26a81ad6\settings.ini do not match actual file [l:24{12}]"settings.ini" : Found: {l:32 b:ceS/bmgz5Fkqs00J27mkzYn/b2SuD9mJsx/R1y3hPqA=} Expected: {l:32 b:v6OQf2AJO5FVbRBJuIwXxkdkCoOaSk3y0ol6uTH491o=} 2009-05-04 17:51:52, Info CSI 00000195 [sR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2009-05-04 17:51:52, Info CSI 00000196 [sR] This component was referenced by [l:158{79}]"Package_20_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-33_neutral_GDR" 2009-05-04 17:51:52, Info CSI 00000197 Hashes for file member \??\C:\Program Files\Windows Sidebar\settings.ini do not match actual file [l:24{12}]"settings.ini" : Found: {l:32 b:ceS/bmgz5Fkqs00J27mkzYn/b2SuD9mJsx/R1y3hPqA=} Expected: {l:32 b:v6OQf2AJO5FVbRBJuIwXxkdkCoOaSk3y0ol6uTH491o=} 2009-05-04 17:51:52, Info CSI 00000198 Hashes for file member \SystemRoot\WinSxS\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_cedcabbd26a81ad6\settings.ini do not match actual file [l:24{12}]"settings.ini" : Found: {l:32 b:ceS/bmgz5Fkqs00J27mkzYn/b2SuD9mJsx/R1y3hPqA=} Expected: {l:32 b:v6OQf2AJO5FVbRBJuIwXxkdkCoOaSk3y0ol6uTH491o=} 2009-05-04 17:51:52, Info CSI 00000199 [sR] Could not reproject corrupted file [ml:520{260},l:72{36}]"\??\C:\Program Files\Windows Sidebar"\[l:24{12}]"settings.ini"; source file in store is also corrupted 2009-05-04 17:51:52, Info CSI 0000019a Repair results created: POQ 75 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\766e583ed0ccc9017c2000005005f004._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\96925f3ed0ccc9017d2000005005f004.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms" 2: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\f6f3613ed0ccc9017e2000005005f004.program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms" 3: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\5655643ed0ccc9017f2000005005f004.program_files_windows_sidebar_gadgets_265d2ddf4d58a7 3.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_265d2ddf4d58a723.cdf-ms" POQ 75 ends. 2009-05-04 17:51:52, Info CSI 0000019b [sR] Repair complete 2009-05-04 17:51:52, Info CSI 0000019c [sR] Committing transaction 2009-05-04 17:51:52, Info CSI 0000019d Creating NT transaction (seq 1), objectname [6]"(null)" 2009-05-04 17:51:52, Info CSI 0000019e Created NT transaction (seq 1) result 0x00000000, handle @0x16c0 2009-05-04 17:51:53, Info CSI 0000019f@2009/5/4:15:51:53.04 CSI perf trace: CSIPERF:TXCOMMIT;38275 2009-05-04 17:51:53, Info CSI 000001a0 [sR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå