Trenger hjelp til å sjekke logg.

TaZ · 26. mars 2010

Logger

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 07.11.2009 17:03:27

System Uptime: 26.03.2010 19:53:44 (0 hours ago)

Motherboard: FUJITSU | | EF7A

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 464 GiB total, 225,677 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft virtuelt WiFi-miniportkort

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&FB5747&0&01

Manufacturer: Microsoft

Name: Microsoft virtuelt WiFi-miniportkort

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&FB5747&0&01

Service: vwifimp

==== System Restore Points ===================

RP63: 19.03.2010 02:59:00 - Windows Update

RP64: 22.03.2010 18:26:56 - Windows Update

RP65: 25.03.2010 09:13:20 - Windows Update

RP66: 26.03.2010 08:25:30 - Windows Update

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office system

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.1.3 - Norsk

µTorrent

avast! Antivirus

bwin Poker

CDisplay 1.8

CyberLink YouCam

DVD Decrypter (Remove Only)

FlashFXP v3

Fujitsu OSD Utility

Google Toolbar for Internet Explorer

ImgBurn

Java 6 Update 17

Malwarebytes' Anti-Malware

Microsoft Office Access MUI (English) 2007

Microsoft Office Access MUI (Norwegian (Bokmål)) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007

Microsoft Office Language Pack 2007 Service Pack 2 (SP2)

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Norwegian (Bokmål)) 2007

Microsoft Office Proof (Norwegian (Nynorsk)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (Norwegian (Bokmål)) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (Norwegian (Bokmål)) 2007

Microsoft Visual C++ 2005 Redistributable

PowerPoker

Private folder and Playlist

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Spotify

SystemDiagnostics

VLC media player 1.0.3

Warcraft III

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSX64

Run by roger at 19:57:49,73 on 26.03.2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.4061.2898 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

C:\Program Files (x86)\Fujitsu OSD Utility\WirelessControl.exe

C:\Program Files (x86)\Fujitsu OSD Utility\OSDUtility.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\roger\temp\TeamViewer\Version5\TeamViewer.exe

C:\Windows\system32\DllHost.exe

C:\Users\roger\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://sol.no/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~2\flashfxp\IEFlash.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [uCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"

mRun: [YouCam Mirror Tray icon] "c:\program files (x86)\cyberlink\youcam\YouCamTray.exe" /s

mRun: [Fujitsu Wireless Control] c:\progra~2\fujits~1\WIRELE~1.EXE

mRun: [Fujitsu OSD Utility] c:\progra~2\fujits~1\OSDUTI~1.EXE

mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

mRun-x64: [iAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-9 89680]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-9 22096]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-9 65616]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-28 138680]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-28 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-28 352920]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-10-21 52264]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28x.sys [2009-10-21 702976]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-10-21 84512]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-11-7 215040]

S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-2-4 85504]

S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-2-4 127488]

S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-2-4 10496]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-21 216064]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 17920]

S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\drivers\wtsmpadap.sys [2008-4-29 56104]

S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\drivers\wtsmpflt.sys [2008-4-29 378664]

=============== Created Last 30 ================

2010-03-26 18:48:50 0 d-----w- c:\users\roger\appdata\roaming\Malwarebytes

2010-03-26 18:48:45 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-26 18:48:45 0 d-----w- c:\programdata\Malwarebytes

2010-03-26 18:48:45 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-03-26 18:44:58 0 d-----w- c:\program files (x86)\QS

2010-03-26 18:44:56 0 d-----w- c:\users\roger\appdata\roaming\TeamViewer

2010-03-26 18:44:54 0 d-----w- c:\users\roger\temp

2010-03-26 14:36:59 3288 ------w- C:\bootsqm.dat

2010-03-10 02:00:32 294912 ----a-w- c:\windows\system32\browserchoice.exe

2010-02-26 12:13:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== Find3M ====================

2010-03-09 21:37:29 74124 ----a-w- c:\windows\system32\perfc014.dat

2010-03-09 21:37:29 448210 ----a-w- c:\windows\system32\perfh014.dat

2010-02-24 09:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe

2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll

2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe

2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2009-08-10 12:23:48 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat

2009-08-10 12:23:48 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat

2009-08-10 12:23:48 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat

2009-08-10 12:23:48 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:59:09,74 ===============

Malwarebytes' Anti-Malware 1.44

Databaseversjon: 3918

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

26.03.2010 19:52:55

mbam-log-2010-03-26 (19-52-55).txt

Skanntype: Rask Skann

Objekter skannet: 112457

Tid tilbakelagt: 2 minute(s), 56 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 1

Registerfiler infisert: 1

Mapper infisert: 1

Filer infisert: 3

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94480126 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mapper infisert:

C:\ProgramData\94480126 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Filer infisert:

C:\ProgramData\94480126\94480126.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.

C:\Users\roger\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Endret 26. mars 2010 av taz

norbat · 26. mars 2010

Loggen ser grei ut. Security Tool er stort sett en grei affære å fjerne når man først får kjørt MBAM

TaZ · 26. mars 2010

Takker.

Var utrolig plagsom den Security Tool saken.

Logg inn

Trenger hjelp til å sjekke logg.

Anbefalte innlegg

TaZ

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

TaZ

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer