Security Shield!

[bengsi]

Inlägget ovan är det programmet TDSSKiller skapade. När jag körde programmet sa den att inget hittades. Fortsätter med de övriga punkterna nu.

[bengsi]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-03 11:32:48

-----------------------------

11:32:48.902 OS Version: Windows x64 6.1.7601 Service Pack 1

11:32:48.902 Number of processors: 4 586 0x2502

11:32:48.902 ComputerName: EMMA-VAIO UserName: Emma

11:32:50.431 Initialize success

11:33:04.658 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:33:04.658 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3

11:33:04.658 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c

11:33:04.658 Disk 1 Vendor: RICOH 02 Size: 476940MB BusType: 0

11:33:04.658 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006d

11:33:04.658 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0

11:33:04.674 Disk 0 MBR read successfully

11:33:04.674 Disk 0 MBR scan

11:33:04.690 Disk 0 Windows 7 default MBR code

11:33:04.690 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14552 MB offset 2048

11:33:04.705 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29804544

11:33:04.721 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462286 MB offset 30009344

11:33:04.752 Disk 0 scanning C:\Windows\system32\drivers

11:33:12.490 Service scanning

11:33:46.248 Modules scanning

11:33:46.248 Disk 0 trace - called modules:

11:33:46.295 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

11:33:46.295 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005373060]

11:33:46.295 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80035b0e40]

11:33:46.311 5 ACPI.sys[fffff88000f887a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80042e3050]

11:33:46.311 Scan finished successfully

11:35:23.046 Disk 0 MBR has been saved successfully to "C:\Users\Emma\Desktop\MBR.dat"

11:35:23.046 The log file has been saved successfully to "C:\Users\Emma\Desktop\aswMBR.txt"

(Från aswMBR)

[bengsi]

4.Spara RougueKiller på Skrivbordet.

http://www.sur-la-to...om/RogueKiller/

Stäng av alla program.

Jag tror att länken är ofullständig? Tack för hjälpen än så länge iaf!

[MrO]

Ok testa denna då

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

[bengsi]

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: Emma [Admin rights]

Mode: Scan -- Date: 08/03/2012 12:25:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Emma\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2128678161-3252551140-423464280-1000[...]\Run : SansaDispatch (C:\Users\Emma\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

78.46.61.26 www.google-analytics.com.

78.46.61.26 ad-emea.doubleclick.net.

78.46.61.26 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-26A0RT0 +++++

--- User ---

[MBR] 36936ee8b0ff088f0bc3ce6dbaa3ae40

[bSP] dcd4736cb8dcc105dd1251df47b4ec48 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14552 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29804544 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30009344 | Size: 462286 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

------------------------------------

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: Emma [Admin rights]

Mode: Remove -- Date: 08/03/2012 12:25:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Emma\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

78.46.61.26 www.google-analytics.com.

78.46.61.26 ad-emea.doubleclick.net.

78.46.61.26 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-26A0RT0 +++++

--- User ---

[MBR] 36936ee8b0ff088f0bc3ce6dbaa3ae40

[bSP] dcd4736cb8dcc105dd1251df47b4ec48 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14552 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29804544 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30009344 | Size: 462286 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

---------------------------------

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: Emma [Admin rights]

Mode: Shortcuts HJfix -- Date: 08/03/2012 12:28:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤

Desktop: Success 1 / Fail 0

Quick launch: Success 1 / Fail 0

Programs: Success 28 / Fail 0

Start menu: Success 2 / Fail 0

User folder: Success 253 / Fail 0

My documents: Success 14 / Fail 0

My favorites: Success 0 / Fail 0

My pictures: Success 1 / Fail 0

My music: Success 18 / Fail 0

My videos: Success 0 / Fail 0

Local drives: Success 631 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored

[D:] \Device\HarddiskVolume4 -- 0x2 --> Restored

[E:] \Device\CdRom0 -- 0x5 --> Skipped

[F:] \Device\HarddiskVolume5 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

---------------------------

De tre rapporterna från RogueKiller.

[MrO]

Ok fungerar inte datorn i normalt läge?

hosts är ändrad,se hur du återställer den här:

http://support.micro...om/kb/972034/sv

Spara TFC av OldTimer på Skrivbordet.

http://oldtimer.geekstogo.com/TFC.exe

Stäng alla program och fönster.

Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).

Klicka på Start-knappen för att starta städningen.

Det kan ta några minuter och låt datorn vara ifred under tiden.

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv.

Redigerad Augusti 3, 2012 av MrO

[bengsi]

Datorn funkar sådär i normalt läge (kan flytta på dokument och så där), men varken internet eller program går att starta. Spelar det någon roll att programmen kördes i säkert läge?

[MrO]

Ok,nej det ska väl fungera ändå!

Kan du posta loggan från ComboFix?

Kör även DDS igen så får vi se hur det ser ut nu!?

[bengsi]

Jag körde aldrig klart ComboFix, utan avbröt den för jag inte visste hur jag skulle göra. Ska jag köra den? Innan eller efter TFC? (har inte hunnit med den än, har bara bytt Hosts-filen).

[MrO]

Ahh ok,bra för ComboFix brukar inte fungera nåt bra när man har 64 bitarssystem! Så skippa ComboFix och kör TFC sen postar du ny DDS

[Cecilia]

[sUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Emma\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> DELETED

Det där är ett falsklarm.

[bengsi]

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Emma at 14:15:01 on 2012-08-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3950.2591 [GMT 2:00]

.

AV: McAfee Antivirus och antispionprogram *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Antivirus och antispionprogram *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Tablet.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\TabUserW.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\system32\Tablet.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\ekort\ekort.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\SysWOW64\OBroker.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120629133947.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [spotify Web Helper] "C:\Users\Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [AdobeBridge]

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

StartupFolder: C:\Users\Emma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\Users\Emma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SKRMUR~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

uPolicies-explorer: RestrictRun = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: RestrictRun = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{36601CEE-D5D8-49CC-9878-7011DD745294} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6D7BD819-48F2-4E64-8CDB-988BAD52DF69} : DhcpNameServer = 195.54.122.199 195.54.122.204

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: VESWinlogon - VESWinlogon.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9065E913-4F23-4B47-9B5D-B055D32DB1F3}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{B164E929-A1B6-4A06-B104-2CD0E90A88FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}

TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Hosts: 78.46.61.26 www.google-analytics.com.

Hosts: 78.46.61.26 ad-emea.doubleclick.net.

Hosts: 78.46.61.26 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-28 13336]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-29 249936]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-29 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-29 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-29 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-6-29 199304]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-29 210616]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]

R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-1-13 104960]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-1-13 821760]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-1-13 571248]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 0048881343150844mcinstcleanup;McAfee Application Installer Cleanup (0048881343150844);C:\Windows\TEMP\004888~1.EXE -cleanup -nolog --> C:\Windows\TEMP\004888~1.EXE -cleanup -nolog [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-13 133104]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-2 655944]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]

S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-12-15 259192]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-28 2320920]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250056]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-13 133104]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]

S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-1-13 120104]

S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-1-13 70952]

S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-1-13 427304]

S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-1-13 75048]

S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-1-13 91432]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-1-13 361840]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]

S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-12-15 44736]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]

.

=============== Created Last 30 ================

.

2012-08-02 20:00:52 98816 ----a-w- C:\Windows\sed.exe

2012-08-02 20:00:52 518144 ----a-w- C:\Windows\SWREG.exe

2012-08-02 20:00:52 256000 ----a-w- C:\Windows\PEV.exe

2012-08-02 20:00:52 208896 ----a-w- C:\Windows\MBR.exe

2012-08-02 20:00:44 -------- d-s---w- C:\ComboFix

2012-08-02 18:06:31 -------- d-----w- C:\Users\Emma\AppData\Roaming\Malwarebytes

2012-08-02 18:06:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-02 18:06:21 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-02 18:06:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-02 15:26:44 454656 ----a-w- C:\Users\Emma\AppData\Local\eodpmun.exe

2012-08-01 22:50:34 -------- d-----w- C:\ProgramData\7531CC77000844B0C9AE2DF4F875F002

2012-07-12 20:05:44 -------- d-----w- C:\Users\Emma\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2012-07-12 20:02:52 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe

2012-07-12 20:00:48 -------- d-----w- C:\ProgramData\ALM

2012-07-12 18:50:37 -------- d-----w- C:\Users\Emma\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2012-07-12 18:50:32 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant

2012-07-12 00:02:14 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 23:58:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-07-11 23:58:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-07-11 17:18:22 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 17:17:59 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 17:17:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 17:17:58 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 17:17:57 1133568 ----a-w- C:\Windows\System32\cdosys.dll

.

==================== Find3M ====================

.

2012-07-28 11:43:33 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-28 11:43:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-25 15:13:54 162224 ----a-w- C:\Windows\System32\mfevtps.exe

.

============= FINISH: 14:18:04,63 ===============

Attach.zip

[bengsi]

Vågar inte säga något säkert, men ser inga tecken på att det är kvar när jag startar datorn nu (i normalt läge). Ovan är DDS från efter jag kört TFC.

Cecilia: ja, trodde att Sansa bara råkade komma med, det är från min mp3. Men om det försvann är det väl bara att installera om den, eller hur?

[MrO]

Hmm din hosts fil blev aldrig återställd!

Om datorn nu fungerar i vanligt läge så skanna denna fil på virustotal

1.Gå till nedanstående sida:

http://www.virustotal.com/

1: Kopiera/Klistra in ett av följande filnamn i text-fältet bredvid Bläddra-knappen

(ELLER använd Bläddra-knappen och navigera dig fram enligt nedanstående sökväg/sökvägar)

C:\Users\Emma\AppData\Local\eodpmun.exe

2: Klicka på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd).

3: Klistra in resultatet från de olika antivirusprogrammen (inkl. filstorlek) här till din tråd (dock ej Övrig information)

2.Kör sen en onlinescan

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet "Remove found threats"

Bocka för "Scan Archives

Klicka på "Advanced Settings"

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Tryck på Scan

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

[bengsi]

Här är resultatet från virustotal.com

SHA256: f20220ecaa18c52fc73147f7758d22b3a17219896d3e752c2a6a7dfcd9c82859 SHA1: 98e29f4d488252a6817997010db07b53fc14c511 MD5: 582a0be42c6c8a4da1041334c55d7d7f File size: 444.0 kB ( 454656 bytes ) File name: eodpmun.exe File type: Win32 EXE Detection ratio: 13 / 41 Analysis date: 2012-08-03 12:50:59 UTC ( 1 minut ago )

0

0

More details

Antivirus Result Update AhnLab-V3 - 20120802 AntiVir TR/Ransom.Mbro.tfw 20120803 Antiy-AVL - 20120803 Avast Win32:Trojan-gen 20120803 AVG Win32/Cryptor 20120803 BitDefender - 20120803 ByteHero - 20120723 CAT-QuickHeal - 20120803 ClamAV - 20120803 Commtouch - 20120803 Comodo - 20120803 DrWeb Trojan.Fakealert.30673 20120803 Emsisoft - 20120803 eSafe - 20120802 ESET-NOD32 a variant of Win32/Kryptik.AJIL 20120803 F-Prot - 20120803 F-Secure - 20120803 Fortinet - 20120803 GData - 20120803 Ikarus - 20120803 Jiangmin - 20120803 K7AntiVirus - 20120802 Kaspersky Trojan-Ransom.Win32.Mbro.tfw 20120803 McAfee FakeAlert-SecurityTool.fa 20120803 McAfee-GW-Edition FakeAlert-SecurityTool.fa 20120802 Microsoft Rogue:Win32/Winwebsec 20120803 Norman W32/FakeAV.BFUV 20120803 nProtect - 20120803 Panda Trj/CI.A 20120803 Rising - 20120803 Sophos Mal/EncPk-AGC 20120803 SUPERAntiSpyware - 20120803 Symantec - 20120803 TheHacker - 20120801 TotalDefense - 20120802 TrendMicro - 20120803 TrendMicro-HouseCall - 20120803 VBA32 - 20120803 VIPRE - 20120803 ViRobot Trojan.Win32.A.Mbro.454656 20120803 VirusBuster - 20120802

[bengsi]

Vad kan jag göra åt hosts-filen? Följde instruktionerna precis som det stod, och det verkade fungera åtminstone :/

För övrigt så kommer det upp små pop up-annonser i hörnet på mer eller mindre alla internetsidor jag går in på nu, inklusive den här (alltomwindows). Någon som vet varför? Har startat mitt virusprogram (McAfee) igen, och även kollat säkerhetsnivån på min webbläsare...

[MrO]

Vi får prova med hosts igen när datorn är helt ren då,McAfee ska kunna åtgärda denna fuling som du skannade!

Men kör även Onlinescanen för att se om det kan finnas mer

Dessa popups borde försvinna när vi fått datorn helt ren!

[bengsi]

Så här säger Eset online scanner log:

-------------------------

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

---------------------

Denna var den enda fil den hittade:

C:\Users\Emma\AppData\Local\eodpmun.exe a variant of Win32/Kryptik.AJIL trojan

[MrO]

Ok trodde McAfee skulle ta den men skanna då med Eget onlinescan igen och bocka i "Remove found threats" denna gång

[si3rra]

Har ju både i PM och i bengsi's andra tråd svarat på hur du enkelt och med ETT verktyg får bort det, varför allt detta krånglande med loggar?

http://forums.malwar...howtopic=107641

(blir så trött att försöka hjälpa till i ett forum där man talar inför döva öron, varför inte bara se användaren enklast möjligt sätt att bli av med det utan att krångla till det med loggar som ska granskas och olika verktyg)

Redigerad Augusti 3, 2012 av si3rra

[Cecilia]

Kan ju bero på att bengsi redan hade kört MBAM utan att det hjälpte. I tråden har det åtgärdats en del i bengsis dator som inte tas upp i instruktionen från Malwarebytes. Instruktionen är fyra månader gammal, infektionen har säkert ändrat sig under den tiden.

[si3rra]

Fast det är ju en VISS skillnad på instruktionerna här:

http://www.bleepingc...security-shield

och här: http://forums.malwar...howtopic=107641

b.la att man i den senare kör via Malwarebytes Chameleon som körs i ett skyddat läge och avslutar malware processer innan genomsökningen körs. Använde själv instruktionen för ca 1 vecka sedan och vet därav att den fungerar.

Redigerad Augusti 3, 2012 av si3rra

[Cecilia]

Visst är det skillnad, men i alla fall så kollar inte MBAM om Hostsfilen är ändrad på ett skadligt sätt, vilket den är enligt ett par loggar.

Tillägg: Att ibland tala för döva öron hör till på ett forum, det händer mig och andra då och då också.

Redigerad Augusti 3, 2012 av Cecilia

[bengsi]

Körde en helscan med McAfee, och den rapporterade så här:

Tänkte köra online-scannern igen så den kan ta bort det?

[bengsi]

Har kört onlinescannern igen, men den hittade inget den här gången. Kanske för att McAfee tagit hand om det?

Men det dyker fortfarande upp små popup-grejer på varenda sida jag går in på, som den här:

Kan jag göra något åt det?