nusperaspa Skrevet 11. januar 2013 Del Skrevet 11. januar 2013 Heisann o' smarte folk. Jeg har slitt litt med pc'en i det siste (OS= Windows 7, service pack 1). Den har vært veldig treg, og jeg har mistenkt virus. Jeg kjørte derfor en dypskann med avast - som fant noen trusler, og én trussel med alvorlighetsgrad "HØY". Problemet som jeg trenger hjelp til er at jeg ikke får til å slette verken den eller noen av de andre filene. Beskjeden som står er : "Feil: Forespørselen ble ikke utført fordi en I/U-feil oppstod (1117). (se vedlegg) Jeg kan kjøre MAMB og Combofix dersom det trengs, men jeg ville poste dette før jeg avslutter avast - i tilfelle det er noe der jeg skal gjøre. Jeg har muligheten til å lukke vinduet, men ikke stort annet. Siden skanninga har stått på i hele natt, så vil jeg ikke lukke det før jeg har fått noe hjelp herfra. På forhånd tusen takk! Hilsen engstelig. Lenke til kommentar
nusperaspa Skrevet 11. januar 2013 Forfatter Del Skrevet 11. januar 2013 MAMB-loggen: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Databaseversjon: v2013.01.11.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christel :: CHRISTEL-PC [administrator] 11.01.2013 18:03:26 mbam-log-2013-01-11 (18-03-26).txt Skanntype: Hurtigsøk Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 223363 Tid tilbakelagt: 7 minutt(er), Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 0 (Ingen skadelige objekter funnet) Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 0 (Ingen skadelige objekter funnet) Filer oppdaget 0 (Ingen skadelige objekter funnet) (klar) Combofix-loggen: ComboFix 13-01-11.01 - Christel 11.01.2013 18:18:30.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.3999.1899 [GMT 1:00] Kjører fra: c:\users\Christel\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\jestertb.dll c:\windows\SysWow64\DEBUG.log c:\windows\wininit.ini . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-12-11 til 2013-01-11 ))))))))))))))))))))))))))))))))) . . 2013-01-11 17:33 . 2013-01-11 17:33 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-11 17:33 . 2013-01-11 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-11 17:14 . 2013-01-11 17:14 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CFADD3F-B063-4424-8733-C0C01661F894}\offreg.dll 2013-01-11 15:57 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CFADD3F-B063-4424-8733-C0C01661F894}\mpengine.dll 2013-01-10 14:00 . 2012-12-07 13:15 2746368 ----a-w- c:\windows\system32\gameux.dll 2013-01-10 14:00 . 2012-12-07 12:20 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2013-01-10 14:00 . 2012-12-07 12:26 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2013-01-10 14:00 . 2012-12-07 11:19 51712 ----a-w- c:\windows\system32\esrb.rs 2013-01-10 14:00 . 2012-12-07 10:46 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2013-01-10 14:00 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs 2013-01-10 14:00 . 2012-12-07 11:20 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2013-01-10 14:00 . 2012-12-07 11:19 55296 ----a-w- c:\windows\system32\cero.rs 2013-01-10 14:00 . 2012-12-07 10:46 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2013-01-10 14:00 . 2012-12-07 10:46 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2013-01-10 14:00 . 2012-12-07 10:46 55296 ----a-w- c:\windows\SysWow64\cero.rs 2013-01-10 13:58 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-10 13:58 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 21:11 . 2012-06-27 19:26 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-01-02 21:07 . 2013-01-02 21:11 -------- d-----w- c:\users\Christel\AppData\Local\iLivid 2012-12-30 13:50 . 2012-12-30 13:50 -------- d-----w- c:\users\Christel\AppData\Local\Programs 2012-12-30 12:44 . 2012-12-30 13:08 -------- d-----w- c:\users\Christel\AppData\Local\fastestd 2012-12-25 18:54 . 2012-12-25 18:54 -------- d-----w- c:\program files\iPod 2012-12-25 18:54 . 2012-12-25 18:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-25 18:54 . 2012-12-25 18:55 -------- d-----w- c:\program files\iTunes 2012-12-25 18:54 . 2012-12-25 18:55 -------- d-----w- c:\program files (x86)\iTunes 2012-12-25 18:47 . 2012-12-25 18:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-25 18:47 . 2012-12-25 18:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-25 18:47 . 2012-12-25 18:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-25 18:47 . 2012-12-25 18:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-25 18:47 . 2012-12-25 18:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-25 18:47 . 2012-12-25 18:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-25 18:47 . 2012-12-25 18:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-12-25 18:46 . 2012-12-25 18:47 -------- d-----w- c:\program files (x86)\QuickTime 2012-12-23 18:34 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-23 18:34 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-23 18:34 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-23 18:33 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-12 23:09 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 23:09 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 22:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 22:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 14:06 . 2009-11-14 13:15 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-14 15:49 . 2012-04-15 16:43 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-10 13:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-25 00:17 . 2012-11-25 00:17 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-11-25 00:17 . 2012-11-25 00:17 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2012-11-25 00:17 . 2012-11-25 00:17 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys 2012-11-12 21:46 . 2012-11-12 21:46 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-12 21:46 . 2012-05-03 12:05 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-11-12 21:46 . 2010-06-20 23:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-30 22:51 . 2009-11-12 19:26 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2011-03-01 07:55 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2009-11-12 19:26 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2009-11-12 19:26 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2009-11-12 19:26 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-03-01 07:54 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2009-11-12 19:26 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2011-03-01 07:55 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-29 19:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-29 19:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-29 19:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 16:59 . 2012-04-04 09:25 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 11:47 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Christel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Christel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Christel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-19 5629312] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1191432] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "MMReminderService"="c:\program files (x86)\Mindjet\MindManager 7\MMReminderService.exe" [2008-03-19 37144] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Christel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Christel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392] Facebook Messenger.lnk - c:\users\Christel\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-9-4 708608] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-18 1079584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BrSerIb;Brother MFC seriell grensesnittdriver (WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088] R3 BrUsbSIb;Brother MFC seriell USB-driver (WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] R3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2007-06-08 112768] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-11-25 14448] R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-09 16032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [2009-07-20 7058432] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [2009-01-30 56104] R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [2009-01-30 383784] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-12 834544] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-14 140672] S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264] S2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 787968] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-01-11 168448] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-01-11 131072] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S2 VoddlerNet;VoddlerNet;c:\program files (x86)\Voddler\service\voddler.exe [2010-03-25 1160912] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-09 50208] S3 NETw5s64;Intel® Wireless WiFi Link-kortdriver for Windows 7 64-bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] . . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-08-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624640870-1647909376-2105550097-1000Core.job - c:\users\Christel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 08:14] . 2012-08-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624640870-1647909376-2105550097-1000UA.job - c:\users\Christel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 08:14] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 19:26] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 19:26] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Christel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Christel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Christel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Christel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-19 489472] "PLFSetI"="c:\windows\PLFSetI.exe" [2009-10-28 200704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=aspire_3810tz&r=273611092106l0321z165t4831v969 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Christel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\bfinxo7j.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ . - - - - TOMME PEKERE FJERNET - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) . . . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_USERS\S-1-5-21-624640870-1647909376-2105550097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-624640870-1647909376-2105550097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2013-01-11 18:40:11 ComboFix-quarantined-files.txt 2013-01-11 17:40 ComboFix2.txt 2012-07-18 22:21 . Pre-Run: 85 184 512 000 byte ledig Post-Run: 84 791 042 048 byte ledig . - - End Of File - - 388FD5C6C3D217E211D23E11ABA64350 Lenke til kommentar
Dr.Geek Skrevet 11. januar 2013 Del Skrevet 11. januar 2013 (endret) Heisann o' smarte folk. Jeg kan kjøre MAMB og Combofix dersom det trengs, men jeg ville poste dette før jeg avslutter avast - i tilfelle det er noe der jeg skal gjøre. Jeg har muligheten til å lukke vinduet, men ikke stort annet. Siden skanninga har stått på i hele natt, så vil jeg ikke lukke det før jeg har fått noe hjelp herfra. På forhånd tusen takk! Hilsen engstelig. Hai, jeg tror dette er en feilalarm. vi må sjekke om dette evtl. er en feilalarm. Gå til denne siden: https://www.virustotal.com/ last her opp filen: PresentationBuildTask.ni.dll Hele filebanen finner du i avast loggen. Endret 11. januar 2013 av TheGenius Lenke til kommentar
nusperaspa Skrevet 11. januar 2013 Forfatter Del Skrevet 11. januar 2013 (endret) last her opp filen: Hele filebanen finner du i avast loggen. Hei! Tusen takk for svar. Jeg finner ikke loggen i avast. :/ Vet du hvor den ligger? Føler jeg har sjekka overalt. edit: Jeg sjekka fila jeg lasta opp her, og skrev adressen til fila nøyaktig sånn som den står der, og limte den inn i søkfeltet i windows startmenyen, men da kommer det ingen resultater. Jeg har også gått inn i C:\Windows\assembly , men jeg finner ingenting som heter nativeimages. Jeg kan ingenting om sånt, så jeg leter litt i mørket. Setter pris på all hjelp. Endret 11. januar 2013 av nusperaspa Lenke til kommentar
Dr.Geek Skrevet 12. januar 2013 Del Skrevet 12. januar 2013 Hei! Tusen takk for svar. Jeg finner ikke loggen i avast. :/ Vet du hvor den ligger? Føler jeg har sjekka overalt. edit: Loggen til avast postet du her i ditt start post. Det høyre bildet du laster opp. På virus total siden klicker du "choose file" og så kopierer du inn hele filebanen/adressen til: PresentationBuildTask.ni.dll Som sagt går jeg utifra at dette er feilalarm. Send inn denne filen til avast med mistanke om feilalarm. Kjør en scan med HitmanPro og post loggen: http://www.surfright.nl/en Lenke til kommentar
nusperaspa Skrevet 12. januar 2013 Forfatter Del Skrevet 12. januar 2013 Loggen til avast postet du her i ditt start post. Det høyre bildet du laster opp. På virus total siden klicker du "choose file" og så kopierer du inn hele filebanen/adressen til: Jeg vet jeg posta den i første innlegget, men jeg måtte lukke den for å kjøre combofix, og nå vet jeg ikke hvordan jeg finner tilbake til resultatloggen? Eventuelt hvordan jeg finner den fila som liksom er infisert? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå