grungewhore Skrevet 22. september 2010 Skrevet 22. september 2010 Så, i går kveld begynte internet explorer å åpne seg av seg selv. Antivirusen ga beskjed om at det var noe ugler i mosen, og at den hadde fjernet problemet, men det ser ikke ut til at det stemmer helt. Anyways, legger ved loggene dere ber om, så får dere se hva dere finner ut mbam-log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4667 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22.09.2010 18:49:48 mbam-log-2010-09-22 (18-49-48).txt Skanntype: Hurtigsøk Objekter skannet: 135671 Tid tilbakelagt: 3 minutt(er), 24 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 2 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 8 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: C:\Users\Lasse\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Agent) -> No action taken. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert C:\Users\Lasse\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. C:\Users\Lasse\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> No action taken. C:\$Recycle.Bin\S-1-5-21-2542511163-2357275084-4223500538-1000\$R5P57BM.exe (Trojan.Downloader) -> No action taken. C:\$Recycle.Bin\S-1-5-21-2542511163-2357275084-4223500538-1000\$RLTUNRZ.exe (Trojan.Downloader) -> No action taken. C:\Users\Lasse\AppData\Local\Temp\88f2486b.tmp (Trojan.Downloader) -> No action taken. C:\Users\Lasse\AppData\Local\Temp\yyed.exe (Trojan.FakeAlert) -> No action taken. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. dds-log: DDS (Ver_10-03-17.01) - NTFSX64 Run by Lasse at 18:50:39,57 on 22.09.2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.8191.6579 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\svchost.exe -k yksvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files (x86)\Cyberlink\TV Enhance\TVEService.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k WerSvcGroup c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Opera\opera.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Lasse\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5120&r=173612099306p03e5v125y48419229 uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5120&r=173612099306p03e5v125y48419229 mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5120&r=173612099306p03e5v125y48419229 mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5120&r=173612099306p03e5v125y48419229 mLocal Page = c:\windows\syswow64\blank.htm mWinlogon: Userinit=userinit.exe uWinlogon: Shell=c:\users\lasse\appdata\roaming\hotfix.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun uRun: [MSWUpdate] c:\users\lasse\appdata\roaming\lsass.exe uRun: [skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized uRun: [software Suite SE] "c:\program files (x86)\packard bell\software suite se\SoftSuiteSE.exe" /run uRun: [sansaDispatch] c:\users\lasse\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe uRun: [sony Ericsson PC Suite] "c:\program files (x86)\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon uRun: [Metropolis] rundll32.exe c:\users\lasse\appdata\local\temp\sshnas21.dll,GetHandle uRun: [3FWHZQA3LT] c:\users\lasse\appdata\local\temp\Hmh.exe mRun: [Packard Bell Photo Frame] c:\program files (x86)\packard bell photo frame\ButtonMonitor.exe -A mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED mRun: [TVEService] "c:\program files (x86)\cyberlink\tv enhance\TVEService.exe" mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files (x86)\google\gmail notifier\gnotify.exe mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [Mobile Connectivity Suite] "c:\program files (x86)\htc\htc sync\application launcher\Application Launcher.exe" /startoptions mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\zdwlan~1.lnk - c:\program files (x86)\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL {AA58ED58-01DD-4d91-8333-CF10577473F7} {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} {32099AAC-C132-4136-9E9A-4E364A424E17} {2318C2B1-4965-11d4-9B18-009027A5CD4F} mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe mRun-x64: [skytel] c:\program files\realtek\audio\hda\Skytel.exe mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe ================= FIREFOX =================== FF - ProfilePath - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\moakktp0.default\ FF - prefs.js: browser.startup.homepage - hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5120&r=173612099306p03e5v125y48419229 FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files (x86)\opera\program\plugins\np_gp.dll FF - plugin: c:\users\lasse\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-12-2 55024] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-12-3 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-12-3 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-3 81072] R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2010-2-17 25832] R2 Greg_Service;GRegService;c:\program files (x86)\packard bell\registration\GregHSRW.exe [2009-6-4 1150496] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-6-21 90112] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files (x86)\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2009-10-1 386400] R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files (x86)\cyberlink\tv enhance\kernel\tv\TVESched.exe [2009-10-1 202080] R2 Updater Service;Updater Service;c:\program files\packard bell\packard bell updater\UpdaterService.exe [2009-8-17 240160] R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-7-14 27136] R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);c:\windows\system32\drivers\y_cx88x.sys [2009-8-17 714752] R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28ux.sys [2009-6-10 867328] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-15 393216] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-17 135664] S3 HTCAND64;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 32768] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr7364.sys [2009-12-2 717312] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-6-21 113704] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-6-21 19496] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-6-21 152616] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-6-21 133160] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-6-21 34856] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-6-21 128552] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-6-21 145960] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-20 1255736] =============== Created Last 30 ================ 2010-09-21 22:20:33 0 d-----w- c:\users\lasse\appdata\roaming\Malwarebytes 2010-09-21 22:20:21 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-21 22:20:21 0 d-----w- c:\programdata\Malwarebytes 2010-09-21 22:20:21 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-09-21 18:09:32 664576 ----a-w- c:\users\lasse\appdata\roaming\hotfix.exe 2010-09-15 20:09:48 2058752 ----a-w- c:\windows\syswow64\iertutil.dll 2010-09-15 15:13:40 558592 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-29 13:47:12 0 d-----w- c:\program files (x86)\Last.fm 2010-08-29 13:46:36 5287682 ----a-w- c:\users\lasse\Last.fm-1.5.4.24567.exe 2010-08-26 19:18:32 0 d-----w- c:\program files (x86)\ATI 2010-08-26 19:17:38 0 d-----w- c:\program files\ATI Technologies 2010-08-26 19:16:54 0 d-----w- C:\ATI 2010-08-26 14:40:13 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2010-08-26 13:53:04 0 d-----w- c:\program files (x86)\Bethesda Softworks 2010-08-26 13:51:08 0 d-----w- c:\windows\syswow64\xlive 2010-08-25 22:27:00 0 d-----w- c:\program files (x86)\Black Isle 2010-08-25 20:30:48 0 d-----w- c:\program files (x86)\Divine Divinity ==================== Find3M ==================== 2010-09-19 01:58:47 73918 ----a-w- c:\windows\system32\perfc014.dat 2010-09-19 01:58:47 447972 ----a-w- c:\windows\system32\perfh014.dat 2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll 2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll 2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll 2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll 2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll 2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll 2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll 2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll 2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll 2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe 2009-09-29 00:50:29 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat 2009-09-29 00:50:29 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat 2009-09-29 00:50:29 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat 2009-09-29 00:50:29 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2008-06-11 15:12:00 776614 ----a-w- c:\program files (x86)\common files\packardbell.ico 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 18:50:56,50 =============== Håper dere kan hjelpe meg. Salute Grungie.
grungewhore Skrevet 23. september 2010 Forfatter Skrevet 23. september 2010 Så, i går kveld begynte internet explorer å åpne seg av seg selv. Antivirusen ga beskjed om at det var noe ugler i mosen, og at den hadde fjernet problemet, men det ser ikke ut til at det stemmer helt. Anyways, legger ved loggene dere ber om, så får dere se hva dere finner ut mbam-log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4667 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22.09.2010 18:49:48 mbam-log-2010-09-22 (18-49-48).txt Skanntype: Hurtigsøk Objekter skannet: 135671 Tid tilbakelagt: 3 minutt(er), 24 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 2 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 8 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: C:\Users\Lasse\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Agent) -> No action taken. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert C:\Users\Lasse\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. C:\Users\Lasse\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> No action taken. C:\$Recycle.Bin\S-1-5-21-2542511163-2357275084-4223500538-1000\$R5P57BM.exe (Trojan.Downloader) -> No action taken. C:\$Recycle.Bin\S-1-5-21-2542511163-2357275084-4223500538-1000\$RLTUNRZ.exe (Trojan.Downloader) -> No action taken. C:\Users\Lasse\AppData\Local\Temp\88f2486b.tmp (Trojan.Downloader) -> No action taken. C:\Users\Lasse\AppData\Local\Temp\yyed.exe (Trojan.FakeAlert) -> No action taken. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. dds-log: DDS (Ver_10-03-17.01) - NTFSX64 Run by Lasse at 18:50:39,57 on 22.09.2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.8191.6579 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\svchost.exe -k yksvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files (x86)\Cyberlink\TV Enhance\TVEService.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k WerSvcGroup c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Opera\opera.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Lasse\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5120&r=173612099306p03e5v125y48419229 uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5120&r=173612099306p03e5v125y48419229 mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5120&r=173612099306p03e5v125y48419229 mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5120&r=173612099306p03e5v125y48419229 mLocal Page = c:\windows\syswow64\blank.htm mWinlogon: Userinit=userinit.exe uWinlogon: Shell=c:\users\lasse\appdata\roaming\hotfix.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun uRun: [MSWUpdate] c:\users\lasse\appdata\roaming\lsass.exe uRun: [skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized uRun: [software Suite SE] "c:\program files (x86)\packard bell\software suite se\SoftSuiteSE.exe" /run uRun: [sansaDispatch] c:\users\lasse\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe uRun: [sony Ericsson PC Suite] "c:\program files (x86)\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon uRun: [Metropolis] rundll32.exe c:\users\lasse\appdata\local\temp\sshnas21.dll,GetHandle uRun: [3FWHZQA3LT] c:\users\lasse\appdata\local\temp\Hmh.exe mRun: [Packard Bell Photo Frame] c:\program files (x86)\packard bell photo frame\ButtonMonitor.exe -A mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED mRun: [TVEService] "c:\program files (x86)\cyberlink\tv enhance\TVEService.exe" mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files (x86)\google\gmail notifier\gnotify.exe mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [Mobile Connectivity Suite] "c:\program files (x86)\htc\htc sync\application launcher\Application Launcher.exe" /startoptions mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\zdwlan~1.lnk - c:\program files (x86)\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL {AA58ED58-01DD-4d91-8333-CF10577473F7} {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} {32099AAC-C132-4136-9E9A-4E364A424E17} {2318C2B1-4965-11d4-9B18-009027A5CD4F} mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe mRun-x64: [skytel] c:\program files\realtek\audio\hda\Skytel.exe mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe ================= FIREFOX =================== FF - ProfilePath - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\moakktp0.default\ FF - prefs.js: browser.startup.homepage - hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5120&r=173612099306p03e5v125y48419229 FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files (x86)\opera\program\plugins\np_gp.dll FF - plugin: c:\users\lasse\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-12-2 55024] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-12-3 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-12-3 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-3 81072] R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2010-2-17 25832] R2 Greg_Service;GRegService;c:\program files (x86)\packard bell\registration\GregHSRW.exe [2009-6-4 1150496] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-6-21 90112] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files (x86)\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2009-10-1 386400] R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files (x86)\cyberlink\tv enhance\kernel\tv\TVESched.exe [2009-10-1 202080] R2 Updater Service;Updater Service;c:\program files\packard bell\packard bell updater\UpdaterService.exe [2009-8-17 240160] R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-7-14 27136] R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);c:\windows\system32\drivers\y_cx88x.sys [2009-8-17 714752] R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28ux.sys [2009-6-10 867328] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-15 393216] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-17 135664] S3 HTCAND64;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 32768] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr7364.sys [2009-12-2 717312] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-6-21 113704] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-6-21 19496] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-6-21 152616] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-6-21 133160] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-6-21 34856] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-6-21 128552] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-6-21 145960] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-20 1255736] =============== Created Last 30 ================ 2010-09-21 22:20:33 0 d-----w- c:\users\lasse\appdata\roaming\Malwarebytes 2010-09-21 22:20:21 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-21 22:20:21 0 d-----w- c:\programdata\Malwarebytes 2010-09-21 22:20:21 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-09-21 18:09:32 664576 ----a-w- c:\users\lasse\appdata\roaming\hotfix.exe 2010-09-15 20:09:48 2058752 ----a-w- c:\windows\syswow64\iertutil.dll 2010-09-15 15:13:40 558592 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-29 13:47:12 0 d-----w- c:\program files (x86)\Last.fm 2010-08-29 13:46:36 5287682 ----a-w- c:\users\lasse\Last.fm-1.5.4.24567.exe 2010-08-26 19:18:32 0 d-----w- c:\program files (x86)\ATI 2010-08-26 19:17:38 0 d-----w- c:\program files\ATI Technologies 2010-08-26 19:16:54 0 d-----w- C:\ATI 2010-08-26 14:40:13 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2010-08-26 13:53:04 0 d-----w- c:\program files (x86)\Bethesda Softworks 2010-08-26 13:51:08 0 d-----w- c:\windows\syswow64\xlive 2010-08-25 22:27:00 0 d-----w- c:\program files (x86)\Black Isle 2010-08-25 20:30:48 0 d-----w- c:\program files (x86)\Divine Divinity ==================== Find3M ==================== 2010-09-19 01:58:47 73918 ----a-w- c:\windows\system32\perfc014.dat 2010-09-19 01:58:47 447972 ----a-w- c:\windows\system32\perfh014.dat 2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll 2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll 2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll 2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll 2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll 2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll 2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll 2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll 2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll 2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe 2009-09-29 00:50:29 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat 2009-09-29 00:50:29 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat 2009-09-29 00:50:29 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat 2009-09-29 00:50:29 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2008-06-11 15:12:00 776614 ----a-w- c:\program files (x86)\common files\packardbell.ico 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 18:50:56,50 =============== Håper dere kan hjelpe meg. Salute Grungie.
grungewhore Skrevet 23. september 2010 Forfatter Skrevet 23. september 2010 whoops, ikke helt enkelt å gjøre dette på telefonen, pc'en har gått bananas, når jeg rebooter er skjermen helt hvit, eneste som kommer opp er "biblioteker". så eh, hjelp, anyone?
AvidGamer Skrevet 23. september 2010 Skrevet 23. september 2010 Se om Microsoft Security Essentials klarer å fjerne det siden den du har ikke klarer det.
snippsat Skrevet 24. september 2010 Skrevet 24. september 2010 Merk av så MBAM sletter det den finner ikke stå -> No action taken. Ny DDS logge etter det.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå