Sandstone50
-
Innehållsantal
758 -
Gick med
-
Besökte senast
-
Dagar vunna
1
Allt postat av Sandstone50
-
Datorn startar bra, men när jag skulle koppla upp blev det tvärstopp. Så här står det C:\Users\DiVa la Rose\Desktop\StayConnected_21_Huawei.exe Ett försök gjordes att utföra en icke tillåten åtgärd på en registrernyckel som markerats för borttagning Nu går jag och lägger mig så att jag klarar jobbet. Återkommer imorgon kväll Tack för dagens hjälp. Jag kopierade loggen och klistrar in här: ComboFix 12-02-12.01 - DiVa la Rose 2012-02-12 23:50:47.2.2 - x86 Körs från: c:\users\DiVa la Rose\Desktop\ComboFix.exe Kommandoväxlar som använts :: c:\users\DiVa la Rose\Desktop\CFScript.txt . ADS - Windows: deleted 192 bytes in 1 streams. . (((((((((((((((((((((((( Filer skapade från 2012-01-12 till 2012-02-12 )))))))))))))))))))))))))))))) . . 2012-02-12 22:58 . 2012-02-12 23:01 -------- d-----w- c:\users\DiVa la Rose\AppData\Local\temp 2012-02-12 22:58 . 2012-02-12 22:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-12 16:24 . 2012-02-12 16:24 -------- d-----w- c:\users\DiVa la Rose\AppData\Roaming\Malwarebytes 2012-02-12 16:24 . 2012-02-12 16:24 -------- d-----w- c:\programdata\Malwarebytes 2012-02-12 11:17 . 2012-02-12 11:17 -------- d-----w- c:\users\DiVa la Rose\AppData\Roaming\SUPERAntiSpyware.com 2012-02-12 11:17 . 2012-02-12 11:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-02-12 08:55 . 2012-02-12 08:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-01-28 11:09 . 2011-12-21 08:08 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-28 11:09 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-28 11:09 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-28 11:09 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-27 12:50 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-27 12:50 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-27 12:50 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-27 12:50 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-27 12:50 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-27 12:50 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-12 23:01 . 2009-07-16 10:50 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-11-26 15:22 . 2011-11-26 15:22 161792 ----a-w- c:\windows\system32\msls31.dll 2011-11-26 15:22 . 2011-11-26 15:22 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-11-26 15:22 . 2011-11-26 15:22 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-11-26 15:22 . 2011-11-26 15:22 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-11-26 15:22 . 2011-11-26 15:22 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-11-26 15:22 . 2011-11-26 15:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-11-26 15:22 . 2011-11-26 15:22 367104 ----a-w- c:\windows\system32\html.iec 2011-11-26 15:22 . 2011-11-26 15:22 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-11-26 15:22 . 2011-11-26 15:22 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-26 15:22 . 2011-11-26 15:22 152064 ----a-w- c:\windows\system32\wextract.exe 2011-11-26 15:22 . 2011-11-26 15:22 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-11-26 15:22 . 2011-11-26 15:22 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-11-26 15:22 . 2011-11-26 15:22 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-11-26 15:22 . 2011-11-26 15:22 11776 ----a-w- c:\windows\system32\mshta.exe 2011-11-26 15:22 . 2011-11-26 15:22 101888 ----a-w- c:\windows\system32\admparse.dll 2011-11-26 15:22 . 2011-11-26 15:22 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-11-26 15:22 . 2011-11-26 15:22 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-11-25 15:59 . 2012-01-13 13:06 376320 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:37 . 2011-12-16 08:50 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 20:23 . 2012-01-13 13:06 1205064 ----a-w- c:\windows\system32\ntdll.dll 2011-11-18 17:47 . 2012-01-13 13:06 66560 ----a-w- c:\windows\system32\packager.dll 2011-12-21 08:08 . 2011-07-09 13:03 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_FlingIconOverlay] @="{02696AD5-FF96-454B-9E00-81DA8B79B678}" [HKEY_CLASSES_ROOT\CLSID\{02696AD5-FF96-454B-9E00-81DA8B79B678}] 2011-03-19 11:40 94208 ----a-w- c:\program files\NCH Software\Fling\fldll.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3405048] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Winsplit"="c:\program files\WinSplit Revolution\WinSplit.exe" [2009-02-27 3958784] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-16 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-16 92704] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-24 7289376] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 540576] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704] "Telenor Stay Connected"="c:\program files\Emotum\Stay Connected\TelenorSEMobile.exe" [2010-08-03 339456] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-07-16 47672] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568] "ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fling] 2011-03-19 11:41 782340 ----a-w- c:\program files\NCH Software\Fling\fling.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu] 2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2009-03-24 11:11 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray] 2012-01-12 16:25 313160 ----a-w- c:\users\DiVa la Rose\AppData\Roaming\Smilebox\SmileboxTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-07-16 10:26 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar] 2010-09-01 15:03 4739312 ----a-w- c:\users\DiVa la Rose\AppData\Roaming\UpdateStar\UpdateStar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3] 2009-04-17 23:04 1593344 ----a-w- c:\program files\ASUS\Wireless Console 3\wcourier.exe . --- Övriga tjänster/drivrutiner i minnet --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 14:13] . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 14:13] . . ------- Extra genomsökning ------- . mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.54.122.221 195.54.122.211 FF - ProfilePath - c:\users\DiVa la Rose\AppData\Roaming\Mozilla\Firefox\Profiles\0u4bse7z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.aftonbladet.se/ . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run Sidebar = c:\program files\Windows Sidebar\sidebar.exe /autoRun?????????????????????????????????????????????????x?????????????????l?%Program . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er som "laddats" under processer som körs --------------------- . - - - - - - - > 'lsass.exe'(704) c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll . - - - - - - - > 'Explorer.exe'(2112) c:\program files\NCH Software\Fling\fldll.dll c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . ------------------------ Andra processer som körs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\windows\system32\rundll32.exe c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\windows\system32\WLANExt.exe c:\windows\System32\lpksetup.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Emotum\Stay Connected\Service.exe c:\program files\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe c:\program files\Option\Driver Installer\GtDetectSc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nlssrv32.exe c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe c:\program files\TeamViewer\Version4\TeamViewer_Service.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\servicing\TrustedInstaller.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\ASUS\ASUS Live Update\ALU.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe c:\program files\ASUS\ATK Hotkey\HControl.exe c:\program files\ASUS\ATK Hotkey\ATKOSD.exe c:\windows\System32\ACEngSvr.exe c:\program files\ASUS\ATK Hotkey\KBFiltr.exe c:\program files\ASUS\ATK Hotkey\WDC.exe c:\windows\system32\conime.exe c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Sluttid: 2012-02-13 00:06:43 - datorn startades om. ComboFix-quarantined-files.txt 2012-02-12 23:06 ComboFix2.txt 2012-02-12 18:41 . Före genomsökningen: 63 409 381 376 byte ledigt Efter genomsökningen: 63 233 380 352 byte ledigt . - - End Of File - - 638B833D326CD613D9E9FD85DA53F416 -
Här kommer länken: https://www.virustotal.com/file/aaf659e3d38ad04848a9c3ed6250b30dc13acc8ac9f527a11f0c14e6ec8735b2/analysis/1329084269/
-
Här kommer loggen, förfarandet gick inte alls som det stod i manualen, så jag hoppas att ändå blev det rätt till slut. JAg rörde ingenting medan det hela pågick. ComboFix 12-02-12.01 - DiVa la Rose 2012-02-12 19:20:22.1.2 - x86 Körs från: c:\users\DiVa la Rose\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\DiVa la Rose\AppData\Roaming\8E71.tmp c:\users\DiVa la Rose\AppData\Roaming\iSecurity.exe . . (((((((((((((((((((((((( Filer skapade från 2012-01-12 till 2012-02-12 )))))))))))))))))))))))))))))) . . 2012-02-12 18:31 . 2012-02-12 18:33 -------- d-----w- c:\users\DiVa la Rose\AppData\Local\temp 2012-02-12 18:31 . 2012-02-12 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-12 18:00 . 2012-02-12 18:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39FA1C39-F470-4EE0-ACE9-1E7F64BE2ADD}\offreg.dll 2012-02-12 16:24 . 2012-02-12 16:24 -------- d-----w- c:\users\DiVa la Rose\AppData\Roaming\Malwarebytes 2012-02-12 16:24 . 2012-02-12 16:24 -------- d-----w- c:\programdata\Malwarebytes 2012-02-12 11:17 . 2012-02-12 11:17 -------- d-----w- c:\users\DiVa la Rose\AppData\Roaming\SUPERAntiSpyware.com 2012-02-12 11:17 . 2012-02-12 11:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-02-12 08:55 . 2012-02-12 08:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-01-28 11:09 . 2011-12-21 08:08 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-28 11:09 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-28 11:09 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-28 11:09 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-27 12:50 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-27 12:50 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-27 12:50 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-27 12:50 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-27 12:50 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-27 12:50 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-12 15:49 . 2009-07-16 10:50 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-11-26 15:22 . 2011-11-26 15:22 161792 ----a-w- c:\windows\system32\msls31.dll 2011-11-26 15:22 . 2011-11-26 15:22 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-11-26 15:22 . 2011-11-26 15:22 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-11-26 15:22 . 2011-11-26 15:22 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-11-26 15:22 . 2011-11-26 15:22 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-11-26 15:22 . 2011-11-26 15:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-11-26 15:22 . 2011-11-26 15:22 367104 ----a-w- c:\windows\system32\html.iec 2011-11-26 15:22 . 2011-11-26 15:22 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-11-26 15:22 . 2011-11-26 15:22 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-26 15:22 . 2011-11-26 15:22 152064 ----a-w- c:\windows\system32\wextract.exe 2011-11-26 15:22 . 2011-11-26 15:22 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-11-26 15:22 . 2011-11-26 15:22 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-11-26 15:22 . 2011-11-26 15:22 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-11-26 15:22 . 2011-11-26 15:22 11776 ----a-w- c:\windows\system32\mshta.exe 2011-11-26 15:22 . 2011-11-26 15:22 101888 ----a-w- c:\windows\system32\admparse.dll 2011-11-26 15:22 . 2011-11-26 15:22 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-11-26 15:22 . 2011-11-26 15:22 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-11-25 15:59 . 2012-01-13 13:06 376320 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:37 . 2011-12-16 08:50 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 20:23 . 2012-01-13 13:06 1205064 ----a-w- c:\windows\system32\ntdll.dll 2011-11-18 17:47 . 2012-01-13 13:06 66560 ----a-w- c:\windows\system32\packager.dll 2011-12-21 08:08 . 2011-07-09 13:03 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_FlingIconOverlay] @="{02696AD5-FF96-454B-9E00-81DA8B79B678}" [HKEY_CLASSES_ROOT\CLSID\{02696AD5-FF96-454B-9E00-81DA8B79B678}] 2011-03-19 11:40 94208 ----a-w- c:\program files\NCH Software\Fling\fldll.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3405048] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Winsplit"="c:\program files\WinSplit Revolution\WinSplit.exe" [2009-02-27 3958784] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-16 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-16 92704] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-24 7289376] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 540576] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704] "Telenor Stay Connected"="c:\program files\Emotum\Stay Connected\TelenorSEMobile.exe" [2010-08-03 339456] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-07-16 47672] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568] "ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fling] 2011-03-19 11:41 782340 ----a-w- c:\program files\NCH Software\Fling\fling.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu] 2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2009-03-24 11:11 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray] 2012-01-12 16:25 313160 ----a-w- c:\users\DiVa la Rose\AppData\Roaming\Smilebox\SmileboxTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-07-16 10:26 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar] 2010-09-01 15:03 4739312 ----a-w- c:\users\DiVa la Rose\AppData\Roaming\UpdateStar\UpdateStar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3] 2009-04-17 23:04 1593344 ----a-w- c:\program files\ASUS\Wireless Console 3\wcourier.exe . --- Övriga tjänster/drivrutiner i minnet --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 14:13] . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 14:13] . . ------- Extra genomsökning ------- . uStart Page = hxxp://mirostart.com/?cfg=2-365-0-... mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.54.122.211 195.54.122.221 FF - ProfilePath - c:\users\DiVa la Rose\AppData\Roaming\Mozilla\Firefox\Profiles\0u4bse7z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.aftonbladet.se/ . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . HKCU-Run-AdobeBridge - (no file) HKLM-RunOnce-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe MSConfigStartUp-AdobeAAMUpdater-1 - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe MSConfigStartUp-DisableS3S4 - c:\DisableS3S4.cmd MSConfigStartUp-Internet Security - c:\users\DiVa la Rose\AppData\Roaming\isecurity.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-12 19:32 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run Sidebar = c:\program files\Windows Sidebar\sidebar.exe /autoRun?????????????????????????????????????????????????x?????????????????l?%Program . scanning hidden files ... . . C:\ADSM_PData_0150 . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er som "laddats" under processer som körs --------------------- . - - - - - - - > 'lsass.exe'(736) c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll . Sluttid: 2012-02-12 19:41:51 ComboFix-quarantined-files.txt 2012-02-12 18:41 . Före genomsökningen: 63 076 614 144 byte ledigt Efter genomsökningen: 63 379 812 352 byte ledigt . - - End Of File - - 05E9B3C0FF9915D4AF63891F876A6725
-
Cecilia! Jag fick upp en skylt där det står: PEV.exe har slutat fungera. Ett problem gjorde att programmet slutade fungera korrekt. Programmet stängs och du kommer att meddelas om det finns nåt lösning på problemet. Sen en knapp stäng program Sen ytterligare en skylt från startfältet. Datorn kan vara utsatt för risk. Din dator kan ha flera säkerhetsproblem Dock nu försvann allt förutom den första skylten och den blåa där det står nu att den raderar filer. Ska man stänga den där skylten eller ska man bara vänta?
-
Tack! Ska skrida till verket.
-
Här kommer den långa listan: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24 Run by DiVa la Rose at 17:59:09 on 2012-02-12 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3582.2070 [GMT 1:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Emotum\Stay Connected\Service.exe C:\Program Files\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe C:\Program Files\NCH Software\Fling\fling.exe C:\Program Files\Option\Driver Installer\GtDetectSc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\nlssrv32.exe C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe C:\Program Files\ASUS\ATK Hotkey\HControl.exe C:\Program Files\ASUS\Wireless Console 3\wcourier.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ASUS\ATK Hotkey\WDC.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Windows\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program files\P4G\BatteryLife.exe C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files\Emotum\Stay Connected\TelenorSEMobile.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\WinSplit Revolution\WinSplit.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Personal\bin\Personal.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Windows\system32\wuauclt.exe C:\Windows\system32\sdclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.4\Lightroom.exe C:\Windows\system32\conime.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mirostart.com/?cfg=2-365-0-... uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111023150334.dll BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [sRS Premium Sound] "c:\program files\srs labs\srs premium sound\SRSPremiumSoundBig_Small.exe" /hideme uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 uRun: [Winsplit] c:\program files\winsplit revolution\WinSplit.exe uRun: [EPSON Stylus Photo 1400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibue.exe /fu "c:\windows\temp\E_S42CE.tmp" /EF "HKCU" uRun: [AdobeBridge] uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe mRun: [Telenor Stay Connected] "c:\program files\emotum\stay connected\TelenorSEMobile.exe" -autorun mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: DhcpNameServer = 195.54.122.211 195.54.122.221 TCP: Interfaces\{04C065D1-28FB-4FAF-BBBD-A7115ADE409B} : DhcpNameServer = 195.54.122.211 195.54.122.221 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\diva la rose\appdata\roaming\mozilla\firefox\profiles\0u4bse7z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.aftonbladet.se/ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\personal\bin\np_prsnl.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-23 436728] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-23 162928] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 ESCSvc;Emotum Stay Connected Service;c:\program files\emotum\stay connected\Service.exe [2010-8-25 659752] R2 ESUSClient_B2;Telenor Sweden Software Update Service;c:\program files\telenor sweden\esus_tns\ESUS_TNS.exe [2011-3-7 358808] R2 FlingService;Fling File Transfer;c:\program files\nch software\fling\fling.exe [2011-3-19 782340] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 GtDetectSc;GtDetectSc;c:\program files\option\driver installer\GtDetectSc.exe [2009-5-4 545792] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-23 159320] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-23 145936] R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-5-8 66560] R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\srs labs\srs premium sound\SRS_VolSync.exe [2009-4-7 70880] R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-7-30 185640] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-4-21 90112] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-5-1 70656] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-23 171296] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-23 58456] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-6-26 66080] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-7-16 233128] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-23 136176] S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-7 6656] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-5-1 101504] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-5-1 116736] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-8-2 55264] S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344] S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-23 136176] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-23 85152] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-02-12 16:24:50 -------- d-----w- c:\users\diva la rose\appdata\roaming\Malwarebytes 2012-02-12 16:24:45 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-02-12 16:24:43 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-12 16:24:43 -------- d-----w- c:\programdata\Malwarebytes 2012-02-12 16:24:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-12 11:17:20 -------- d-----w- c:\users\diva la rose\appdata\roaming\SUPERAntiSpyware.com 2012-02-12 11:17:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-02-12 08:55:40 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-02-11 16:47:13 849920 ----a-w- c:\users\diva la rose\appdata\roaming\isecurity.exe 2012-02-11 16:47:13 849920 ----a-w- c:\users\diva la rose\appdata\roaming\8E71.tmp 2012-02-11 09:33:42 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll 2012-01-28 11:09:17 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll 2012-01-28 11:09:17 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll 2012-01-28 11:09:17 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll 2012-01-28 11:09:17 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll 2012-01-27 12:50:13 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-27 12:50:13 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-27 12:50:12 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-27 12:50:12 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-27 12:50:11 9728 ----a-w- c:\windows\system32\lsass.exe 2012-01-27 12:50:11 72704 ----a-w- c:\windows\system32\secur32.dll . ==================== Find3M ==================== . 2012-02-12 15:49:04 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll 2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll . ============= FINISH: 17:59:36,44 =============== Jag förstår inte så mycket men du vet säkert vad som är vad.
-
Jag har inte vågat ha den uppkopplat men det är kanske inte så farligt.
-
Var ska man klistra in den här DDS förstår inte riktigt.
-
Tack för tipset! Ska testa med Malwarebytes.
-
Den korrekta namnet blir det: Super anti spywear Men kanske var så super val för den är just klar och inget märkligt hamnat i dess nät.
-
Det har inte gått så lysande men läget kanske något ljusare. Har startat i säkertläge (tror att det heter så.) Det heter nog annat men kommer inte ihåg. Letat fram autostartmappen och där hittade jag det programmet som ställer till.Bockade ur den Gjorde en systemåterställning ( tog en vecka senare inställningar, för du fungerade ju allt) Startade om ..verkade fungera, startade Spyware för stor skanning. Kom en skylt upp att: "Systemåterställningen kunde inte utföras. Ett okänt fel inträffade under systemåterställningen" Och nu väntar jag att Spyware blir klar och det kan ta tid. DDS filen har jag hämtat. Men på den här mini datorn har jag windows 7 medan på problemdatorn har Vista. Så jag vågade inte lägga över så att inte blir ytterligare problem. Började kolla om jag ska köpa ny dator.
-
Tack Cecilia! Det räcker så länge för en nybörjare på problemsidan.
-
Ja, jag kunde starta i felsäkertläge. men vad gör man sen?
-
Medan jag väntar på ett svar har testat även att gå in på regedit.exe men den blir låst omedelbart. Försökte genom aktivitetshanteraren. Kom in där sen blev låst och den vägen inte heller fungerar nu. Så vad kan jag göra mer?
-
Jag fick i en s.k. "internet Security" i min dator. Den har tagit helt och hållet över och kan inte göra nåt på datorn längre. Försökte köra sytemåterställning men det ända som händer att det kommer upp en skylt att File sdcl.exe is can not start. infected byw32//blaster.worm och att jag ska använda den ovannämnda programmet för att åtgärda programmet.. Jag körde mcAffie men utan nåt resultat. Försökte även lägga in en spyware med en skivas hjälp. Den i princip tuggade sönder även skivan. Det lät så i alla fall.Och vägrar alla .exe filer. Sidan jag var inne var en svensk sida jag tidigare också besökt utan problem - handlar om att göra snygga hemsidor. Men minns nu inte namnet. Där dök upp en skylt nåt om Pdf...jag förstod med en gång att det är inte alls bra ..försökte lämna sidan utan att klicka på skylten men helt plötsligt tog isecurity över min dator. Finns det nåt man kan göra eller är det bäst att köpa en ny dator. Tur för minipc-n så att man kan kommunicera. Har tyvärr ingen recoveryskiva, då den inte ingick i köpet och inte förstod hur man skulle skapa en.. Och det är frågan om det skulle hjälpa. Känner mig ganska så dum. Hjälp!
-
isecuritu virus -SOS-
Sandstone50 svarade på Sandstone50's ämne i Borttagning av virus och andra skadliga program
Nej, nog är det samma dator, vet inte hur det går för henne, lovar berätta, eländigt att få dessa ormar och maskar och allt vad dom heter,. Mej kostade det 1000 sist jag måste få eländet åtgärdat -
isecuritu virus -SOS-
Sandstone50 svarade på Sandstone50's ämne i Borttagning av virus och andra skadliga program
Det eländiga programmet heter amicosinglun. Har hittar den på kontrollpanelen, men när jag vill avinstallera den så får jag besked om att den inte hittar exe.filen. Det blev samma sak med msconfig sökningen -
isecuritu virus -SOS-
Sandstone50 svarade på Sandstone50's ämne i Borttagning av virus och andra skadliga program
Tack, jag har sms:at svaret till henne och hoppas på att jag inte själv blir drabbad. -
isecuritu virus -SOS-
ett ämne postade Sandstone50 i Borttagning av virus och andra skadliga program
Hej, hur kan jag hjälpa min väninna som råkat ut för detta ISECURITY ?? Hon kommer inte ut på nätet utan sitter där helt hjälplös -
Jo, nog är jag säker, på utsidan står det: Office Microsoft * Tack för att du köper Microsoft. Office Hem och Student 2010. Tror jag handlade på Sveavägen
-
2010
-
Nej, tyvärr, däremot så har jag väl gjort bort mej rejält nu när jag avinstallerat eländet ?? Vet inte hur jag får in min produktnyckel- kanske inte fungerar trots att det är samma dator ?? Har kollat nätet, men inte hittat nån bra sida att installera och uppge nyckel på . Visst måste man väl kunna ominstallera på samma dator med samma produktnyckel ?? Annars står jag mej slätt... VAD göra DÅ ???
-
Tack, måste verkligen försöka mej på att avinstllera/återistallera Word... tack...
-
Gomorron !! Vad händer med dokumenten i datorn om jag avinstallerar Word och ominstallerar ?? Kan det över huvudtaget hjälpa ??- eftersom jag OFTA får upp rutan med att Word tyvärr avlutas... Blä... som om inte det räckte så låses hela datorn- går till ex. inte att klicka på avbryt....bara en gråvit skärm... Kan man få gratis uppdateringar på officepaketet ?? Sservicepack och vad det heter ?? NOVIS... är ju vad man får anses vara :-) Vart går man då ?? länk ??
-
ok, måste kanske testa firefox i stället för expolorer då ?? för detta snurrande blir an ju snurrig av.... Fantastiskt vad man kan göra och inget vet man... spara som PDF i stället för att går till utskrivningsfunktionen, jag säger då bara det, fantastiskt stort tack, har just sparat ett dokument jag skrivit i woed, fantastiskt... :) :) önskar dej en trevlig helg
