Spywarefri Forum | Pc vil ikke slukke

Pc vil ikke slukke

[ Ignorer ] SonofonoS
07.03.2010 20:27:26 Antal indlæg: 15	Hej. Min maskine er begyndt ikke at ville slukke når jeg vælger at lukke computeren. Billedet kommer godt nok frem med at computeren lukkes, men det lille roterende ikon, går på et tidspunkt i stå og så hænger computeren bare. Jeg må så holde slukknappen inde indtil maskinen slukker. Som et lille supplement til problemet har jeg opdaget et skjult vindue der ligger på skrivebordet. Jeg kan se at musemarkøren ændre sig som om der er en kant jeg kan hive, når jeg bevæger musen rundt i øverste venstre 1/4 del af skærmen. Om de to ting hænger sammen ved jeg ikke, men jeg går ud fra at chancen er ret stor. Systeminfo: Windows 7 64-bit ultimate, avast gratis virusscanner, windows “standard” sikkerhedsindstillinger, og fuldt opdateret via ms update. Det skal også lige nævnes at ved en full system scan med avast finder den, hvad den mener er, en trojan ved navn win32:trojan-gen. Filen det drejer sig om er c:\windows\sysWOW64\sshnas21.dll Håber på hjælp. SonofonoS
[ Ignorer ] [ # 1 ] Peder TeamSpywarefri
07.03.2010 20:52:34 Redaktør Team Spywarefri Antal indlæg: 12994	Hej. Hent Malwarebytes Anti-Malware herfra: http://www.besttechie.net/tools/mbam-setup.exe Eller herfra -> http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren). Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen. Kopier indholdet herind i denne tråd. Vigtigt: Du skal, inden du klikker på ”Skan” knappen i Malwarebytes Anti-Malware gå op i fanen ”Opdater”, klik på ”Tjek for opdatering”, bliv ved til den skriver du har nyeste database, (DET SKAL UDFØRES).
[ Ignorer ] [ # 2 ] SonofonoS
07.03.2010 21:25:56 Antal indlæg: 15	Så er det gjort. Her er loggen: Malwarebytes’ Anti-Malware 1.44 Database version: 3833 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 07-03-2010 20:25:23 mbam-log-2010-03-07 (20-25-23).txt Skan type: Fuldstændig skanning (C:\\|) Objekter skannet: 236020 Tid tilbagelagt: 24 minute(s), 18 second(s) Inficerede Hukommelses Processer: 0 Inficerede Hukommelses Moduler: 0 Inficerede Registeringsdatabase Nøgler: 2 Inficerede Registeringsdatabase Værdier: 0 Inficerede Registeringsdatabase Filer: 1 Inficerede Mapper: 0 Inficerede Filer: 1 Inficerede Hukommelses Processer: (Ingen mistænkelige filer fundet) Inficerede Hukommelses Moduler: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Nøgler: HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully. Inficerede Registeringsdatabase Værdier: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Filer: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Inficerede Mapper: (Ingen mistænkelige filer fundet) Inficerede Filer: C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
[ Ignorer ] [ # 3 ] Magic Emeritus
08.03.2010 05:18:11 Administrator Supporter Emeritus Antal indlæg: 29177	Lad os se om der er mere skrammel på computeren -> Hent DDS og gem programmet på dit Skrivebord: Her Dobbeltklik på DDS.scr og tillad programmet at køre. Når programmet er færdig vil det åbne to logs/tekst-filer. Gem begge filer på dit Skrivebord og kopier indholdet af txt filerne herind i dit næste indlæg. Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg. Før du sender logfilerne, beder vi dig om at fjerne enhvert P2P/fildelings program, hvis du har nogen, og dette inkluderer Bit Torrent software, før vi renser computeren.
[ Ignorer ] [ # 4 ] SonofonoS
08.03.2010 17:57:45 Antal indlæg: 15	øh, når jeg dobbeltklikker på dds.scr så åbner den bare i notepad. Hvordan får jeg det startet? SonofonoS
[ Ignorer ] [ # 5 ] SonofonoS
08.03.2010 18:10:41 Antal indlæg: 15	Nevermind - fik ændret fil-associationen. Noget autodesk-halløj der åbenbart bruger .scr som script filer. Loggen bliver lige postet lidt senere.
[ Ignorer ] [ # 6 ] SonofonoS
08.03.2010 20:22:33 Antal indlæg: 15	Her er loggen fra dds.scr UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 29-01-2010 22:05:49 System Uptime: 03-08-2010 16:50:13 (-3549 hours ago) Motherboard: \| \| P43Twins1600 Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz \| CPUSocket \| 2499/333mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 78 GiB total, 43,626 GiB free. D: is FIXED (NTFS) - 388 GiB total, 93,442 GiB free. E: is CDROM () G: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP37: 01-03-2010 16:50:35 - Windows Update RP38: 01-03-2010 21:14:57 - Installed iTunes RP39: 05-03-2010 23:18:41 - Windows Update RP40: 05-03-2010 23:41:33 - Installed Logitech ImageStudio RP41: 06-03-2010 00:00:23 - Installed Windows Media Player Firefox Plugin RP42: 06-03-2010 09:08:34 - Removed Logitech ImageStudio RP43: 07-03-2010 17:43:38 - Installed HiJackThis RP44: 08-03-2010 16:54:18 - Windows Update ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.1 - Dansk Apple Application Support Apple Software Update Ask Toolbar Autodesk Design Review 2010 Autodesk Vault 2010 (Client) avast! Free Antivirus BlackBerry Device Software v4.5.0 for the BlackBerry 8110 smartphone BS.Player FREE CCleaner Curse Client Digital Signatur erLT HiJackThis Java Auto Updater Java(TM) 6 Update 18 Logitech SetPoint Malwarebytes’ Anti-Malware ManyCam 2.4 (remove only) Microsoft .NET Framework 1.1 Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Danish) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Danish) 2007 Microsoft Office Groove MUI (Danish) 2007 Microsoft Office InfoPath MUI (Danish) 2007 Microsoft Office Live Add-in 1.4 Microsoft Office OneNote MUI (Danish) 2007 Microsoft Office Outlook MUI (Danish) 2007 Microsoft Office PowerPoint MUI (Danish) 2007 Microsoft Office Proof (Danish) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Danish) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Danish) 2007 Microsoft Office Shared MUI (Danish) 2007 Microsoft Office Word MUI (Danish) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft WSE 3.0 Runtime Mozilla Firefox (3.6) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA PhysX v8.04.25 Octoshape add-in for Adobe Flash Player Opdatering til Microsoft Office Excel 2007 Help (KB963678) Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669) Opdatering til Microsoft Office Word 2007 Help (KB963665) OpenAL QuickTime Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB973704) Security Update for Microsoft Office Excel 2007 (KB973593) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB969693) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Skype web features Skype™ 4.1 Torchlight Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office Word 2007 (KB974561) Update for Outlook 2007 Junk Email Filter (kb977719) VBA (2627.01) Winamp Winamp Detector Plug-in Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Upload Tool Windows Media Player Firefox Plugin Z Engine ==== End Of File =========================== DDS (Ver_09-12-01.01) - NTFSX64 Run by SonofonoS at 19:18:31,32 on 08-03-2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.45.1033.18.4095.2652 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\splwow64.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\SonofonoS\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll uRun: [DAEMON Tools Lite] “c:\program files (x86)\daemon tools lite\DTLite.exe” -autorun uRun: [msnmsgr] “c:\program files (x86)\windows live\messenger\msnmsgr.exe” /background uRun: [Skype] “c:\program files (x86)\skype\phone\Skype.exe” /nosplash /minimized uRun: [cdloader] “c:\users\sonofonos\appdata\roaming\mjusbsp\cdloader2.exe” MAGICJACK mRun: [avast5] “c:\program files\alwil software\avast5\avastUI.exe” /nogui mRun: [Adobe Reader Speed Launcher] “c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe” mRun: [Adobe ARM] “c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe” mRun: [SunJavaUpdateSched] “c:\program files (x86)\common files\java\java update\jusched.exe” mRun: [Zboard] c:\program files (x86)\ideazon\zengine\Zboard.exe mRun: [QuickTime Task] “c:\program files (x86)\quicktime\QTTask.exe” -atboottime mRun: [iTunesHelper] “c:\program files (x86)\itunes\iTunesHelper.exe” StartupFolder: c:\users\sonofo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\common files\logishrd\ereg\common\eReg.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&ksporter; til Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000 IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL Trusted Zone: danid.dk Trusted Zone: danskebank.dk Trusted Zone: danid.dk DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File ================= FIREFOX =================== FF - ProfilePath - c:\users\sonofo~1\appdata\roaming\mozilla\firefox\profiles\6e1r8icb.default\ FF - prefs.js: browser.search.selectedEngine - TGPit.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/ FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ——FIREFOX POLICIES—— c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“ui.use_native_colors”, true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“ui.use_native_popup_windows”, false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.enable_click_image_resizing”, true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“accessibility.browsewithcaret_shortcut.enabled”, true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“javascript.options.mem.high_water_mark”, 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“javascript.options.mem.gc_frequency”, 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“svg.smil.enabled”, false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“ui.trackpoint_hack.enabled”, -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.debug”, false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.agedWeight”, 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.bucketSize”, 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.maxTimeGroupings”, 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.timeGroupingSize”, 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.boundaryWeight”, 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.prefixWeight”, 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“html5.enable”, false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref(“security.ssl3.rsa_seed_sha”, true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref(“app.update.download.backgroundInterval”, 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref(“app.update.url.manual”, “http://www.firefox.com”); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-ja”, “mozff”); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add”, “addons.mozilla.org”); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add.36”, “getpersonas.com”); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“lightweightThemes.update.enabled”, true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“browser.allTabs.previews”, false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“plugins.hide_infobar_for_outdated_plugin”, false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“toolbar.customization.usesheet”, false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.enable”, false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.max”, 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.cachetime”, 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-29 120912] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-29 22096] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-29 63568] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-27 40384] R3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham64.sys [2006-3-12 44288] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-27 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-27 40384] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam_x64.sys [2008-3-13 27136] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-1 187392] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-1-31 1030600] =============== Created Last 30 ================ 2010-03-07 18:59:53 0 d——-w- c:\users\sonofo~1\appdata\roaming\Malwarebytes 2010-03-07 18:59:49 22104 ——a-w- c:\windows\system32\drivers\mbam.sys 2010-03-07 18:59:49 0 d——-w- c:\programdata\Malwarebytes 2010-03-07 18:59:49 0 d——-w- c:\program files (x86)\Malwarebytes’ Anti-Malware 2010-03-07 16:43:56 0 d——-w- c:\program files (x86)\TrendMicro 2010-03-06 12:39:51 0 d——-w- c:\program files (x86)\CCleaner 2010-03-06 08:09:21 0 d——-w- c:\windows\system32\appmgmt 2010-03-06 07:53:51 0 d——-w- c:\users\sonofo~1\appdata\roaming\mjusbsp 2010-03-05 22:43:05 241 ——a-w- c:\windows\QSync.INI 2010-03-05 22:42:15 0 d——-w- c:\program files (x86)\common files\Logitech 2010-03-05 22:42:14 840 ——a-w- c:\windows\_delis32.ini 2010-03-05 22:42:14 306688 ——a-w- c:\windows\IsUninst.exe 2010-03-05 22:42:02 0 d——-w- c:\program files (x86)\Windows Media Components 2010-03-04 21:22:26 0 d——-w- c:\users\sonofo~1\appdata\roaming\ManyCam 2010-03-04 21:22:26 0 d——-w- c:\program files (x86)\ManyCam 2.4 2010-03-04 21:22:22 0 d——-w- c:\program files (x86)\Ask.com 2010-03-01 20:15:27 34152 ——a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-03-01 20:15:27 126312 ——a-w- c:\windows\system32\GEARAspi64.dll 2010-03-01 20:15:27 107368 ——a-w- c:\windows\syswow64\GEARAspi.dll 2010-03-01 20:15:18 0 d——-w- c:\programdata\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} 2010-03-01 20:15:18 0 d——-w- c:\program files\iTunes 2010-03-01 20:15:18 0 d——-w- c:\program files\iPod 2010-03-01 20:15:18 0 d——-w- c:\program files (x86)\iTunes 2010-03-01 20:14:54 0 d——-w- c:\program files\Bonjour 2010-03-01 20:14:54 0 d——-w- c:\program files (x86)\Bonjour 2010-03-01 20:14:41 0 d——-w- c:\programdata\Apple Computer 2010-03-01 20:14:18 0 d——-w- c:\program files\common files\Apple 2010-03-01 20:14:03 0 d——-w- c:\programdata\Apple 2010-02-28 19:56:15 0 d——-w- c:\program files\Transmission Remote 2010-02-25 20:32:53 0 —-ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-02-25 20:32:08 190992 ——a-w- c:\windows\system32\BtCoreIf.dll 2010-02-25 20:32:04 235536 ——a-w- c:\windows\system32\kemutb.dll 2010-02-25 20:32:03 95760 ——a-w- c:\windows\system32\KemXML.dll 2010-02-25 20:32:03 232976 ——a-w- c:\windows\system32\KemUtil.dll 2010-02-25 20:32:03 158736 ——a-w- c:\windows\system32\KemWnd.dll 2010-02-25 20:31:56 0 d——-w- c:\programdata\Logitech 2010-02-25 20:31:53 0 d——-w- c:\program files\common files\Logishrd 2010-02-25 20:31:49 0 d——-w- c:\program files\Logitech 2010-02-25 20:31:45 0 d——-w- c:\programdata\LogiShrd 2010-02-25 19:26:30 0 d——-w- c:\users\sonofo~1\appdata\roaming\Ideazon 2010-02-25 19:25:43 0 d——-w- c:\program files (x86)\Ideazon 2010-02-25 19:24:26 1290780 ——a-w- c:\windows\syswow64\PerfStringBackup.INI 2010-02-25 19:23:58 0 d——-w- c:\windows\syswow64\URTTEMP 2010-02-24 12:21:33 2048 ——a-w- c:\windows\syswow64\tzres.dll 2010-02-24 12:21:33 2048 ——a-w- c:\windows\system32\tzres.dll 2010-02-24 12:21:31 716800 ——a-w- c:\windows\syswow64\jscript.dll 2010-02-23 20:29:24 466456 ——a-w- c:\windows\system32\wrap_oal.dll 2010-02-23 20:29:24 444952 ——a-w- c:\windows\syswow64\wrap_oal.dll 2010-02-23 20:29:24 122904 ——a-w- c:\windows\system32\OpenAL32.dll 2010-02-23 20:29:24 109080 ——a-w- c:\windows\syswow64\OpenAL32.dll 2010-02-23 20:29:24 0 d——-w- c:\program files (x86)\OpenAL 2010-02-23 20:27:08 0 d——-w- c:\windows\syswow64\AGEIA 2010-02-23 20:26:32 0 d——-w- c:\program files (x86)\common files\Wise Installation Wizard 2010-02-17 19:48:00 0 d——-w- c:\program files (x86)\common files\Blizzard Entertainment 2010-02-17 15:39:21 0 ——a-w- c:\users\sonofonos\temp.dat 2010-02-17 15:39:20 0 d——-w- c:\users\sonofonos\.oces 2010-02-17 15:38:37 0 d——-w- c:\programdata\Sun 2010-02-17 15:37:37 411368 ——a-w- c:\windows\syswow64\deploytk.dll 2010-02-17 15:37:37 153376 ——a-w- c:\windows\syswow64\javaws.exe 2010-02-17 15:37:37 145184 ——a-w- c:\windows\syswow64\javaw.exe 2010-02-17 15:37:37 145184 ——a-w- c:\windows\syswow64\java.exe 2010-02-17 15:32:25 0 d——-w- c:\users\sonofo~1\appdata\roaming\Cryptomathic 2010-02-17 15:31:49 0 d——-w- c:\program files\DanID 2010-02-17 15:31:45 0 dc-h—w- c:\programdata\{237893C1-591F-47E9-9771-FF1BC748C7F6} 2010-02-17 15:31:45 0 d——-w- c:\program files (x86)\DanID 2010-02-11 09:32:17 0 d——-w- c:\users\sonofo~1\appdata\roaming\InfraRecorder 2010-02-11 09:29:10 0 d——-w- c:\program files\InfraRecorder 2010-02-06 20:09:05 0 d——-w- c:\users\sonofo~1\appdata\roaming\runic games ==================== Find3M ==================== 2010-03-06 07:57:20 81508 ——a-w- c:\windows\system32\perfc006.dat 2010-03-06 07:57:20 469754 ——a-w- c:\windows\system32\perfh006.dat 2010-02-24 08:16:06 212864 ———w- c:\windows\system32\MpSigStub.exe 2010-02-11 18:53:57 38848 ——a-w- c:\windows\syswow64\avastSS.scr 2010-02-11 18:53:36 153184 ——a-w- c:\windows\syswow64\aswBoot.exe 2010-02-11 18:38:49 63568 ——a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-01-31 19:02:09 56 —-ha-w- c:\programdata\ezsidmv.dat 2010-01-30 06:49:11 834544 ——a-w- c:\windows\system32\drivers\sptd.sys 2010-01-29 21:36:26 39236 ——a-w- c:\windows\system32\perfd006.dat 2010-01-29 21:36:26 39236 ——a-w- c:\windows\inf\perflib\0406\perfd.dat 2010-01-29 21:36:26 39236 ——a-w- c:\windows\inf\perflib\0406\perfc.dat 2010-01-29 21:36:26 306636 ——a-w- c:\windows\system32\perfi006.dat 2010-01-29 21:36:26 306636 ——a-w- c:\windows\inf\perflib\0406\perfi.dat 2010-01-29 21:36:26 306636 ——a-w- c:\windows\inf\perflib\0406\perfh.dat 2010-01-29 21:03:12 0 —-ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-01-19 09:05:57 424960 ——a-w- c:\windows\system32\secproc.dll 2010-01-19 09:05:57 422912 ——a-w- c:\windows\system32\secproc_isv.dll 2010-01-19 09:05:57 121856 ——a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-19 09:05:57 121856 ——a-w- c:\windows\system32\secproc_ssp.dll 2010-01-19 09:00:44 305152 ——a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-19 09:00:43 357888 ——a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-19 09:00:37 356352 ——a-w- c:\windows\system32\RMActivate.exe 2010-01-19 09:00:37 306688 ——a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-18 23:29:31 85504 ——a-w- c:\windows\syswow64\secproc_ssp_isv.dll 2010-01-18 23:29:31 85504 ——a-w- c:\windows\syswow64\secproc_ssp.dll 2010-01-18 23:29:31 365568 ——a-w- c:\windows\syswow64\secproc_isv.dll 2010-01-18 23:29:30 369152 ——a-w- c:\windows\syswow64\secproc.dll 2010-01-18 23:28:33 324608 ——a-w- c:\windows\syswow64\RMActivate_isv.exe 2010-01-18 23:28:33 277504 ——a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe 2010-01-18 23:28:30 320512 ——a-w- c:\windows\syswow64\RMActivate.exe 2010-01-18 23:28:30 280064 ——a-w- c:\windows\syswow64\RMActivate_ssp.exe 2010-01-11 22:19:00 159336 ——a-w- c:\windows\system32\nvvsvc.exe 2010-01-11 22:19:00 14822504 ——a-w- c:\windows\system32\nvcpl.dll 2010-01-11 22:19:00 116328 ——a-w- c:\windows\system32\nvmctray.dll 2010-01-11 22:19:00 1037416 ——a-w- c:\windows\system32\nvsvc64.dll 2010-01-11 07:12:38 381440 ——a-w- c:\windows\syswow64\iedkcs32.dll 2010-01-08 03:38:32 285696 ——a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-01-08 03:38:28 157696 ——a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-22 08:36:19 243200 ——a-w- c:\windows\system32\wow64.dll 2009-12-22 08:24:35 14336 ——a-w- c:\windows\syswow64\ntvdm64.dll 2009-12-22 08:23:35 25600 ——a-w- c:\windows\syswow64\setup16.exe 2009-12-22 08:22:10 5120 ——a-w- c:\windows\syswow64\wow32.dll 2009-12-22 04:28:10 7680 ——a-w- c:\windows\syswow64\instnm.exe 2009-12-22 04:28:08 2048 ——a-w- c:\windows\syswow64\user.exe 2009-12-19 09:51:24 1192960 ——a-w- c:\windows\system32\wininet.dll 2009-12-19 09:50:56 14848 ——a-w- c:\windows\system32\tsbyuv.dll 2009-12-19 09:49:47 1572352 ——a-w- c:\windows\system32\quartz.dll 2009-12-19 09:47:56 25088 ——a-w- c:\windows\system32\msyuv.dll 2009-12-19 09:47:53 38912 ——a-w- c:\windows\system32\msvidc32.dll 2009-12-19 09:47:46 16384 ——a-w- c:\windows\system32\msrle32.dll 2009-12-19 09:46:35 54272 ——a-w- c:\windows\system32\iyuv_32.dll 2009-12-13 09:46:36 960512 ——a-w- c:\windows\system32\CPFilters.dll 2009-12-13 09:46:36 613888 ——a-w- c:\windows\system32\psisdecd.dll 2009-12-13 09:46:34 552960 ——a-w- c:\windows\system32\msdri.dll 2009-12-13 09:30:50 641536 ——a-w- c:\windows\syswow64\CPFilters.dll 2009-12-13 09:30:50 465408 ——a-w- c:\windows\syswow64\psisdecd.dll 2009-07-14 05:37:38 31548 ——a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ——a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ——a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ——a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 —sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 —sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ——a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ——a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ——a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ——a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 —sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 —sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 —sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 19:18:41,69 ===============
[ Ignorer ] [ # 7 ] Peder TeamSpywarefri
09.03.2010 11:06:03 Redaktør Team Spywarefri Antal indlæg: 12994	Det ser godt ud, hvordan kører din pc nu?
[ Ignorer ] [ # 8 ] SonofonoS
09.03.2010 23:56:20 Antal indlæg: 15	Som hidtil. Den vil stadig ikke lukke, og det mystiske skjulte vindue ligger stadig på skrivebordet. SonofonoS
[ Ignorer ] [ # 9 ] Peder TeamSpywarefri
10.03.2010 10:11:17 Redaktør Team Spywarefri Antal indlæg: 12994	Prøv om du ikke kan systemgendanne tilbage til en dato hvor du ved den virkede?
[ Ignorer ] [ # 10 ] SonofonoS
11.03.2010 21:21:41 Antal indlæg: 15	Ok - en systemgendannelse er kørt tilbage så langt som muligt (1/3/2010) uden positivt resultat. Jeg har prøvet at scanne igen og filen sshnas21.dll er stadig inficeret.
[ Ignorer ] [ # 11 ] Peder TeamSpywarefri
12.03.2010 11:27:04 Redaktør Team Spywarefri Antal indlæg: 12994	Hent Malwarebytes Anti-Malware herfra: http://www.besttechie.net/tools/mbam-setup.exe Eller herfra -> http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren). Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen. Kopier indholdet herind i denne tråd. Vigtigt: Du skal, inden du klikker på ”Skan” knappen i Malwarebytes Anti-Malware gå op i fanen ”Opdater”, klik på ”Tjek for opdatering”, bliv ved til den skriver du har nyeste database, (DET SKAL UDFØRES). Hent OTS fra dette link http://oldtimer.geekstogo.com/OTS.exe Gem den på skrivebordet. Dobbeltklik på OTS.EXE > Under Additional Scans sæt flueben ved alle > Klik på Run Scan Der vil nu åbne en tekst fil, den lukker du bare ned, den vil nu lige på skrivebordet som OTS.Txt Den fil skal du lægge herind som en vedhæftet fil, det gør du sådan > Gå ind i din tråd, klik på ”Skriv Svar” > Klik på ”Vedhæft filer til dette indlæg” > Gennemse > Find filen og klik på den for at vedhæfte > klik ”Send indlæg”.
[ Ignorer ] [ # 12 ] SonofonoS
12.03.2010 20:39:37 Antal indlæg: 15	Her er loggen fra ots - loggen fra malwarebytes var uændret i forhold til sidst jeg kørte den. SonofonoS Vedhæftede filer OTS.txt (Filstørrelse: 385 - Downloads: 610)
[ Ignorer ] [ # 13 ] Peder TeamSpywarefri
13.03.2010 13:46:04 Redaktør Team Spywarefri Antal indlæg: 12994	Jeg kan ikke se noget i den log der skulle give problemer. Prøv og afinstaller ”Ask Toolbar” > Genstart. Kør denne online scanner, bare følg vejledning og installer det den spørger om også ”ActiveX” http://www.bitdefender.com/scanner/online/free.html Lad os høre om den fandt noget. Har der altid været installeret Win7 på den pc?