rymdgris Skrevet 18. desember 2009 Del Skrevet 18. desember 2009 (endret) Hei. Jeg fikk noen merkelige beskjeder på maskinen igår om diverse trojanere og ormer som jeg valgte å fjerne (trodde jeg) men noe har tydeligvis lagt seg på maskinen som ikke lar seg fjerne fordi når jeg sjekker oppstartselementer så starter en viss yiialon.exe og teacoa.exe ved boot, noe jeg har prøvd å fjerne men det går ikke. Det står at .exe filene ligger under C:\Users\rymdgris\yiialon.exe (og samme for teacoa.exe) men jeg ser ikke "rymdgris" under "Users" lenger. Har kjørt Norman og SuperaAntiSpyware uten at de fant noe. Ser også at prosessoren kjører på full guffe med yiialon.exe. Noen idéer noen? EDIT: MBAM logg (Combofix er ikke tilgjenglig for nedlasting for øyeblikket tydeligvis) Malwarebytes' Anti-Malware 1.42Databaseversjon: 3383 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 19.12.2009 11:08:42 mbam-log-2009-12-19 (11-08-42).txt Skanntype: Rask Skann Objekter skannet: 90259 Tid tilbakelagt: 2 minute(s), 25 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 1 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 3 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msxmlsys50 (Adware.Agent.N) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Users\rymdgris\AppData\Local\Temp\ABA9.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\rymdgris\AppData\Local\Temp\F0D7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\rymdgris\AppData\Local\msxmlsys50\msxmlsys50.dll (Adware.Agent.N) -> Delete on reboot. EDIT 2: Her er et skjermbilde jeg fikk opp nå, samma som igår, mente å huske det var på norsk, men her burde tydeligvis alarmen gått siden det var på engelsk og jeg har norsk Windows 7... Endret 18. desember 2009 av rymdgris Lenke til kommentar
rymdgris Skrevet 18. desember 2009 Forfatter Del Skrevet 18. desember 2009 Post en RSIT-logg Prøvde. Den kommer til et visst punkt og så får jeg denne meldinga: Lenke til kommentar
norbat Skrevet 18. desember 2009 Del Skrevet 18. desember 2009 Da får vi bruke dds Lenke til kommentar
rymdgris Skrevet 18. desember 2009 Forfatter Del Skrevet 18. desember 2009 (endret) Her er DDS loggen: DDS (Ver_09-12-01.01) Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12.12.2009 21:50:41 System Uptime: 19.12.2009 18:52:25 (1 hours ago) Motherboard: ASUSTeK Computer INC. | | P6T SE Processor: Intel® Core i7 CPU 920 @ 2.67GHz | LGA1366 | 1574/160mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 932 GiB total, 210,279 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: ATI High Definition Audio Device Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&2A570A9&0&0001 Manufacturer: ATI Technologies Inc. Name: ATI High Definition Audio Device PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&2A570A9&0&0001 Service: AtiHdmiService Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: Realtek High Definition Audio Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_104383C0&REV_1001\4&5E4D696&0&0001 Manufacturer: Realtek Name: Realtek High Definition Audio PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_104383C0&REV_1001\4&5E4D696&0&0001 Service: IntcAzAudAddService ==== System Restore Points =================== RP67: 19.12.2009 01:14:31 - Windows Update RP69: 19.12.2009 01:38:39 - Windows Defender Checkpoint ==== Installed Programs ====================== Ad-Aware Adobe Flash Player 10 Plugin Adobe Reader 9.2 - Norsk AI Suite Apple Application Support Apple Software Update ASUSUpdate AviSynth 2.5 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CDBurnerXP Combined Community Codec Pack 2009-09-09 DVD Shrink 3.2 EPU-6 Engine Express Gate FileZilla Client 3.3.0.1 HijackThis 2.0.2 HydraVision Java 6 Update 10 JMicron JMB36X Driver MakeMKV v1.4.9_beta Malwarebytes' Anti-Malware Microsoft Choice Guard Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows Media Video 9 VCM MozBackup 1.4.10 Mozilla Firefox (3.5.6) Mozilla Thunderbird (3.0) MSVCRT Opera 10.10 Opplastingsverktøy for Windows Live PC Probe II Påloggingsassistent for Windows Live QuickTime Realtek 8136 8168 8169 Ethernet Driver Realtek High Definition Audio Driver Spotify SUPERAntiSpyware Free Edition TextPad 5 TurboV VLC media player 1.0.3 Winamp Windows Live Communications Platform Windows Live Essentials Windows Live Messenger ==== End Of File =========================== Har funnet ut at om jeg avbryter noen prosesser i oppgavebehandling så kutter den skjermen ut som jeg la ved bilde av i første post, men om jeg går inn på msconfig og prøver å stoppe disse .exe filene som ligger under C:\Users\rymdgris (som fortsatt er borte fra C: i utforsker) så kommer de bare tilbake ved neste boot med annet navn og spiser på prosessoren så den kjører på full guffe... EDIT: Her er bilde av hvilke filer som har lagt seg under brukernavnet mitt. Alt som ikke er mapper er filer som jeg mistenker har kommet dit etter at jeg pakka opp en 7zip fil som inneholdt mp3 filer og en mappe som het Screensaver. Denne sletta jeg, men ellers er maskina bare noen dager gammel så jeg har ikke fått rota til med noe annet ennå. Har kun vært inne på samme nettsider som vanlig og installert kjente og kjære programmer. Eneste jeg kan komme på er som sagt den 7zip fila med mp3'er og Screensaver mappa. Endret 18. desember 2009 av rymdgris Lenke til kommentar
norbat Skrevet 18. desember 2009 Del Skrevet 18. desember 2009 DDS laget også en annen logg. Kunne du ha posten den? Lenke til kommentar
rymdgris Skrevet 18. desember 2009 Forfatter Del Skrevet 18. desember 2009 (endret) DDS laget også en annen logg. Kunne du ha posten den? Voila: DDS (Ver_09-12-01.01) - NTFSX64 Run by rymdgris at 19:39:45,09 on 19.12.2009 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_10 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.6135.4770 [GMT 1:00] SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Norman\Npm\Bin\elogsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\ASUS.SYS\config\DVMExportService.exe C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Norman\Npm\Bin\scheduler.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Program Files\Norman\Nse\Bin\NSESVC.EXE C:\Program Files\Norman\Nvc\Bin\nvcoas.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\M-AudioTaskBarIcon.exe \teacoa.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\rymdgris\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ClueIEAddin: {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - c:\clue\adxloader.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll uRun: [teacoa] c:\users\rymdgris\teacoa.exe uRun: [diina] c:\users\rymdgris\diina.exe uRun: [qdcej] c:\users\rymdgris\qdcej.exe uRun: [wysoh] c:\users\rymdgris\wysoh.exe mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL mRun-x64: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe ================= FIREFOX =================== FF - ProfilePath - c:\users\rymdgris\appdata\roaming\mozilla\firefox\profiles\ndjhmvxx.default\ FF - prefs.js: browser.search.selectedEngine - Telefonkatalogen FF - prefs.js: browser.startup.homepage - www.google.no FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-16 69152] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-19 202752] R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-12-12 90112] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x64.sys [2009-12-16 19432] R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-2-18 294912] R2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\Zanda.exe [2009-10-6 386440] R2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2009-12-12 107848] R3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\Nsesvc.exe [2009-12-12 283976] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcv64mf.sys [2009-12-12 25488] R3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\Nvcoas.exe [2009-12-12 202056] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-11-17 294400] R3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2009-12-12 179664] S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-11-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-11-23 74480] S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2009-11-9 187912] S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-11-23 7408] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-12-2 1184912] =============== Created Last 30 ================ 2009-12-19 17:54:18 188928 ----a-w- c:\users\rymdgris\MBLMgX.exe 2009-12-19 17:54:16 18432 ----a-w- c:\users\rymdgris\IPYAkD.exe 2009-12-19 17:54:13 81920 --sh--r- c:\users\rymdgris\wysoh.exe 2009-12-19 17:54:10 544768 ----a-w- c:\users\rymdgris\iexplore.exe 2009-12-19 15:02:43 0 d-----w- c:\program files (x86)\trend micro 2009-12-19 14:45:21 0 d-----w- c:\program files (x86)\MozBackup 2009-12-19 14:43:43 276 ----a-w- c:\users\rymdgris\HfGAtp.bat 2009-12-19 14:41:41 188928 ----a-w- c:\users\rymdgris\UIAUaS.exe 2009-12-19 14:41:36 81920 --sh--r- c:\users\rymdgris\qdcej.exe 2009-12-19 14:30:50 276 ----a-w- c:\users\rymdgris\KNLXtc.bat 2009-12-19 14:28:48 188928 ----a-w- c:\users\rymdgris\GmMGCB.exe 2009-12-19 14:28:44 81920 --sh--r- c:\users\rymdgris\diina.exe 2009-12-19 10:14:15 276 ----a-w- c:\users\rymdgris\GWtQcK.bat 2009-12-19 10:12:04 81920 --sh--r- c:\users\rymdgris\dccuip.exe 2009-12-19 10:03:21 0 d-----w- c:\users\rymdgris\appdata\roaming\Malwarebytes 2009-12-19 10:03:16 22104 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-19 10:03:16 0 d-----w- c:\programdata\Malwarebytes 2009-12-19 10:03:16 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2009-12-19 00:38:12 81920 --sh--r- c:\users\rymdgris\yiialon.exe 2009-12-19 00:37:48 122880 --sh--r- c:\users\rymdgris\teacoa.exe 2009-12-17 20:07:44 0 d-----w- C:\Video 2009-12-17 15:46:47 724992 ----a-w- c:\windows\iun6002.exe 2009-12-17 08:22:21 0 d-----w- c:\programdata\ASUS OC Profiles 2009-12-16 22:46:49 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-12-16 22:45:33 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2009-12-16 22:45:13 0 d-----w- c:\programdata\Lavasoft 2009-12-16 22:45:13 0 d-----w- c:\program files (x86)\Lavasoft 2009-12-16 21:46:19 376 ----a-w- c:\windows\ODBC.INI 2009-12-16 18:38:18 19432 ----a-w- c:\windows\system32\drivers\cpuz132_x64.sys 2009-12-16 18:38:18 0 d-----w- c:\program files\CPUID 2009-12-16 17:14:41 401462 ----a-w- c:\windows\syswow64\temp.009 2009-12-16 16:33:51 401462 ----a-w- c:\windows\syswow64\temp.008 2009-12-16 03:37:48 401462 ----a-w- c:\windows\syswow64\temp.007 2009-12-16 03:13:57 401462 ----a-w- c:\windows\syswow64\temp.006 2009-12-16 03:04:11 401462 ----a-w- c:\windows\syswow64\temp.005 2009-12-16 02:54:04 401462 ----a-w- c:\windows\syswow64\temp.004 2009-12-16 01:35:57 995383 ----a-w- c:\windows\syswow64\temp.002 2009-12-16 01:35:57 77878 ----a-w- c:\windows\syswow64\temp.001 2009-12-16 01:35:57 278581 ----a-w- c:\windows\syswow64\temp.003 2009-12-16 01:35:56 401462 ----a-w- c:\windows\syswow64\temp.000 2009-12-16 01:28:50 0 d-----w- c:\program files (x86)\common files\Digidesign 2009-12-15 21:34:07 204288 ----a-w- c:\windows\syswow64\M-AudioTaskBarIcon.exe 2009-12-15 21:33:43 82944 ----a-w- c:\windows\syswow64\USBMN1X1.DLL 2009-12-15 21:33:43 424456 ----a-w- c:\windows\syswow64\MA_CMIDN.DLL 2009-12-15 21:33:42 0 d-----w- c:\program files (x86)\M-Audio 2009-12-15 08:51:32 540688 ----a-w- c:\windows\system32\d3dx10_39.dll 2009-12-15 08:51:32 467984 ----a-w- c:\windows\syswow64\d3dx10_39.dll 2009-12-15 08:51:32 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2009-12-15 08:51:32 1493528 ----a-w- c:\windows\syswow64\D3DCompiler_39.dll 2009-12-15 08:51:31 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll 2009-12-15 08:51:31 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll 2009-12-15 06:34:20 0 d-----w- c:\programdata\SUPERAntiSpyware.com 2009-12-15 06:34:13 0 d-----w- c:\users\rymdgris\appdata\roaming\SUPERAntiSpyware.com 2009-12-15 06:34:13 0 d-----w- c:\program files (x86)\SUPERAntiSpyware 2009-12-15 06:33:46 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard 2009-12-14 22:51:03 0 d-----w- c:\program files (x86)\URUSoft 2009-12-14 21:49:50 0 d-----w- c:\program files (x86)\MakeMKV 2009-12-14 13:18:49 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-12-14 13:18:49 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2009-12-14 13:18:49 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll 2009-12-14 13:18:42 0 d-----w- c:\programdata\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} 2009-12-14 13:18:42 0 d-----w- c:\program files\iTunes 2009-12-14 13:18:42 0 d-----w- c:\program files\iPod 2009-12-14 13:18:42 0 d-----w- c:\program files (x86)\iTunes 2009-12-14 13:18:02 0 d-----w- c:\programdata\Apple Computer 2009-12-14 13:17:43 0 d-----w- c:\program files\common files\Apple 2009-12-14 13:17:29 0 d-----w- c:\programdata\Apple 2009-12-14 12:53:37 0 d-----w- c:\program files\WMV9_VCM 2009-12-14 12:53:34 0 d-----w- c:\users\rymdgris\appdata\roaming\River Past G5 2009-12-14 12:04:53 0 d-----w- c:\programdata\DVD Shrink 2009-12-14 12:04:52 0 d-----w- c:\program files (x86)\DVD Shrink 2009-12-14 02:50:40 0 d-----w- c:\program files (x86)\CCleaner 2009-12-14 01:58:39 0 d-----w- c:\users\rymdgris\.dvdcss 2009-12-14 00:39:30 231936 ----a-w- c:\windows\syswow64\FusionReg.dll 2009-12-13 15:48:51 0 d-----w- c:\users\rymdgris\appdata\roaming\Spotify 2009-12-13 15:47:12 0 d-----w- c:\program files (x86)\Spotify 2009-12-13 08:55:02 0 d-----w- c:\users\rymdgris\Mine mottatte filer 2009-12-13 08:34:18 0 d-----w- c:\program files (x86)\VideoLAN 2009-12-13 02:49:35 0 d-----w- c:\users\rymdgris\appdata\roaming\Helios 2009-12-13 02:48:22 0 d-----w- c:\program files (x86)\TextPad 5 2009-12-13 02:42:19 834544 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-12-13 01:58:37 0 d-----w- c:\users\rymdgris\appdata\roaming\Canneverbe_Limited 2009-12-13 01:58:36 0 d-----w- c:\programdata\Canneverbe Limited 2009-12-13 01:42:01 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-12-13 01:33:11 0 d-----w- c:\program files (x86)\AviSynth 2.5 2009-12-13 01:30:55 410976 ----a-w- c:\windows\syswow64\deploytk.dll 2009-12-13 01:30:55 143360 ----a-w- c:\windows\syswow64\javaws.exe 2009-12-13 01:30:55 139264 ----a-w- c:\windows\syswow64\javaw.exe 2009-12-13 01:30:55 139264 ----a-w- c:\windows\syswow64\java.exe 2009-12-13 01:29:44 0 d-----w- c:\program files (x86)\PS3 Media Server 2009-12-13 01:29:05 0 d-----w- c:\program files (x86)\Combined Community Codec Pack 2009-12-13 01:23:55 0 d--h--w- c:\windows\msdownld.tmp 2009-12-13 01:23:43 0 d-----w- c:\windows\syswow64\directx 2009-12-13 01:19:41 0 d-----w- c:\program files\WinRAR 2009-12-13 01:06:43 0 d-----w- c:\users\rymdgris\Tracing 2009-12-13 01:05:59 0 d-----w- c:\program files (x86)\Microsoft 2009-12-13 01:05:39 0 d-----w- c:\program files (x86)\Windows Live SkyDrive 2009-12-13 01:04:56 0 d-----w- c:\windows\PCHEALTH 2009-12-13 01:02:45 0 d-----w- c:\program files (x86)\common files\Windows Live 2009-12-13 00:04:07 0 d-----w- c:\windows\syswow64\Macromed 2009-12-12 22:53:41 0 d-----w- c:\program files (x86)\common files\PX Storage Engine 2009-12-12 22:50:34 0 d-----w- c:\program files\M-Audio 2009-12-12 22:36:44 2048 ----a-w- c:\windows\syswow64\tzres.dll 2009-12-12 22:36:44 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-12 22:36:34 257024 ----a-w- c:\windows\syswow64\msv1_0.dll 2009-12-12 22:36:33 311808 ----a-w- c:\windows\system32\msv1_0.dll 2009-12-12 22:36:31 226688 ------w- c:\windows\system32\MpSigStub.exe 2009-12-12 22:14:15 25488 ----a-w- c:\windows\system32\drivers\nvcv64mf.sys 2009-12-12 22:14:15 210248 ----a-w- c:\windows\syswow64\nscrnsav.scr 2009-12-12 22:13:55 0 d-----w- c:\program files\Norman 2009-12-12 22:12:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-12 21:40:04 0 d-----w- c:\programdata\ATI 2009-12-12 21:39:20 0 ----a-w- c:\windows\ativpsrm.bin 2009-12-12 21:34:05 0 d-----w- c:\program files\common files\ATI Technologies 2009-12-12 21:33:56 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-12-12 21:33:56 18618 ----a-w- c:\windows\atiogl.xml 2009-12-12 21:33:44 0 d-----w- c:\program files (x86)\ATI Technologies 2009-12-12 21:33:26 0 d-----w- c:\program files\ATI 2009-12-12 21:32:27 0 d-----w- c:\program files\ATI Technologies 2009-12-12 21:21:21 0 d-----w- c:\programdata\Adobe 2009-12-12 21:19:19 1746 ----a-w- c:\windows\Language_trs.ini 2009-12-12 21:12:30 177 ---h--w- C:\dvmexp.idx 2009-12-12 21:02:22 0 d-----w- c:\temp\dvmexp 2009-12-12 21:02:20 0 d--h--w- c:\temp\tmpdvmexp 2009-12-12 21:02:20 0 d--h--w- C:\temp 2009-12-12 21:02:20 0 d--h--w- C:\dvmexp 2009-12-12 21:02:05 0 d--h--w- C:\ASUS.000 2009-12-12 21:01:49 0 d--h--w- C:\ASUS.SYS 2009-12-12 21:01:40 0 d-sh--w- c:\windows\Installer 2009-12-12 21:01:38 0 d-----w- c:\program files (x86)\Downloaded Installations 2009-12-12 20:59:29 24576 ----a-r- c:\windows\syswow64\AsIO.dll 2009-12-12 20:59:27 0 d-----w- c:\program files (x86)\ASUS 2009-12-12 20:59:23 0 d-----w- c:\program files\ASUS 2009-12-12 20:59:12 666 ----a-w- c:\windows\setup.iss 2009-12-12 20:59:09 315904 ----a-w- c:\windows\syswow64\Difx1c46.rra 2009-12-12 20:59:08 1970176 ------r- c:\windows\syswow64\xRaidSetup.exe 2009-12-12 20:59:08 151552 ------r- c:\windows\syswow64\xRaidAPI.dll 2009-12-12 20:59:08 0 d-----w- C:\RaidTool 2009-12-12 20:59:04 104408 ----a-w- c:\windows\system32\drivers\jraid.sys 2009-12-12 20:58:57 0 d-----w- c:\windows\RaidTool 2009-12-12 20:58:22 67584 ----a-w- c:\windows\system32\RtNicProp64.dll 2009-12-12 20:56:12 0 d-----w- c:\windows\AsusInstAll 2009-12-12 20:56:07 0 d-----w- c:\windows\syswow64\RTCOM 2009-12-12 20:56:07 0 d-----w- c:\program files\Realtek 2009-12-12 20:56:00 150528 ----a-w- c:\windows\system32\SRSWOW64.dll 2009-12-12 20:55:56 0 d--h--w- c:\program files (x86)\Temp 2009-12-12 20:55:56 0 d-----w- c:\program files (x86)\Realtek 2009-12-12 20:54:50 19092 ----a-w- c:\windows\Ascd_tmp.ini 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Start-meny 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Skrivebord 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Programdata 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Maler 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Favoritter 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Dokumenter 2009-12-12 20:50:39 0 d-sh--we c:\program files\Fellesfiler 2009-12-12 20:43:08 0 d-----w- c:\windows\Panther 2009-12-12 20:42:56 8192 --sha-r- C:\BOOTSECT.BAK 2009-12-12 20:42:55 383562 --sha-r- C:\bootmgr 2009-12-12 20:42:55 0 d-sh--w- C:\Boot 2009-12-12 20:36:49 0 d-----w- C:\Windows.old 2009-12-11 01:36:44 3396 ----a-w- C:\setup2.ini 2009-12-11 01:36:34 256 ----a-w- C:\EDID_GSM_0x0100_0x01010101.ted 2009-12-08 22:48:50 2106 ----a-w- C:\setup.ini ==================== Find3M ==================== 2009-12-17 14:40:27 73918 ----a-w- c:\windows\system32\perfc014.dat 2009-12-17 14:40:27 447972 ----a-w- c:\windows\system32\perfh014.dat 2009-11-19 07:22:46 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2009-11-19 07:22:46 5958656 ----a-w- c:\windows\syswow64\mshtml.dll 2009-11-17 16:01:20 294400 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2009-11-12 06:24:34 97792 ----a-w- c:\windows\system32\RTNUninst64.dll 2009-11-09 12:56:40 798216 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe 2009-11-09 12:56:30 36872 ----a-w- c:\windows\system32\mausbasio64.dll 2009-11-09 12:56:24 32776 ----a-w- c:\windows\syswow64\mausbasio.dll 2009-11-09 12:56:20 187912 ----a-w- c:\windows\system32\drivers\MAudioFastTrackPro.sys 2009-11-09 12:56:04 2526185 ----a-w- c:\windows\syswow64\madiousb.dll 2009-07-14 09:15:51 36156 ----a-w- c:\windows\inf\perflib414\perfd.dat 2009-07-14 09:15:51 36156 ----a-w- c:\windows\inf\perflib414\perfc.dat 2009-07-14 09:15:51 298300 ----a-w- c:\windows\inf\perflib414\perfi.dat 2009-07-14 09:15:51 298300 ----a-w- c:\windows\inf\perflib414\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 19:39:52,09 =============== Og mange tusen takk for at du hjelper til! Jeg søkte på iexplore.exe i Google og fikk opp mye på den. Er nok noe der, men hvordan den har lirka seg inn her er mystisk. Dette oppstod forresten idag så det er nok på grunn av den 7zip fila og kanskje noen hint i DDS loggen fra idag. Endret 18. desember 2009 av rymdgris Lenke til kommentar
norbat Skrevet 18. desember 2009 Del Skrevet 18. desember 2009 La oss se om vi kan komme oss litt videre: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Filer som antakelig er en del av infeksjonen er: c:\users\rymdgris\MBLMgX.exe c:\users\rymdgris\IPYAkD.exe c:\users\rymdgris\wysoh.exe c:\users\rymdgris\iexplore.exe c:\users\rymdgris\HfGAtp.bat c:\users\rymdgris\UIAUaS.exe c:\users\rymdgris\qdcej.exe c:\users\rymdgris\KNLXtc.bat c:\users\rymdgris\GmMGCB.exe c:\users\rymdgris\diina.exe c:\users\rymdgris\GWtQcK.bat c:\users\rymdgris\dccuip.exe c:\users\rymdgris\yiialon.exe c:\users\rymdgris\teacoa.exe Du kunne ha sjekket noen av filene på virscan.org. Noen av filene er skjulte, så du må slå på "Vis skjulte filer og mapper" samt sørge for at du kan se skjulte operativsystemfiler) Lenke til kommentar
rymdgris Skrevet 18. desember 2009 Forfatter Del Skrevet 18. desember 2009 Her er HijackThis loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:48:39, on 19.12.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Windows\SysWOW64\svchost.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Program Files (x86)\ASUS\AASP\1.00.95\aaCenter.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ClueIEAddin - {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - C:\Clue\adxloader.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKCU\..\Run: [teacoa] C:\Users\rymdgris\teacoa.exe O4 - HKCU\..\Run: [diina] C:\Users\rymdgris\diina.exe O4 - HKCU\..\Run: [qdcej] C:\Users\rymdgris\qdcej.exe O4 - HKCU\..\Run: [wysoh] C:\Users\rymdgris\wysoh.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\elogsvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 6946 bytes Lenke til kommentar
norbat Skrevet 18. desember 2009 Del Skrevet 18. desember 2009 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKCU\..\Run: [teacoa] C:\Users\rymdgris\teacoa.exe O4 - HKCU\..\Run: [diina] C:\Users\rymdgris\diina.exe O4 - HKCU\..\Run: [qdcej] C:\Users\rymdgris\qdcej.exe O4 - HKCU\..\Run: [wysoh] C:\Users\rymdgris\wysoh.exe Restart i sikker modus (tapp F8 under oppstart, velg sikkermodus) Finn og slett filene nevnt i forrige innlegg. I normal modus: Oppdater og kjør en ny rask skann med mbam Post ny DDS-logg sammen med mbam-loggen Lenke til kommentar
rymdgris Skrevet 18. desember 2009 Forfatter Del Skrevet 18. desember 2009 (endret) Gjorde som du sa, to ganger, men iexplore.exe kommer tilbake gang på gang Nå kjører jeg FSecure skann siden den var en av de få som oppdaga noe når jeg sjekka iexplore.exe opp mot virscan.org sin kontroll (har egentlig Norman). Jeg prøvde å kjøre mbam, men den "svarer ikke" plutselig. EDIT: Jeg tror ikke safe mode fungerte. Jeg trykka F8 men fikk bare opp alternativet om jeg ville starte fra hdd eller cd-rom. Endret 18. desember 2009 av rymdgris Lenke til kommentar
norbat Skrevet 18. desember 2009 Del Skrevet 18. desember 2009 (endret) Velg hdd og fortsett å trykke F8 Fant F-secure noe av interesse (var det onlineskanneren du brukte)? Endret 18. desember 2009 av norbat Lenke til kommentar
rymdgris Skrevet 18. desember 2009 Forfatter Del Skrevet 18. desember 2009 (endret) Kjørte hjt, fjerna greiene, fikk starta i sikker modus, fjerna greiene, tok omstart og nå er det på'n igjen. Hissig infeksjon det her... EDIT: F-secure fant null og niks. Ser for meg formaterings/ny windows-installasjons-hælvete for å være på sikre siden? Endret 18. desember 2009 av rymdgris Lenke til kommentar
norbat Skrevet 18. desember 2009 Del Skrevet 18. desember 2009 Kunne du ha postet ny dds-logg? Lenke til kommentar
rymdgris Skrevet 18. desember 2009 Forfatter Del Skrevet 18. desember 2009 DDS logg 1: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12.12.2009 21:50:41 System Uptime: 19.12.2009 22:21:26 (1 hours ago) Motherboard: ASUSTeK Computer INC. | | P6T SE Processor: Intel® Core i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/160mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 932 GiB total, 209,215 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: ATI High Definition Audio Device Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&2A570A9&0&0001 Manufacturer: ATI Technologies Inc. Name: ATI High Definition Audio Device PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&2A570A9&0&0001 Service: AtiHdmiService Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: Realtek High Definition Audio Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_104383C0&REV_1001\4&5E4D696&0&0001 Manufacturer: Realtek Name: Realtek High Definition Audio PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_104383C0&REV_1001\4&5E4D696&0&0001 Service: IntcAzAudAddService ==== System Restore Points =================== RP67: 19.12.2009 01:14:31 - Windows Update RP69: 19.12.2009 01:38:39 - Windows Defender Checkpoint RP70: 19.12.2009 21:01:18 - is 10.00 build 246 Installation ==== Installed Programs ====================== Ad-Aware Adobe Flash Player 10 Plugin Adobe Reader 9.2 - Norsk AI Suite Apple Application Support Apple Software Update ASUSUpdate AviSynth 2.5 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CDBurnerXP Combined Community Codec Pack 2009-09-09 DVD Shrink 3.2 EPU-6 Engine Express Gate F-Secure Anti-Virus 2010 F-Secure PSC Prerequisites FileZilla Client 3.3.0.1 HijackThis 2.0.2 HydraVision Java 6 Update 10 JMicron JMB36X Driver MakeMKV v1.4.9_beta Malwarebytes' Anti-Malware Microsoft Choice Guard Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows Media Video 9 VCM MozBackup 1.4.10 Mozilla Firefox (3.5.6) Mozilla Thunderbird (3.0) MSVCRT Opera 10.10 Opplastingsverktøy for Windows Live PC Probe II Påloggingsassistent for Windows Live QuickTime Realtek 8136 8168 8169 Ethernet Driver Realtek High Definition Audio Driver Series II MIDI Spotify SUPERAntiSpyware Free Edition TextPad 5 TurboV VLC media player 1.0.3 Winamp Windows Live Communications Platform Windows Live Essentials Windows Live Messenger ==== End Of File =========================== DDS logg 2: DDS (Ver_09-12-01.01) - NTFSX64 Run by rymdgris at 23:00:21,82 on 19.12.2009 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_10 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.6135.4625 [GMT 1:00] SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Norman\Npm\Bin\elogsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\ASUS.SYS\config\DVMExportService.exe C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\Norman\Npm\Bin\scheduler.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\Norman\Nse\Bin\NSESVC.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\M-AudioTaskBarIcon.exe \teacoa.exe C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Program Files (x86)\F-Secure\Common\FSM32.EXE C:\Program Files\Norman\Nvc\Bin\nvcoas.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\rymdgris\fiizoux.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Users\rymdgris\pMQUrw.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\rymdgris\Desktop\ATF-Cleaner.exe C:\Users\rymdgris\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ClueIEAddin: {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - c:\clue\adxloader.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll uRun: [teacoa] c:\users\rymdgris\teacoa.exe uRun: [fiizoux] c:\users\rymdgris\fiizoux.exe mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH mRun: [F-Secure Manager] "c:\program files (x86)\f-secure\common\FSM32.EXE" /splash mRun: [F-Secure TNB] "c:\program files (x86)\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL LSP: c:\program files (x86)\f-secure\fsps\program\FSLSP.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL mRun-x64: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe ================= FIREFOX =================== FF - ProfilePath - c:\users\rymdgris\appdata\roaming\mozilla\firefox\profiles\ndjhmvxx.default\ FF - prefs.js: browser.search.selectedEngine - Telefonkatalogen FF - prefs.js: browser.startup.homepage - www.google.no FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-16 69152] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\f-secure\hips\drivers\fshs.sys [2009-12-19 57920] R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-12-19 44480] R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-12-19 92160] R1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\f-secure\anti-virus\minifilter\fsvista.sys [2009-12-19 14904] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-19 202752] R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-12-12 90112] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x64.sys [2009-12-16 19432] R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-2-18 294912] R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files (x86)\f-secure\anti-virus\fsgk32st.exe [2009-12-19 215648] R2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\Zanda.exe [2009-10-6 386440] R2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2009-12-12 107848] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\f-secure\anti-virus\minifilter\fsgk.sys [2009-12-19 162912] R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\f-secure\orsp client\fsorsp.exe [2009-12-19 55936] R3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\Nsesvc.exe [2009-12-12 283976] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcv64mf.sys [2009-12-12 25488] R3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\Nvcoas.exe [2009-12-12 202056] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-11-17 294400] R3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2009-12-12 179664] S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-11-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-11-23 74480] S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2009-11-9 187912] S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-11-23 7408] S4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\f-secure\anti-virus\win2k\fsfilter.sys [2009-12-19 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\f-secure\anti-virus\win2k\fsrec.sys [2009-12-19 25184] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-12-2 1184912] =============== Created Last 30 ================ 2009-12-19 21:25:08 196 ----a-w- c:\users\rymdgris\GFOezV.bat 2009-12-19 21:23:06 188928 ----a-w- c:\users\rymdgris\pMQUrw.exe 2009-12-19 21:23:02 81920 --sh--r- c:\users\rymdgris\fiizoux.exe 2009-12-19 20:29:56 81920 --sh--r- c:\users\rymdgris\scfer.exe 2009-12-19 20:02:11 44480 ----a-w- c:\windows\system32\drivers\fses.sys 2009-12-19 20:02:10 92160 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2009-12-19 20:02:01 1263010 ----a-w- c:\windows\syswow64\PerfStringBackup.INI 2009-12-19 20:01:30 0 d-----w- c:\program files (x86)\F-Secure 2009-12-19 20:01:05 0 d-----w- c:\programdata\fssg 2009-12-19 20:00:23 0 d-----w- c:\programdata\f-secure 2009-12-19 17:54:13 81920 --sh--r- c:\users\rymdgris\wysoh.exe 2009-12-19 15:02:43 0 d-----w- c:\program files (x86)\trend micro 2009-12-19 14:45:21 0 d-----w- c:\program files (x86)\MozBackup 2009-12-19 14:41:36 81920 --sh--r- c:\users\rymdgris\qdcej.exe 2009-12-19 14:28:44 81920 --sh--r- c:\users\rymdgris\diina.exe 2009-12-19 10:12:04 81920 --sh--r- c:\users\rymdgris\dccuip.exe 2009-12-19 10:03:21 0 d-----w- c:\users\rymdgris\appdata\roaming\Malwarebytes 2009-12-19 10:03:16 22104 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-19 10:03:16 0 d-----w- c:\programdata\Malwarebytes 2009-12-19 10:03:16 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2009-12-19 00:38:12 81920 --sh--r- c:\users\rymdgris\yiialon.exe 2009-12-19 00:37:48 122880 --sh--r- c:\users\rymdgris\teacoa.exe 2009-12-17 20:07:44 0 d-----w- C:\Video 2009-12-17 15:46:47 724992 ----a-w- c:\windows\iun6002.exe 2009-12-17 08:22:21 0 d-----w- c:\programdata\ASUS OC Profiles 2009-12-16 22:46:49 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-12-16 22:45:33 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2009-12-16 22:45:13 0 d-----w- c:\programdata\Lavasoft 2009-12-16 22:45:13 0 d-----w- c:\program files (x86)\Lavasoft 2009-12-16 21:46:19 376 ----a-w- c:\windows\ODBC.INI 2009-12-16 18:38:18 19432 ----a-w- c:\windows\system32\drivers\cpuz132_x64.sys 2009-12-16 18:38:18 0 d-----w- c:\program files\CPUID 2009-12-16 17:14:41 401462 ----a-w- c:\windows\syswow64\temp.009 2009-12-16 16:33:51 401462 ----a-w- c:\windows\syswow64\temp.008 2009-12-16 03:37:48 401462 ----a-w- c:\windows\syswow64\temp.007 2009-12-16 03:13:57 401462 ----a-w- c:\windows\syswow64\temp.006 2009-12-16 03:04:11 401462 ----a-w- c:\windows\syswow64\temp.005 2009-12-16 02:54:04 401462 ----a-w- c:\windows\syswow64\temp.004 2009-12-16 01:35:57 995383 ----a-w- c:\windows\syswow64\temp.002 2009-12-16 01:35:57 77878 ----a-w- c:\windows\syswow64\temp.001 2009-12-16 01:35:57 278581 ----a-w- c:\windows\syswow64\temp.003 2009-12-16 01:35:56 401462 ----a-w- c:\windows\syswow64\temp.000 2009-12-15 21:34:07 204288 ----a-w- c:\windows\syswow64\M-AudioTaskBarIcon.exe 2009-12-15 21:33:43 82944 ----a-w- c:\windows\syswow64\USBMN1X1.DLL 2009-12-15 21:33:43 424456 ----a-w- c:\windows\syswow64\MA_CMIDN.DLL 2009-12-15 21:33:42 0 d-----w- c:\program files (x86)\M-Audio 2009-12-15 08:51:32 540688 ----a-w- c:\windows\system32\d3dx10_39.dll 2009-12-15 08:51:32 467984 ----a-w- c:\windows\syswow64\d3dx10_39.dll 2009-12-15 08:51:32 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2009-12-15 08:51:32 1493528 ----a-w- c:\windows\syswow64\D3DCompiler_39.dll 2009-12-15 08:51:31 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll 2009-12-15 08:51:31 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll 2009-12-15 07:51:33 0 d-----w- c:\users\rymdgris\Spill 2009-12-15 06:34:20 0 d-----w- c:\programdata\SUPERAntiSpyware.com 2009-12-15 06:34:13 0 d-----w- c:\users\rymdgris\appdata\roaming\SUPERAntiSpyware.com 2009-12-15 06:34:13 0 d-----w- c:\program files (x86)\SUPERAntiSpyware 2009-12-15 06:33:46 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard 2009-12-14 21:49:50 0 d-----w- c:\program files (x86)\MakeMKV 2009-12-14 13:18:49 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-12-14 13:18:49 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2009-12-14 13:18:49 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll 2009-12-14 13:18:42 0 d-----w- c:\programdata\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} 2009-12-14 13:18:42 0 d-----w- c:\program files\iTunes 2009-12-14 13:18:42 0 d-----w- c:\program files\iPod 2009-12-14 13:18:42 0 d-----w- c:\program files (x86)\iTunes 2009-12-14 13:18:02 0 d-----w- c:\programdata\Apple Computer 2009-12-14 13:17:43 0 d-----w- c:\program files\common files\Apple 2009-12-14 13:17:29 0 d-----w- c:\programdata\Apple 2009-12-14 12:53:37 0 d-----w- c:\program files\WMV9_VCM 2009-12-14 12:04:53 0 d-----w- c:\programdata\DVD Shrink 2009-12-14 12:04:52 0 d-----w- c:\program files (x86)\DVD Shrink 2009-12-14 02:50:40 0 d-----w- c:\program files (x86)\CCleaner 2009-12-14 01:58:39 0 d-----w- c:\users\rymdgris\.dvdcss 2009-12-14 00:39:30 231936 ----a-w- c:\windows\syswow64\FusionReg.dll 2009-12-13 15:48:51 0 d-----w- c:\users\rymdgris\appdata\roaming\Spotify 2009-12-13 15:47:12 0 d-----w- c:\program files (x86)\Spotify 2009-12-13 08:55:02 0 d-----w- c:\users\rymdgris\Mine mottatte filer 2009-12-13 08:34:18 0 d-----w- c:\program files (x86)\VideoLAN 2009-12-13 02:49:35 0 d-----w- c:\users\rymdgris\appdata\roaming\Helios 2009-12-13 02:48:22 0 d-----w- c:\program files (x86)\TextPad 5 2009-12-13 02:42:19 834544 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-12-13 01:58:37 0 d-----w- c:\users\rymdgris\appdata\roaming\Canneverbe_Limited 2009-12-13 01:58:36 0 d-----w- c:\programdata\Canneverbe Limited 2009-12-13 01:42:01 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-12-13 01:33:11 0 d-----w- c:\program files (x86)\AviSynth 2.5 2009-12-13 01:30:55 410976 ----a-w- c:\windows\syswow64\deploytk.dll 2009-12-13 01:30:55 143360 ----a-w- c:\windows\syswow64\javaws.exe 2009-12-13 01:30:55 139264 ----a-w- c:\windows\syswow64\javaw.exe 2009-12-13 01:30:55 139264 ----a-w- c:\windows\syswow64\java.exe 2009-12-13 01:29:44 0 d-----w- c:\program files (x86)\PS3 Media Server 2009-12-13 01:29:05 0 d-----w- c:\program files (x86)\Combined Community Codec Pack 2009-12-13 01:23:55 0 d--h--w- c:\windows\msdownld.tmp 2009-12-13 01:23:43 0 d-----w- c:\windows\syswow64\directx 2009-12-13 01:19:41 0 d-----w- c:\program files\WinRAR 2009-12-13 01:06:43 0 d-----w- c:\users\rymdgris\Tracing 2009-12-13 01:05:59 0 d-----w- c:\program files (x86)\Microsoft 2009-12-13 01:05:39 0 d-----w- c:\program files (x86)\Windows Live SkyDrive 2009-12-13 01:04:56 0 d-----w- c:\windows\PCHEALTH 2009-12-13 01:02:45 0 d-----w- c:\program files (x86)\common files\Windows Live 2009-12-13 00:04:07 0 d-----w- c:\windows\syswow64\Macromed 2009-12-12 22:53:41 0 d-----w- c:\program files (x86)\common files\PX Storage Engine 2009-12-12 22:50:34 0 d-----w- c:\program files\M-Audio 2009-12-12 22:36:44 2048 ----a-w- c:\windows\syswow64\tzres.dll 2009-12-12 22:36:44 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-12 22:36:34 257024 ----a-w- c:\windows\syswow64\msv1_0.dll 2009-12-12 22:36:33 311808 ----a-w- c:\windows\system32\msv1_0.dll 2009-12-12 22:36:31 226688 ------w- c:\windows\system32\MpSigStub.exe 2009-12-12 22:14:15 25488 ----a-w- c:\windows\system32\drivers\nvcv64mf.sys 2009-12-12 22:14:15 210248 ----a-w- c:\windows\syswow64\nscrnsav.scr 2009-12-12 22:13:55 0 d-----w- c:\program files\Norman 2009-12-12 22:12:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-12 21:40:04 0 d-----w- c:\programdata\ATI 2009-12-12 21:39:20 0 ----a-w- c:\windows\ativpsrm.bin 2009-12-12 21:34:05 0 d-----w- c:\program files\common files\ATI Technologies 2009-12-12 21:33:56 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-12-12 21:33:56 18618 ----a-w- c:\windows\atiogl.xml 2009-12-12 21:33:44 0 d-----w- c:\program files (x86)\ATI Technologies 2009-12-12 21:33:26 0 d-----w- c:\program files\ATI 2009-12-12 21:32:27 0 d-----w- c:\program files\ATI Technologies 2009-12-12 21:21:21 0 d-----w- c:\programdata\Adobe 2009-12-12 21:19:19 1746 ----a-w- c:\windows\Language_trs.ini 2009-12-12 21:12:30 177 ---h--w- C:\dvmexp.idx 2009-12-12 21:02:22 0 d-----w- c:\temp\dvmexp 2009-12-12 21:02:20 0 d--h--w- c:\temp\tmpdvmexp 2009-12-12 21:02:20 0 d--h--w- C:\temp 2009-12-12 21:02:20 0 d--h--w- C:\dvmexp 2009-12-12 21:02:05 0 d--h--w- C:\ASUS.000 2009-12-12 21:01:49 0 d--h--w- C:\ASUS.SYS 2009-12-12 21:01:40 0 d-sh--w- c:\windows\Installer 2009-12-12 21:01:38 0 d-----w- c:\program files (x86)\Downloaded Installations 2009-12-12 20:59:29 24576 ----a-r- c:\windows\syswow64\AsIO.dll 2009-12-12 20:59:27 0 d-----w- c:\program files (x86)\ASUS 2009-12-12 20:59:23 0 d-----w- c:\program files\ASUS 2009-12-12 20:59:12 666 ----a-w- c:\windows\setup.iss 2009-12-12 20:59:09 315904 ----a-w- c:\windows\syswow64\Difx1c46.rra 2009-12-12 20:59:08 1970176 ------r- c:\windows\syswow64\xRaidSetup.exe 2009-12-12 20:59:08 151552 ------r- c:\windows\syswow64\xRaidAPI.dll 2009-12-12 20:59:08 0 d-----w- C:\RaidTool 2009-12-12 20:59:04 104408 ----a-w- c:\windows\system32\drivers\jraid.sys 2009-12-12 20:58:57 0 d-----w- c:\windows\RaidTool 2009-12-12 20:58:22 67584 ----a-w- c:\windows\system32\RtNicProp64.dll 2009-12-12 20:56:12 0 d-----w- c:\windows\AsusInstAll 2009-12-12 20:56:07 0 d-----w- c:\windows\syswow64\RTCOM 2009-12-12 20:56:07 0 d-----w- c:\program files\Realtek 2009-12-12 20:56:00 150528 ----a-w- c:\windows\system32\SRSWOW64.dll 2009-12-12 20:55:56 0 d--h--w- c:\program files (x86)\Temp 2009-12-12 20:55:56 0 d-----w- c:\program files (x86)\Realtek 2009-12-12 20:54:50 19092 ----a-w- c:\windows\Ascd_tmp.ini 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Start-meny 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Skrivebord 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Programdata 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Maler 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Favoritter 2009-12-12 20:50:39 0 d-sh--we c:\programdata\Dokumenter 2009-12-12 20:50:39 0 d-sh--we c:\program files\Fellesfiler 2009-12-12 20:43:08 0 d-----w- c:\windows\Panther 2009-12-12 20:42:56 8192 --sha-r- C:\BOOTSECT.BAK 2009-12-12 20:42:55 383562 --sha-r- C:\bootmgr 2009-12-12 20:42:55 0 d-sh--w- C:\Boot 2009-12-12 20:36:49 0 d-----w- C:\Windows.old 2009-12-11 01:36:44 3396 ----a-w- C:\setup2.ini 2009-12-11 01:36:34 256 ----a-w- C:\EDID_GSM_0x0100_0x01010101.ted 2009-12-08 22:48:50 2106 ----a-w- C:\setup.ini ==================== Find3M ==================== 2009-12-19 20:02:13 76822 ----a-w- c:\windows\system32\perfc014.dat 2009-12-19 20:02:13 454118 ----a-w- c:\windows\system32\perfh014.dat 2009-11-19 07:22:46 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2009-11-19 07:22:46 5958656 ----a-w- c:\windows\syswow64\mshtml.dll 2009-11-17 16:01:20 294400 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2009-11-12 06:24:34 97792 ----a-w- c:\windows\system32\RTNUninst64.dll 2009-11-09 12:56:40 798216 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe 2009-11-09 12:56:30 36872 ----a-w- c:\windows\system32\mausbasio64.dll 2009-11-09 12:56:24 32776 ----a-w- c:\windows\syswow64\mausbasio.dll 2009-11-09 12:56:20 187912 ----a-w- c:\windows\system32\drivers\MAudioFastTrackPro.sys 2009-11-09 12:56:04 2526185 ----a-w- c:\windows\syswow64\madiousb.dll 2009-07-14 09:15:51 36156 ----a-w- c:\windows\inf\perflib414\perfd.dat 2009-07-14 09:15:51 36156 ----a-w- c:\windows\inf\perflib414\perfc.dat 2009-07-14 09:15:51 298300 ----a-w- c:\windows\inf\perflib414\perfi.dat 2009-07-14 09:15:51 298300 ----a-w- c:\windows\inf\perflib414\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 23:01:20,42 =============== Lenke til kommentar
norbat Skrevet 18. desember 2009 Del Skrevet 18. desember 2009 (endret) Å installere flere antivirusprogram, er ingen god løsning da dette kan føre til konflikter og treg pc. Det du kan forsøke er å kjøre en onlineskanner: http://www.f-secure.com/en_EMEA/security/s...online-scanner/ Du kjører windows 7 64 bits og det er derfor litt vanskelig å benytte de programmene vi vanligvis benytter for å ta knekken på infeksjonen. En reinstallering vil løse problemet, men hvis du har litt tålmodighet så kan vi fortsatt prøve ulike løsninger. Men, se om du ikke får kjørt onlineskanneren til F-secure. Du kan også se om du får utført dette: Last ned RootRepeal til skrivebordet Start programmet Klikk på fanearket Report og deretter på Scan-knappen Sørg for at det er satt merke framfor Drivers, FIles, Processes, SSDT, Stealth Objects, Hidden Services og Shadow SSDT Klikk OK og la programmet scanne C:-stasjonen. Lagre loggen som lages ved å klikke på Save Report. Post loggen. Endret 18. desember 2009 av norbat Lenke til kommentar
rymdgris Skrevet 19. desember 2009 Forfatter Del Skrevet 19. desember 2009 Kjørte F-Secure online scan og fikk ingenting. Prøvde å installere RootRepeal men får beskjed om at den ikke funker på 64-bit OS. Lenke til kommentar
norbat Skrevet 19. desember 2009 Del Skrevet 19. desember 2009 Får du fortsatt ikke kjørt mbam - reinstaller det og se om ikke det kan få det til å kjøre. Alt. Hent DrWeb-cureit og kjør programmet. Lenke til kommentar
rymdgris Skrevet 20. desember 2009 Forfatter Del Skrevet 20. desember 2009 Jeg ble utålmodig her og installerte Windows på nytt. Det merkelige er at nå starter maskina en del treigere. Dobbelt så lang oppstartstid liksom. Noen idé hva det kan være? Jeg formaterte ikke. Bare sletta partisjonen og installerte på nytt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå