Miskinen infisert | logg

[Donnie Darko]

Lastet ned AVG og tok en scan. Hadde visst flere trojaner; noen ble fjernet, andre ikke. Lastet derfor ned Malwarebyte og Combofix.

 

Etter jeg hadde kjørt combofix fungerte ingen programmer: "ulovlig operasjon ble forsøkt på en registernøkkel som er merket for sletting" kom på samtlige programmer når jeg forsøkte å åpne de. Gjennopprettet windows, og fant combofix loggen:

 

ComboFix 12-09-07.03 - Mathias 08.09.2012 13:24:06.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.4008.2615 [GMT 2:00]

Kjører fra: c:\users\Mathias\Downloads\ComboFix.exe

AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\Mathias\AppData\Roaming\Omapm

c:\users\Mathias\AppData\Roaming\Omapm\idne.yni

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@

c:\windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\00000004.@

c:\windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\201d3dde

c:\windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.@

c:\windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@

c:\windows\msvcr71.dll

c:\windows\SysWow64\NSREG.DLL

.

Infisert kopi av c:\windows\system32\services.exe ble funnet og desinfisert

Gjenopprettet kopi fra - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2012-08-08 til 2012-09-08 )))))))))))))))))))))))))))))))))

.

.

2012-09-08 10:52 . 2012-09-08 10:52 -------- d-----w- c:\users\Mathias\AppData\Roaming\Malwarebytes

2012-09-08 10:51 . 2012-09-08 10:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-08 10:51 . 2012-09-08 10:51 -------- d-----w- c:\programdata\Malwarebytes

2012-09-08 10:51 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-08 10:37 . 2012-09-08 10:37 -------- d-----w- c:\users\Mathias\AppData\Roaming\SUPERAntiSpyware.com

2012-09-08 10:37 . 2012-09-08 10:37 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-09-08 10:37 . 2012-09-08 10:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-09-08 10:24 . 2012-09-08 10:24 -------- d-----w- c:\users\Mathias\AppData\Roaming\AVG

2012-09-08 10:23 . 2012-09-08 10:24 -------- d-----w- c:\programdata\AVG

2012-09-08 10:23 . 2012-09-08 10:23 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2012-09-08 09:03 . 2012-09-08 09:03 -------- d-----w- c:\users\Mathias\AppData\Roaming\TuneUp Software

2012-09-08 09:03 . 2012-09-08 09:03 -------- d-----w- C:\$AVG

2012-09-08 09:02 . 2012-09-08 10:24 -------- d-----w- c:\program files (x86)\AVG

2012-09-08 08:59 . 2012-09-08 08:59 -------- d--h--w- c:\programdata\Common Files

2012-09-08 08:59 . 2012-09-08 11:12 -------- d-----w- c:\programdata\MFAData

2012-09-08 08:59 . 2012-09-08 09:07 -------- d-----w- c:\users\Mathias\AppData\Local\Avg2013

2012-09-08 08:59 . 2012-09-08 08:59 -------- d-----w- c:\users\Mathias\AppData\Local\MFAData

2012-09-07 10:57 . 2012-09-07 10:57 -------- d-----w- c:\program files (x86)\BrainWave Generator

2012-09-07 10:57 . 1997-11-19 13:49 303616 ----a-w- c:\windows\IsUninst.exe

2012-09-04 19:31 . 2012-09-04 19:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-04 19:31 . 2012-09-04 19:31 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-04 14:21 . 2012-09-04 14:21 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-26 11:39 . 2012-08-26 11:39 -------- d-----w- c:\users\Mathias\AppData\Local\Macromedia

2012-08-26 11:38 . 2012-08-26 11:38 -------- d-----w- c:\users\Mathias\AppData\Local\Mozilla

2012-08-26 11:37 . 2012-08-26 11:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-08-15 10:39 . 2009-04-16 12:08 248320 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70v.dll

2012-08-15 10:38 . 2012-08-15 10:38 -------- d-----w- c:\program files (x86)\Common Files\HP

2012-08-15 10:37 . 2012-08-15 10:37 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard

2012-08-15 10:37 . 2009-04-16 12:08 136704 ----a-w- c:\windows\system32\hpf3l70v.dll

2012-08-15 10:37 . 2012-08-15 10:37 -------- d-----w- c:\program files (x86)\HP

2012-08-15 10:36 . 2012-08-15 10:36 -------- d-----w- c:\programdata\HP

2012-08-15 10:36 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll

2012-08-15 10:36 . 2009-02-11 11:03 880640 ----a-w- c:\windows\system32\hposwia_d02c.dll

2012-08-15 10:36 . 2009-02-11 11:03 748544 ----a-w- c:\windows\system32\hpost_d02c.dll

2012-08-15 10:36 . 2009-02-11 11:03 515072 ----a-w- c:\windows\system32\hposc_d02a.dll

2012-08-15 10:36 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll

2012-08-13 14:40 . 2012-08-13 14:40 150880 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-08-12 11:58 . 2012-08-12 11:58 -------- d-----w- c:\users\Mathias\AppData\Roaming\Sony Creative Software Inc

2012-08-10 09:39 . 2008-01-30 16:36 90112 ----a-w- c:\windows\unvise32.exe

2012-08-10 09:39 . 2012-08-10 09:39 -------- d-----w- C:\Twixtor5AEManual

2012-08-10 09:37 . 2012-08-10 09:37 -------- d-----w- c:\program files (x86)\REVisionEffects

2012-08-10 02:52 . 2012-08-10 02:52 199520 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-08-10 02:52 . 2012-08-10 02:52 105312 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-08-10 02:52 . 2012-08-10 02:52 40288 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-08-09 11:56 . 2012-08-09 11:56 230240 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-08-09 11:56 . 2012-08-09 11:56 60768 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-08-09 11:56 . 2012-08-09 11:56 175968 ----a-w- c:\windows\system32\drivers\avgldx64.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-08 11:32 . 2011-10-11 15:32 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-09-04 19:31 . 2011-10-11 17:17 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-15 10:14 . 2012-07-24 14:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 10:14 . 2012-07-24 14:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 09:00 . 2011-10-15 15:11 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-09 20:40 . 2012-07-09 20:40 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2012-07-09 20:40 . 2012-07-09 20:40 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys

2012-06-29 10:04 . 2012-07-27 08:10 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34A8F603-CDEF-44FA-99A5-9128CBBDF247}\mpengine.dll

2012-06-12 03:08 . 2012-07-12 09:04 3148800 ----a-w- c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-22 1020816]

"Spotify Web Helper"="c:\users\Mathias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-20 1193176]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 5663616]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-03-31 2018032]

"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]

"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-08-29 3039352]

.

c:\users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1083680]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-7-4 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"

"SessionLogon"=c:\expressgateutil\SessionLogon.exe

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 136176]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-09 14448]

R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 136176]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-17 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-08-09 60768]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-08-09 230240]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-08-10 40288]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-08-13 150880]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-08-09 175968]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-08-10 105312]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-10 199520]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-08-20 1286392]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-08-20 5751928]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-08-20 184304]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]

S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]

S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 198480]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392]

.

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 10:14]

.

2012-09-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2449903788-1291959920-980412795-1001Core.job

- c:\users\Mathias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 22:56]

.

2012-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2449903788-1291959920-980412795-1001UA.job

- c:\users\Mathias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 22:56]

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 14:32]

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 14:32]

.

2012-09-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9173c509-2e18-4d9d-8082-0af9e721e02c.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-09-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c718cf2d-b3c2-4b89-899f-446c7da27606.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.80.1

FF - ProfilePath - c:\users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\c9gyl3wu.default\

.

- - - - TOMME PEKERE FJERNET - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-iastby - c:\users\Mathias\AppData\Roaming\iastby.dll

Toolbar-Locked - (no file)

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

.

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\WerFault.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2012-09-08 13:37:09 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2012-09-08 11:37

.

Pre-Run: 5 643 100 160 byte ledig

Post-Run: 5 355 274 240 byte ledig

.

- - End Of File - - F09F57BE92C79DD1598283E35C207EB0

[Malvado]

Last ned Hitman Pro og se om programmet kan hjelpe deg.

Har brukt det selv med hell hvor Combofix / Malwarebytes ikke har fungert.

[Dr.Geek]

Hai.

 

Du har ZeroAccess Rootkit på PCen din!:

http://hitmanpro.wordpress.com/2012/06/25/zeroaccess-from-rootkit-to-nasty-infection/

[gandi89]

glem hitmanpro har prøvd nye version hjelper ikke.

 

AVG fjerner ikke alt, bare noen

 

Husk trojan sletter noen data filer

---------------------------------------------------------------------------

 

gjør fort her

 

først prøvd den http://www.emsisoft.com/en/software/malaware/ CLOUD-SCAN den tar 1MB

 

ETTER

 

andre last den og ta deep scan på pc din http://www.emsisoft.com/en/software/antimalware/. du trenger ikke ta buy, ta kjør etter 30 dager. Gjør etter tatt cloud-scan.