paba Skrevet 15. september 2012 Forfatter Del Skrevet 15. september 2012 Ok. Kjører da combofix. Får igjen samme feilmelding etter: Fullført Niva_50 System file is infected... Lar maskinen stå til det skjer noe. Er neppe tilbake her før i morgen. Lenke til kommentar
mobile999 Skrevet 15. september 2012 Del Skrevet 15. september 2012 Ok. Hvis combofix ikke er ferdig etter 1,5 time så kan du bare resette maskinen og se etter loggen (c:\combofix.txt). Lenke til kommentar
paba Skrevet 16. september 2012 Forfatter Del Skrevet 16. september 2012 Her er logg fra combofix. Det tok lang tid! ComboFix 12-09-14.03 - Anne Grete 15.09.2012 21:54:09.5.4 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.3958.2906 [GMT 2:00] Kjører fra: c:\users\Anne Grete\Desktop\ComboFix.exe Command switches brukt :: c:\users\Anne Grete\Desktop\cfscript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Opprettet nytt gjenopprettingspunkt . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\Services.exe . . . er infisert!! . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-08-16 til 2012-09-16 ))))))))))))))))))))))))))))))))) . . 2012-09-15 21:54 . 2012-09-15 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-15 19:54 . 2009-07-14 01:39 328704 ----a-w- c:\windows\SysWow64\services.exe 2012-09-15 06:29 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-10 19:20 . 2012-09-10 19:20 -------- d-----w- c:\users\Anne Grete\AppData\Roaming\Malwarebytes 2012-09-10 19:20 . 2012-09-10 19:20 -------- d-----w- c:\programdata\Malwarebytes 2012-09-10 19:20 . 2012-09-15 06:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-10 18:56 . 2012-09-10 18:56 -------- d-----w- c:\users\Anne Grete\AppData\Roaming\SUPERAntiSpyware.com 2012-09-10 18:56 . 2012-09-10 22:00 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-09-10 18:56 . 2012-09-10 18:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-09-08 18:33 . 2012-09-11 19:13 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2012-09-05 12:30 . 2012-09-05 12:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-23 12:06 . 2012-08-23 12:06 -------- d-----w- c:\users\Anne Grete\AppData\Local\Macromedia 2012-08-23 12:03 . 2012-08-23 18:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-23 12:03 . 2012-08-23 12:03 -------- d-----w- c:\windows\system32\Macromed 2012-08-22 13:11 . 2012-08-22 13:11 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-08-22 13:10 . 2012-09-05 12:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-05 12:30 . 2010-10-23 11:21 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-23 18:52 . 2011-07-14 07:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2012-07-18 17:31 . 2012-08-14 17:57 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-07-06 20:06 . 2012-08-15 20:21 552448 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-07-06 20:06 . 2012-08-15 20:21 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2012-07-04 22:04 . 2012-08-14 17:57 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-07-04 22:01 . 2012-08-14 17:57 58880 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 22:01 . 2012-08-14 17:57 136704 ----a-w- c:\windows\system32\browser.dll 2012-07-04 21:23 . 2012-08-14 17:57 41472 ----a-w- c:\windows\SysWow64\browcli.dll 2012-06-29 04:55 . 2012-08-15 20:19 17809920 ----a-w- c:\windows\system32\mshtml.dll 2012-06-29 04:09 . 2012-08-15 20:19 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-06-29 03:56 . 2012-08-15 20:19 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 03:49 . 2012-08-15 20:19 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-29 03:49 . 2012-08-15 20:19 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 03:48 . 2012-08-15 20:19 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 03:47 . 2012-08-15 20:19 237056 ----a-w- c:\windows\system32\url.dll 2012-06-29 03:45 . 2012-08-15 20:19 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-29 03:44 . 2012-08-15 20:19 816640 ----a-w- c:\windows\system32\jscript.dll 2012-06-29 03:43 . 2012-08-15 20:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 03:42 . 2012-08-15 20:19 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-29 03:40 . 2012-08-15 20:19 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-29 03:39 . 2012-08-15 20:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-29 03:35 . 2012-08-15 20:19 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-29 00:16 . 2012-08-15 20:19 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-29 00:09 . 2012-08-15 20:19 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-29 00:08 . 2012-08-15 20:19 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-29 00:04 . 2012-08-15 20:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-29 00:00 . 2012-08-15 20:19 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . Cryptography Services Error !! . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250056] R3 cxbu0x64;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0x64.sys [2011-09-06 177920] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384] R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 136176] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-29 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 203264] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-09 7767552] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-09 279040] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-09-11 1014624] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 18:52] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 06:46] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 06:46] . 2012-09-07 c:\windows\Tasks\HPCeeScheduleForAnne Grete.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-09-04 c:\windows\Tasks\HPCeeScheduleForANNEGRETE-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Tilleggsskanning ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Anne Grete\AppData\Roaming\Mozilla\Firefox\Profiles\4vl8xzu2.default\ FF - prefs.js: network.proxy.type - 0 . - - - - TOMME PEKERE FJERNET - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe . . . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe . ************************************************************************** . Tidspunkt ferdig: 2012-09-16 10:33:04 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2012-09-16 08:33 . Pre-Run: 407 230 894 080 byte ledig Post-Run: 404 788 965 376 byte ledig . - - End Of File - - C540E44AA8355DEEDE98B10ED1D84DE2 Lenke til kommentar
mobile999 Skrevet 16. september 2012 Del Skrevet 16. september 2012 Tja... Det ble litt senere idag. Start datamaskinen i normalmodus. Sjekk om du kan starte Superantispyware, evt. bare lukk programmet igjen. Sjekk om du har trådløst nettverk. Kjør en Full scan med Malwarebytes (husk å oppdatere først). Forsøk å kjøre aswmbr som beskrevet i mitt første innlegg. Dersom internett fungerer så kan du laste ned definisjonene. Post resultatet av det du har gjort over, deretter laster du ned combofix på nytt (til skrivebordet) og kjører en ny scan ved å dobbelklikke på ikonet. http://www.bleepingcomputer.com/download/combofix/ Post combofix loggen . Lenke til kommentar
paba Skrevet 17. september 2012 Forfatter Del Skrevet 17. september 2012 Malwarebytes log: Databaseversjon: v2012.09.07.13 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Anne Grete :: ANNEGRETE-HP [administrator] Beskyttelse: Aktivert 16.09.2012 22:56:25 mbam-log-2012-09-16 (22-56-25).txt Skanntype: Full skann (C:\|D:\|Q:\|) Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 422238 Tid tilbakelagt: 1 time®, 2 minutt(er), 15 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 0 (Ingen skadelige objekter funnet) Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 0 (Ingen skadelige objekter funnet) Filer oppdaget 0 (Ingen skadelige objekter funnet) (klar) aswMBR log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-17 22:40:58 ----------------------------- 22:40:58.241 OS Version: Windows x64 6.1.7600 22:40:58.242 Number of processors: 4 586 0x2505 22:40:58.243 ComputerName: ANNEGRETE-HP UserName: Anne Grete 22:41:02.473 Initialize success 22:41:25.514 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:41:25.519 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3 22:41:25.530 Disk 0 MBR read successfully 22:41:25.534 Disk 0 MBR scan 22:41:25.539 Disk 0 unknown MBR code 22:41:25.553 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 22:41:25.570 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 455286 MB offset 409600 22:41:25.609 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21350 MB offset 932835328 22:41:25.633 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128 22:41:25.676 Disk 0 scanning C:\Windows\system32\drivers 22:41:34.769 Service scanning 22:41:54.750 Modules scanning 22:41:54.766 Disk 0 trace - called modules: 22:41:54.833 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 22:41:54.845 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004beb060] 22:41:54.855 3 CLASSPNP.SYS[fffff88001b3e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004984050] 22:41:54.864 Scan finished successfully 22:53:15.804 Disk 0 MBR has been saved successfully to "F:\Pål\Ny mappe (2)\Ny mappe\MBR.dat" 22:53:15.816 The log file has been saved successfully to "F:\Pål\Ny mappe (2)\Ny mappe\aswMBR.txt" Jeg sliter med å få startet combofix... Har ikke trådløst nettverk eller internett. Lenke til kommentar
mobile999 Skrevet 17. september 2012 Del Skrevet 17. september 2012 (endret) Jeg sliter med å få startet combofix... Da får du forsøke i sikkermodus. Fikk du startet Superantispyware? Endret 17. september 2012 av mobile999 Lenke til kommentar
paba Skrevet 18. september 2012 Forfatter Del Skrevet 18. september 2012 Combofix logg, kjørt i sikker modus ComboFix 12-09-16.01 - Anne Grete 18.09.2012 14:58:00.8.4 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.3958.3322 [GMT 2:00] Kjører fra: c:\users\Anne Grete\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Opprettet nytt gjenopprettingspunkt . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\Services.exe . . . er infisert!! . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-08-18 til 2012-09-18 ))))))))))))))))))))))))))))))))) . . 2012-09-18 14:59 . 2012-09-18 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-15 19:54 . 2009-07-14 01:39 328704 ----a-w- c:\windows\SysWow64\services.exe 2012-09-15 06:29 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-10 19:20 . 2012-09-10 19:20 -------- d-----w- c:\users\Anne Grete\AppData\Roaming\Malwarebytes 2012-09-10 19:20 . 2012-09-10 19:20 -------- d-----w- c:\programdata\Malwarebytes 2012-09-10 19:20 . 2012-09-16 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-10 18:56 . 2012-09-10 18:56 -------- d-----w- c:\users\Anne Grete\AppData\Roaming\SUPERAntiSpyware.com 2012-09-10 18:56 . 2012-09-10 22:00 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-09-10 18:56 . 2012-09-10 18:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-09-08 18:33 . 2012-09-11 19:13 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2012-09-05 12:30 . 2012-09-05 12:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-23 12:06 . 2012-08-23 12:06 -------- d-----w- c:\users\Anne Grete\AppData\Local\Macromedia 2012-08-23 12:03 . 2012-08-23 18:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-23 12:03 . 2012-08-23 12:03 -------- d-----w- c:\windows\system32\Macromed 2012-08-22 13:11 . 2012-08-22 13:11 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-08-22 13:10 . 2012-09-05 12:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-05 12:30 . 2010-10-23 11:21 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-23 18:52 . 2011-07-14 07:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2012-07-18 17:31 . 2012-08-14 17:57 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-07-06 20:06 . 2012-08-15 20:21 552448 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-07-06 20:06 . 2012-08-15 20:21 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2012-07-04 22:04 . 2012-08-14 17:57 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-07-04 22:01 . 2012-08-14 17:57 58880 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 22:01 . 2012-08-14 17:57 136704 ----a-w- c:\windows\system32\browser.dll 2012-07-04 21:23 . 2012-08-14 17:57 41472 ----a-w- c:\windows\SysWow64\browcli.dll 2012-06-29 04:55 . 2012-08-15 20:19 17809920 ----a-w- c:\windows\system32\mshtml.dll 2012-06-29 04:09 . 2012-08-15 20:19 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-06-29 03:56 . 2012-08-15 20:19 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 03:49 . 2012-08-15 20:19 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-29 03:49 . 2012-08-15 20:19 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 03:48 . 2012-08-15 20:19 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 03:47 . 2012-08-15 20:19 237056 ----a-w- c:\windows\system32\url.dll 2012-06-29 03:45 . 2012-08-15 20:19 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-29 03:44 . 2012-08-15 20:19 816640 ----a-w- c:\windows\system32\jscript.dll 2012-06-29 03:43 . 2012-08-15 20:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 03:42 . 2012-08-15 20:19 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-29 03:40 . 2012-08-15 20:19 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-29 03:39 . 2012-08-15 20:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-29 03:35 . 2012-08-15 20:19 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-29 00:16 . 2012-08-15 20:19 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-29 00:09 . 2012-08-15 20:19 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-29 00:08 . 2012-08-15 20:19 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-29 00:04 . 2012-08-15 20:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-29 00:00 . 2012-08-15 20:19 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . Cryptography Services Error !! . ((((((((((((((((((((((((((((( SnapShot@2012-09-16_08.28.54 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-09-16 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-09-18 12:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-09-16 07:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-09-18 12:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-09-16 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-09-18 12:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-10-23 11:01 . 2012-09-17 20:26 57810 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-18 12:31 40198 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-04-26 20:14 . 2012-09-16 07:19 16282 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2724727176-3469311930-917037092-1000_UserData.bin + 2011-04-26 20:14 . 2012-09-18 12:31 16282 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2724727176-3469311930-917037092-1000_UserData.bin + 2012-09-17 15:34 . 2012-09-17 15:34 1892 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-09-15 19:46 . 2012-09-15 19:46 1892 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2012-09-17 20:23 . 2012-09-18 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-09-15 21:55 . 2012-09-16 07:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-17 20:23 . 2012-09-18 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-09-15 21:55 . 2012-09-16 07:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-09-15 18:24 391644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-09-16 20:03 391644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 02:34 . 2012-09-08 13:25 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2012-09-16 08:39 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 203264] R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 136176] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250056] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-09 7767552] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-09 279040] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088] R3 cxbu0x64;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0x64.sys [2011-09-06 177920] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384] R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-09-11 1014624] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-29 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 18:52] . 2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 06:46] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 06:46] . 2012-09-07 c:\windows\Tasks\HPCeeScheduleForAnne Grete.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-09-04 c:\windows\Tasks\HPCeeScheduleForANNEGRETE-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] . ------- Tilleggsskanning ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Anne Grete\AppData\Roaming\Mozilla\Firefox\Profiles\4vl8xzu2.default\ FF - prefs.js: network.proxy.type - 0 . . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2012-09-18 17:01:42 ComboFix-quarantined-files.txt 2012-09-18 15:01 ComboFix2.txt 2012-09-16 08:33 . Pre-Run: 403 311 575 040 byte ledig Post-Run: 403 219 881 984 byte ledig . - - End Of File - - 6328548B615BEA53B22E2563DF0F0287 Får ikke startet Superantispyware, er ingen oppstartfil å starte den fra. Lenke til kommentar
mobile999 Skrevet 18. september 2012 Del Skrevet 18. september 2012 Last ned Farbar Lenke til kommentar
mobile999 Skrevet 18. september 2012 Del Skrevet 18. september 2012 Last ned Farbar Recovery Scan Tool x64 til en minnepenn. Plugg minnepennen inn i den infiserte pc'en. Håper resten kan tas på engelsk: Enter System Recovery Options: (Re-)Start the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select Norwegian as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Lenke til kommentar
Villfaren Skrevet 18. september 2012 Del Skrevet 18. september 2012 For en støtte! Må si eg er imponert over kunnskapen og lysten til å hjelpe folk på dette forumet! All applaus Lenke til kommentar
paba Skrevet 19. september 2012 Forfatter Del Skrevet 19. september 2012 Farbar logg: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2012 Ran by SYSTEM at 19-09-2012 18:02:03 Running from I:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6489704 2010-09-21] (Realtek Semiconductor) HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-09] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS) HKU\Anne Grete\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company) HKU\Anne Grete\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1083264 2012-01-10] (Nokia) HKU\Anne Grete\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-06] (SUPERAntiSpyware.com) Winlogon\Notify\ScCertProp: wlnotify.dll [X] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) ==================== Services (Whitelisted) =================== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation) 2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation) ==================== Drivers (Whitelisted) ===================== 3 cxbu0x64; C:\Windows\System32\Drivers\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation) 3 elxstor; C:\Windows\System32\Drivers\elxstor.sys [530496 2009-07-13] () 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-09-19 18:01 - 2012-09-19 18:02 - 00000000 ____D C:\FRST 2012-09-18 10:25 - 2012-09-18 10:25 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d75f531b-4e49-4c12-9cd2-fd3808b8949e.job 2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71fa4109-7868-477d-ad8a-908d347e106a.job 2012-09-18 07:01 - 2012-09-18 07:01 - 00023748 ____A C:\ComboFix.txt 2012-09-18 04:55 - 2012-09-18 04:55 - 00000000 ____D C:\Users\Anne Grete\Desktop\Ny mappe 2012-09-17 12:40 - 2012-09-17 12:32 - 04731392 ____A (AVAST Software) C:\Users\Anne Grete\Desktop\aswMBR.exe 2012-09-15 11:54 - 2009-07-13 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\services.exe 2012-09-15 10:52 - 2012-09-15 10:52 - 00000488 ____A C:\Windows\WindowsUpdate.log 2012-09-15 08:48 - 2012-09-15 08:34 - 00165376 ____A C:\Users\Anne Grete\Desktop\SystemLook_x64.exe 2012-09-15 08:31 - 2012-09-19 07:41 - 00001512 ____A C:\Windows\setupact.log 2012-09-15 08:31 - 2012-09-18 09:28 - 00004504 ____A C:\Windows\PFRO.log 2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____A C:\Windows\setuperr.log 2012-09-15 00:29 - 2012-09-17 12:33 - 04751448 ____R (Swearware) C:\Users\Anne Grete\Desktop\ComboFix.exe 2012-09-14 23:32 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-09-14 23:32 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-09-14 23:32 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-09-14 23:32 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-09-14 23:32 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-09-14 23:32 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-09-14 23:32 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-09-14 23:32 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-09-14 23:31 - 2012-09-18 07:01 - 00000000 ____D C:\Qoobox 2012-09-14 23:31 - 2012-09-18 06:59 - 00000000 ____D C:\Windows\erdnt 2012-09-14 22:29 - 2012-09-16 12:48 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-14 22:29 - 2012-09-07 07:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-10 11:20 - 2012-09-16 12:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-10 11:20 - 2012-09-10 11:20 - 00000000 ____D C:\Users\Anne Grete\AppData\Roaming\Malwarebytes 2012-09-10 11:20 - 2012-09-10 11:20 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-10 10:56 - 2012-09-18 10:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-09-10 10:56 - 2012-09-10 10:56 - 00000000 ____D C:\Users\Anne Grete\AppData\Roaming\SUPERAntiSpyware.com 2012-09-10 10:56 - 2012-09-10 10:56 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-09-08 10:33 - 2012-09-11 11:13 - 00000000 ____D C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2012-09-05 04:30 - 2012-09-05 04:30 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-09-05 04:30 - 2012-09-05 04:30 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-08-23 12:50 - 2012-08-23 12:50 - 00010274 ____A C:\Users\Anne Grete\Downloads\Chokladkaka _ Recept.htm 2012-08-23 12:50 - 2012-08-23 12:50 - 00007229 ____A C:\Users\Anne Grete\Downloads\Oreokake _ Recept.htm 2012-08-23 12:50 - 2012-08-23 12:50 - 00000000 ____D C:\Users\Anne Grete\Downloads\Filer_for_Oreokake _ Recept 2012-08-23 12:50 - 2012-08-23 12:50 - 00000000 ____D C:\Users\Anne Grete\Downloads\Filer_for_Chokladkaka _ Recept 2012-08-23 04:06 - 2012-08-23 04:06 - 00000000 ____D C:\Users\Anne Grete\AppData\Local\Macromedia 2012-08-23 04:03 - 2012-09-16 12:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-23 04:03 - 2012-08-23 10:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-23 04:03 - 2012-08-23 04:03 - 00000000 ____D C:\Windows\System32\Macromed 2012-08-22 05:10 - 2012-09-05 04:30 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-08-22 05:07 - 2012-08-22 05:07 - 00894952 ____A (Oracle Corporation) C:\Users\Anne Grete\Downloads\jxpiinstall(2).exe ==================== 3 Months Modified Files ================== 2012-09-19 07:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-19 07:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-19 07:42 - 2012-08-16 22:47 - 00000996 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-19 07:41 - 2012-09-15 08:31 - 00001512 ____A C:\Windows\setupact.log 2012-09-19 07:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-18 10:25 - 2012-09-18 10:25 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d75f531b-4e49-4c12-9cd2-fd3808b8949e.job 2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71fa4109-7868-477d-ad8a-908d347e106a.job 2012-09-18 09:28 - 2012-09-15 08:31 - 00004504 ____A C:\Windows\PFRO.log 2012-09-18 07:01 - 2012-09-18 07:01 - 00023748 ____A C:\ComboFix.txt 2012-09-18 06:59 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-09-17 12:33 - 2012-09-15 00:29 - 04751448 ____R (Swearware) C:\Users\Anne Grete\Desktop\ComboFix.exe 2012-09-17 12:32 - 2012-09-17 12:40 - 04731392 ____A (AVAST Software) C:\Users\Anne Grete\Desktop\aswMBR.exe 2012-09-16 12:52 - 2012-08-23 04:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-16 12:48 - 2012-09-14 22:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-16 11:12 - 2009-07-13 21:08 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-16 01:57 - 2012-08-16 22:47 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-15 11:48 - 2011-06-01 12:05 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-09-15 10:52 - 2012-09-15 10:52 - 00000488 ____A C:\Windows\WindowsUpdate.log 2012-09-15 08:34 - 2012-09-15 08:48 - 00165376 ____A C:\Users\Anne Grete\Desktop\SystemLook_x64.exe 2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____A C:\Windows\setuperr.log 2012-09-07 10:11 - 2012-08-10 08:09 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForAnne Grete.job 2012-09-07 07:04 - 2012-09-14 22:29 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-05 04:30 - 2012-09-05 04:30 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-09-05 04:30 - 2012-09-05 04:30 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-09-05 04:30 - 2012-08-22 05:10 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-09-05 04:30 - 2012-04-12 10:53 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-09-05 04:30 - 2012-04-12 10:53 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-09-05 04:30 - 2010-10-23 03:21 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-09-05 00:58 - 2012-08-16 22:51 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-09-04 08:25 - 2011-04-27 11:58 - 00000350 ____A C:\Windows\Tasks\HPCeeScheduleForANNEGRETE-HP$.job 2012-08-23 12:50 - 2012-08-23 12:50 - 00010274 ____A C:\Users\Anne Grete\Downloads\Chokladkaka _ Recept.htm 2012-08-23 12:50 - 2012-08-23 12:50 - 00007229 ____A C:\Users\Anne Grete\Downloads\Oreokake _ Recept.htm 2012-08-23 10:52 - 2012-08-23 04:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-23 10:52 - 2011-07-13 23:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-22 05:07 - 2012-08-22 05:07 - 00894952 ____A (Oracle Corporation) C:\Users\Anne Grete\Downloads\jxpiinstall(2).exe 2012-08-15 23:32 - 2009-07-13 20:45 - 00426408 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-30 03:32 - 2012-07-30 03:32 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys 2012-07-18 09:31 - 2012-08-14 09:57 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-06 12:06 - 2012-08-15 12:21 - 00552448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys 2012-07-06 12:06 - 2012-08-15 12:21 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS 2012-07-04 14:04 - 2012-08-14 09:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:01 - 2012-08-14 09:57 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:01 - 2012-08-14 09:57 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:26 - 2012-08-14 09:57 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:23 - 2012-08-14 09:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-06-28 20:55 - 2012-08-15 12:19 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 20:09 - 2012-08-15 12:19 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 19:56 - 2012-08-15 12:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 19:49 - 2012-08-15 12:19 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 19:49 - 2012-08-15 12:19 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 19:48 - 2012-08-15 12:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 19:47 - 2012-08-15 12:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 19:45 - 2012-08-15 12:19 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 19:44 - 2012-08-15 12:19 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 19:43 - 2012-08-15 12:19 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 19:42 - 2012-08-15 12:19 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 19:40 - 2012-08-15 12:19 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 19:39 - 2012-08-15 12:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 19:35 - 2012-08-15 12:19 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-28 16:52 - 2012-08-15 12:19 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-28 16:27 - 2012-08-15 12:19 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-28 16:16 - 2012-08-15 12:19 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-28 16:09 - 2012-08-15 12:19 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-28 16:09 - 2012-08-15 12:19 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-28 16:08 - 2012-08-15 12:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-28 16:07 - 2012-08-15 12:19 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-28 16:06 - 2012-08-15 12:19 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-28 16:04 - 2012-08-15 12:19 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-28 16:04 - 2012-08-15 12:19 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-28 16:01 - 2012-08-15 12:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-28 16:01 - 2012-08-15 12:19 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-28 16:00 - 2012-08-15 12:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-28 15:57 - 2012-08-15 12:19 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-08-15 12:17:43 Restore point made on: 2012-08-22 05:10:16 Restore point made on: 2012-08-29 11:52:04 Restore point made on: 2012-09-05 04:29:43 Restore point made on: 2012-09-08 10:33:27 Restore point made on: 2012-09-08 10:36:31 Restore point made on: 2012-09-08 10:37:53 Restore point made on: 2012-09-10 07:51:10 Restore point made on: 2012-09-10 07:52:22 Restore point made on: 2012-09-10 13:54:08 Restore point made on: 2012-09-14 22:08:01 Restore point made on: 2012-09-14 22:09:14 Restore point made on: 2012-09-15 00:25:32 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3957.86 MB Available physical RAM: 3191.94 MB Total Pagefile: 3956.01 MB Available Pagefile: 3189.59 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:444.62 GB) (Free:375.56 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (RECOVERY) (Fixed) (Total:20.85 GB) (Free:3.03 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 6 Drive i: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:838.45 GB) NTFS 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disknr. Status Str. Ledig Dyn GPT -------- ------------- ------- ------- --- --- Disk 0 Tilkoblet 465 G byte 0 byte Disk 1 Intet medium 0 byte 0 byte Disk 2 Tilkoblet 931 G byte 0 byte Forlater DiskPart... Partitions of Disk 0: =============== Disk 0 er n† den valgte disken. Partisjonsnr. Type Str. Forskyvning ------------- ---------------- ------- ----------- Partisjon 1 Prim‘r 199 M 1024 K byte Partisjon 2 Prim‘r 444 G 200 M byte Partisjon 3 Prim‘r 20 G 444 G byte Partisjon 4 Prim‘r 103 M 465 G byte Forlater DiskPart... ================================================================================== Disk: 0 Disk 0 er n† den valgte disken. Partisjonen 1 er n† den valgte partisjonen. Partisjon 1 Type : 07 Skjult: Nei Aktiv : Ja Forskyvning i byte: 1048576 Volumnr. Bks Etikett Fs Type Str. Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volum 1 Y SYSTEM NTFS Partisjon 199 M OK Forlater DiskPart... ========================================================= Disk: 0 Disk 0 er n† den valgte disken. Partisjonen 2 er n† den valgte partisjonen. Partisjon 2 Type : 07 Skjult: Nei Aktiv : Nei Forskyvning i byte: 209715200 Volumnr. Bks Etikett Fs Type Str. Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volum 2 C NTFS Partisjon 444 G OK Forlater DiskPart... ========================================================= Disk: 0 Disk 0 er n† den valgte disken. Partisjonen 3 er n† den valgte partisjonen. Partisjon 3 Type : 07 Skjult: Nei Aktiv : Nei Forskyvning i byte: 477611687936 Volumnr. Bks Etikett Fs Type Str. Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volum 3 E RECOVERY NTFS Partisjon 20 G OK Forlater DiskPart... ========================================================= Disk: 0 Disk 0 er n† den valgte disken. Partisjonen 4 er n† den valgte partisjonen. Partisjon 4 Type : 0C Skjult: Nei Aktiv : Nei Forskyvning i byte: 499998785536 Volumnr. Bks Etikett Fs Type Str. Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volum 4 F HP_TOOLS FAT32 Partisjon 103 M OK Forlater DiskPart... ========================================================= Partitions of Disk 2: =============== Disk 2 er n† den valgte disken. Partisjonsnr. Type Str. Forskyvning ------------- ---------------- ------- ----------- Partisjon 1 Prim‘r 931 G 31 K byte Forlater DiskPart... ================================================================================== Disk: 2 Disk 2 er n† den valgte disken. Partisjonen 1 er n† den valgte partisjonen. Partisjon 1 Type : 07 Skjult: Nei Aktiv : Nei Forskyvning i byte: 32256 Volumnr. Bks Etikett Fs Type Str. Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volum 6 I Iomega HDD NTFS Partisjon 931 G OK Forlater DiskPart... ========================================================= Last Boot: 2012-09-16 00:07 ==================== End Of Log ============================= Lenke til kommentar
mobile999 Skrevet 19. september 2012 Del Skrevet 19. september 2012 Gjør et søk etter services.exe: Boot to System Recovery Options and run FRST. Type the following in the edit box after "Search:". services.exe It then should look like: Search: services.exe Click Search button and post the log (Search.txt) it makes to your reply. Lenke til kommentar
mobile999 Skrevet 19. september 2012 Del Skrevet 19. september 2012 Altså: Siste Combofix loggen sier at services.exe er infisert, denne loggen sier heller ikke at filen er reparert (noe combofix vanligvis opplyser). Frst loggen sier at filen ikke er infisert. Har du en Vista/7 installasjons cd (for feilsøking)? Dersom du starter maskinen i normal modus, har du nå trådløst nettverk/internett? Lenke til kommentar
paba Skrevet 20. september 2012 Forfatter Del Skrevet 20. september 2012 Farbar search logg: Farbar Recovery Scan Tool (x64) Version: 18-09-2012 Ran by SYSTEM at 2012-09-20 09:50:09 Running from I:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\SysWOW64\services.exe [2012-09-15 11:54] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ====== Jeg har fortsatt ikke nettverk/internett. Er snart eneste mulighet å slette alt på maskinen og få den satt opp på nytt? Vil da problemene bli borte? Hvor gjør de eventuelt det? PC ble kjøpt hos Elkjøp. Lenke til kommentar
mobile999 Skrevet 20. september 2012 Del Skrevet 20. september 2012 Datamaskinen din har en gjenopprettingspartisjon som kan brukes til å sette opp datamaskinen på nytt. Det er dette evt. Elkjøp vil gjøre og som du kan klare helt fint selv. Du må ta backup av alt som du ikke vil miste (filer lagret på maskinen og programlisenser). Det er overraskende vanskelig å ikke glemme noe. Så er spørsmålet om gjenoppretting faktisk vil løse probemet. Infeksjonen her er sannsynligvis Rootkit/Zeroaccess. Det er en vurdering jeg har gjort basert på at combifix rapporterer services.exe som infisert samt at du skriver at datamaskinen ikke har nettverk/internett. Det at combofix men ikke frst, rapporterer filen som infisert er en gåte. Det finnes selvfølgelig flere muligheter for å forsøke å fjerne infeksjonen. Download TDSSKiller and save it to your Desktop. doubleclick on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Du kan også forsøke ESETSirerefEVCleaner: http://kb.eset.com/esetkb/index?page=content&id=SOLN2895 Jeg har vel ikke så veldig stor tro på at TDSSKiller eller ESET-programmet vil løse problemet. Alternativet er å ta backup av datamaskinen og forsøke gjenoppretting eller lage en oppstarts-USB-minepenn og fortsette feilsøkingen fra den. Lenke til kommentar
paba Skrevet 20. september 2012 Forfatter Del Skrevet 20. september 2012 Da prøver jeg først TDSSKiller, og så ESET-programmet etter det. Lenke til kommentar
mobile999 Skrevet 20. september 2012 Del Skrevet 20. september 2012 (endret) glem denne Endret 20. september 2012 av mobile999 Lenke til kommentar
paba Skrevet 20. september 2012 Forfatter Del Skrevet 20. september 2012 Vet ikke om jeg har nevnt det, men problemene startet med veldig treg oppstart av programmer, og fikk så meldingen: Peer Networking Grouping har sluttet å virke, etterfulgt av feil 1067, da jeg forsøkte å gå inn og restarte PNG. Lenke til kommentar
mobile999 Skrevet 20. september 2012 Del Skrevet 20. september 2012 Husker du når problemene startet? (Dato) Lenke til kommentar
paba Skrevet 20. september 2012 Forfatter Del Skrevet 20. september 2012 Problemene startet rundt 8-9 september. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå