Spywarefri Forum | PCEU Virus

PCEU Virus

[ Ignorer ] MPA
16.07.2012 17:30:04 Antal indlæg: 3	Hejsa, Har fået min svigerfars pc ind til lidt afhjælpning af virus, hvergang man prøver at gå på nettet kommer der en full screen tingest op som kræver noget betaling, task-man bliver lukket efter meget meget kort tid. Kan fint genstarte i sikker tilstand osv, Håber nogen vil være søde at hjælpe mig og svigerfar På forhånd tak Har en FRST log: Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 14-07-2012 Ran by SYSTEM at 16-07-2012 17:12:16 Running from D:\ Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: Danish The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6724128 2009-02-11] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1418536 2009-01-09] (Synaptics, Inc.) HKLM\...\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [698912 2009-04-03] (Acer Incorporated) HKLM\...\Run: [LXCFCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 [73728 2005-07-20] () HKLM\...\Run: [lxecmon.exe] “C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe” [770728 2009-08-20] () HKLM\...\Run: [EzPrint] “C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe” [139944 2009-08-20] () HKLM\...\Run: [Lexmark Pro800-Pro900 Series Fax Server] “C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe” /s [316072 2009-10-01] () HKLM\...\Run: [UIExec] “C:\Program Files\Mobile Broadband\UIExec.exe” [136840 2010-03-26] () HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [37296 2012-03-27] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe” [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [MSC] “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKU\jan\...\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background [3882312 2008-12-02] (Microsoft Corporation) HKU\jan\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ================================ Services (Whitelisted) ================== 2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [723488 2009-04-03] (Acer Incorporated) 2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION) 2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION) 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-21] (Microsoft Corporation) 3 GameConsoleService; “C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe” [165416 2008-05-05] (WildTangent, Inc.) 3 GoogleDesktopManager-051210-111108; “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” [30192 2010-09-02] (Google) 3 lxcf_device; C:\Windows\system32\lxcfcoms.exe -service [491520 2005-07-25] ( ) 2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [98984 2009-07-30] (Lexmark International, Inc.) 2 lxec_device; C:\Windows\system32\lxeccoms.exe -service [598696 2009-07-30] ( ) 2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.) 3 sdAuxService; C:\Program Files\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools) 3 sdCoreService; C:\Program Files\PC Tools Security\pctsSvc.exe [1145304 2010-09-29] (PC Tools) 2 UI Assistant Service; C:\Program Files\Mobile Broadband\AssistantServices.exe [251016 2010-03-26] () 2 Automatisk LiveUpdate-planlægning; “C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” [x] 2 ekrn; “C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe” [x] 3 NisSrv; “c:\Program Files\Microsoft Security Client\NisSrv.exe” [x] 2 Norton Internet Security; “C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe” /s “Norton Internet Security” /m “C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll” /prefetch:1 [x] ========================== Drivers (Whitelisted) ============= 1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) 2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [113448 2009-02-06] (ESET) 1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [106208 2009-02-06] (ESET) 2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [92800 2009-02-06] (ESET) 3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [49664 2009-01-15] (Atheros Communications, Inc.) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [237632 2010-08-18] (PC Tools) 0 pctDS; C:\Windows\System32\drivers\pctDS.sys [338880 2010-07-16] (PC Tools) 0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [656320 2010-07-16] (PC Tools) 3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [x] 3 catchme; \??\C:\Users\jan\AppData\Local\Temp\catchme.sys [x] 3 EraserUtilDrv10633; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10633.sys [x] 3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x] 3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-16 17:12 - 2012-07-16 17:12 - 00000000 ____D C:\FRST 2012-07-16 15:49 - 2012-07-16 15:49 - 00000000 ____D C:\Windows\pss 2012-07-16 15:38 - 2012-07-16 15:38 - 00000000 ____D C:\Users\All Users\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46} 2012-07-13 16:26 - 2012-07-16 15:43 - 04503728 ___AT C:\Users\All Users\1146312soc3041542.pad 2012-07-13 02:06 - 2012-06-13 14:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-13 02:02 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-13 02:02 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-13 02:02 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-13 02:02 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-13 02:02 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-13 02:02 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-13 02:02 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-13 02:02 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-13 02:02 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-13 02:02 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-13 02:02 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-13 02:02 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-13 02:02 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-13 02:02 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-12 13:00 - 2012-07-12 13:00 - 00003084 ____A C:\Users\jan\Downloads\Opret din kode til Verified by Visa eller MasterCard® SecureCode (2).htm 2012-07-12 12:53 - 2012-07-12 12:53 - 00003084 ____A C:\Users\jan\Downloads\Opret din kode til Verified by Visa eller MasterCard® SecureCode (1).htm 2012-07-12 12:52 - 2012-07-12 12:52 - 00003084 ____A C:\Users\jan\Downloads\Opret din kode til Verified by Visa eller MasterCard® SecureCode.htm 2012-07-12 01:05 - 2012-06-08 18:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 20:46 - 2012-06-04 16:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 20:46 - 2012-06-02 01:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 20:46 - 2012-06-02 01:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 18:44 - 2012-06-05 17:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 18:44 - 2012-06-05 17:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-03 18:08 - 2012-07-16 15:40 - 00000000 ___RD C:\Users\jan\Dropbox 2012-07-03 18:08 - 2012-07-03 18:18 - 00000955 ____A C:\Users\jan\Desktop\Dropbox.lnk 2012-07-03 18:03 - 2012-07-03 18:03 - 00000000 ____D C:\Program Files\Dropbox 2012-07-03 17:57 - 2012-07-16 15:40 - 00000000 ____D C:\Users\jan\AppData\Roaming\Dropbox 2012-07-03 16:23 - 2012-07-03 16:23 - 00023040 ____A C:\Users\jan\Desktop\per nielsen.xls 2012-06-28 12:27 - 2012-07-13 04:46 - 00009916 ____A C:\Users\jan\Desktop\jack løn.xlsx 2012-06-21 05:01 - 2012-06-02 23:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-21 05:01 - 2012-06-02 23:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-21 05:01 - 2012-06-02 23:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-21 05:01 - 2012-06-02 23:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-21 05:01 - 2012-06-02 23:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-21 05:01 - 2012-06-02 23:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-21 05:01 - 2012-06-02 23:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-21 05:00 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-21 05:00 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe ============ 3 Months Modified Files ======================== 2012-07-16 16:02 - 2010-09-23 08:47 - 01518824 ____A C:\Windows\WindowsUpdate.log 2012-07-16 16:02 - 2009-10-29 05:58 - 00030267 ____A C:\lxcf.log 2012-07-16 16:02 - 2006-11-02 14:01 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-16 16:02 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-16 16:02 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-16 16:02 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-16 15:51 - 2010-02-02 05:26 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-16 15:51 - 2009-11-21 15:22 - 00172488 ____A C:\Users\All Users\lxecscan.log 2012-07-16 15:43 - 2012-07-13 16:26 - 04503728 ___AT C:\Users\All Users\1146312soc3041542.pad 2012-07-13 16:43 - 2010-09-01 07:47 - 00001356 ____A C:\Users\jan\AppData\Local\d3d9caps.dat 2012-07-13 15:32 - 2010-02-02 05:26 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-13 09:14 - 2010-11-16 04:50 - 00475296 ____A C:\Users\jan\danid.log 2012-07-13 04:46 - 2012-06-28 12:27 - 00009916 ____A C:\Users\jan\Desktop\jack løn.xlsx 2012-07-13 02:35 - 2011-05-14 12:43 - 00001933 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-07-13 02:24 - 2006-11-02 13:47 - 00304936 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-13 02:06 - 2011-05-11 13:26 - 02578532 ____A C:\Windows\System32\Drivers\Cat.DB 2012-07-13 02:03 - 2006-11-02 11:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-07-12 13:00 - 2012-07-12 13:00 - 00003084 ____A C:\Users\jan\Downloads\Opret din kode til Verified by Visa eller MasterCard® SecureCode (2).htm 2012-07-12 12:53 - 2012-07-12 12:53 - 00003084 ____A C:\Users\jan\Downloads\Opret din kode til Verified by Visa eller MasterCard® SecureCode (1).htm 2012-07-12 12:52 - 2012-07-12 12:52 - 00003084 ____A C:\Users\jan\Downloads\Opret din kode til Verified by Visa eller MasterCard® SecureCode.htm 2012-07-09 13:15 - 2010-11-16 04:50 - 01049809 ____A C:\Users\jan\danid.log.1 2012-07-03 18:18 - 2012-07-03 18:08 - 00000955 ____A C:\Users\jan\Desktop\Dropbox.lnk 2012-07-03 16:23 - 2012-07-03 16:23 - 00023040 ____A C:\Users\jan\Desktop\per nielsen.xls 2012-07-03 04:03 - 2010-01-08 16:54 - 00006456 ____A C:\Users\jan\AppData\Roaming\wklnhst.dat 2012-06-30 08:00 - 2009-09-10 18:10 - 00002619 ____A C:\Users\jan\Desktop\Microsoft Office Word 2007.lnk 2012-06-28 12:18 - 2009-09-10 18:10 - 00002537 ____A C:\Users\jan\Desktop\Microsoft Office Excel 2007.lnk 2012-06-14 12:58 - 2012-06-14 12:58 - 00000907 ____A C:\Users\jan\Desktop\igangværende nye arbejder for ib.docx - Genvej.lnk 2012-06-13 14:40 - 2012-07-13 02:06 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 18:47 - 2012-07-12 01:05 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-05 17:47 - 2012-07-11 18:44 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 17:47 - 2012-07-11 18:44 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 14:31 - 2012-06-05 14:31 - 00009672 ____A C:\Users\jan\Downloads\Skadesanmeldelse.html 2012-06-04 16:26 - 2012-07-11 20:46 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-03 12:44 - 2012-06-03 12:44 - 00000120 ____A C:\Users\jan\Desktop\Bargain Andalucia.url 2012-06-02 23:19 - 2012-06-21 05:01 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 23:19 - 2012-06-21 05:01 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 23:19 - 2012-06-21 05:01 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 23:19 - 2012-06-21 05:01 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 23:19 - 2012-06-21 05:01 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 23:12 - 2012-06-21 05:01 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 23:12 - 2012-06-21 05:01 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:19 - 2012-06-21 05:00 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:12 - 2012-06-21 05:00 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 10:07 - 2012-07-13 02:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 09:43 - 2012-07-13 02:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 09:33 - 2012-07-13 02:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 09:26 - 2012-07-13 02:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 09:25 - 2012-07-13 02:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 09:25 - 2012-07-13 02:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 09:23 - 2012-07-13 02:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 09:21 - 2012-07-13 02:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 09:20 - 2012-07-13 02:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 09:19 - 2012-07-13 02:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 09:19 - 2012-07-13 02:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 09:17 - 2012-07-13 02:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 09:16 - 2012-07-13 02:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 09:14 - 2012-07-13 02:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:04 - 2012-07-11 20:46 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-02 01:03 - 2012-07-11 20:46 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-05-21 08:16 - 2012-02-20 10:17 - 00000386 ____A C:\Users\jan\Desktop\bank nordik.url 2012-05-20 22:01 - 2012-05-20 22:01 - 00141288 ____A C:\Windows\Minidump\Mini052012-01.dmp 2012-05-20 22:01 - 2010-12-22 00:15 - 275872291 ____A C:\Windows\MEMORY.DMP 2012-05-20 19:24 - 2012-05-20 19:22 - 10300288 ____A (Microsoft Corporation) C:\Users\jan\Downloads\mseinstall.exe 2012-05-20 19:24 - 2011-04-06 18:36 - 00002198 ____A C:\Windows\epplauncher.mif 2012-05-20 09:19 - 2010-02-19 16:40 - 00000345 ____A C:\Users\jan\Desktop\Login Facebook.url 2012-05-20 08:58 - 2011-10-29 14:49 - 00000326 ____A C:\Users\jan\Desktop\Mit TDC - Mail.url 2012-05-18 17:10 - 2012-05-18 17:10 - 00004690 ____A C:\Users\jan\Downloads\Uigenkaldelig fuldmagt.odt 2012-05-12 10:36 - 2008-01-21 06:51 - 00005812 ____A C:\Windows\System32\PerfStringBackup.INI 2012-05-12 06:56 - 2012-04-23 19:59 - 00000367 ____A C:\Users\jan\Desktop\Fagservice.dk.url 2012-05-08 14:26 - 2012-05-08 14:26 - 00000108 ____A C:\Users\jan\Desktop\byggebo.url 2012-05-01 15:03 - 2012-06-13 01:06 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-25 13:17 - 2012-04-25 13:17 - 00000128 ____A C:\Users\jan\Desktop\campen aktioner.url 2012-04-23 17:00 - 2012-06-13 01:06 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 17:00 - 2012-06-13 01:06 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 17:00 - 2012-06-13 01:06 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll ZeroAccess: C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825} C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\@ C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\L C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\n C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\U C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\L\00000004.@ C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\L\00000008.@ C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\U\00000004.@ C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\U\00000008.@ C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\U\000000cb.@ C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\U\80000000.@ C:\Windows\Installer\{70c9ea7e-16c6-102d-fb51-a06c85180825}\U\80000032.@ ZeroAccess: C:\Users\jan\AppData\Local\{70c9ea7e-16c6-102d-fb51-a06c85180825} C:\Users\jan\AppData\Local\{70c9ea7e-16c6-102d-fb51-a06c85180825}\@ C:\Users\jan\AppData\Local\{70c9ea7e-16c6-102d-fb51-a06c85180825}\L C:\Users\jan\AppData\Local\{70c9ea7e-16c6-102d-fb51-a06c85180825}\n C:\Users\jan\AppData\Local\{70c9ea7e-16c6-102d-fb51-a06c85180825}\U ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: “%1” %* => OK ========================= Memory info ====================== Percentage of memory in use: 11% Total physical RAM: 3001.23 MB Available physical RAM: 2648.15 MB Total Pagefile: 2903.86 MB Available Pagefile: 2758.7 MB Total Virtual: 2047.88 MB Available Virtual: 1973.8 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:288.08 GB) (Free:197.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (HDDREG) (Removable) (Total:1.92 GB) (Free:1.75 GB) FAT 4 Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.15 GB) NTFS Partition ### Type Str. Forskydning ——————- ———————————- —————- Disk 0 Online 298 GB 0 B Disk 1 Online 3836 MB 0 B Partitions of Disk 0: =============== Partition ### Type Str. Forskydning ——————- ———————————- —————- Partition 1 OEM 10 GB 32 KB Partition 2 Prim‘r 288 GB 10 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Skjult: Ja Aktiv : Nej Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 3 X PQSERVICE NTFS Partition 10 GB I orden Skjult ================================================================================== Disk: 0 Partition 2 Type : 07 Skjult: Nej Aktiv : Ja Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 1 C OS NTFS Partition 288 GB I orden ================================================================================== Partitions of Disk 1: =============== Partition ### Type Str. Forskydning ——————- ———————————- —————- * Partition 1 Prim‘r 3836 MB 0 B ================================================================================== Disk: 1 Der er ikke valgt en partition. Der er ikke valgt nogen partition. V‘lg en partition, og pr›v igen. ================================================================================== ========================================================== Last Boot: 2012-07-16 15:57 ======================= End Of Log ==========================
[ Ignorer ] [ # 1 ] f-arn TeamSpywarefri
16.07.2012 20:04:21 Administrator Team Spywarefri Antal indlæg: 7045	Hej og velkommen til Spywarefri Fortæl lige hvilke sikkerheds ptogrammer der bruges, for jeg kan se både NOD32 Antivirus, Microsoft Security Client og Norton Internet Security ——— Start PCen som da du lavede FRST.txt. Start FRST. Skriv nedenstående i boksen efter “Search:”. services.exe Klik på Search File(s) knappen, og kopier loggen (Search.txt) herind. [ Rettet: 16.07.2012, 20:07 af f-arn TeamSpywarefri ] Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 2 ] MPA
16.07.2012 21:06:25 Antal indlæg: 3	Halløjsa og tak for det hurtige svar, Svigerfar har haft alle 3 programmer installeret, Norton var præ-installeret og røg ud efter prøve perioden udløb - NOD32 havde jeg en ekstra licens til, som igen ikke blev forlænget og her de sidste par måneder har han kørt MSE. Farbar Recovery Scan Tool Version: 14-07-2012 Ran by jan at 2012-07-16 20:59:32 Running from E:\ ================== Search: “services.exe” =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [2009-09-15 16:45] - [2009-04-11 08:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2008-01-21 04:24] - [2008-01-21 04:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C C:\Windows\System32\services.exe [2009-09-15 16:45] - [2009-04-11 08:27] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843 C:\Windows\ERDNT\cache\services.exe [2010-11-11 11:08] - [2009-04-11 08:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B === End Of Search ===
[ Ignorer ] [ # 3 ] f-arn TeamSpywarefri
16.07.2012 22:38:19 Administrator Team Spywarefri Antal indlæg: 7045	Jeg vedhæfter Fixlist.txt. Gem den på din USB nøgle. Start PCen op med Kommando prompt. (Som før) Ved Kommando prompten starter du FRST (Farbar Recovery Scan Tool) og klikker på FIX (og venter til den er færdig) Den laver Fixlog.txt, som du skal kopiere herind i dit næste indlæg. Luk Farbar Recovery Scan Tool, og genstart PCen. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 4 ] MPA
17.07.2012 16:19:06 Antal indlæg: 3	Fik kikset lidt i det efter jeg kørte fixlist.txt, den skrev noget kort og hurtigt og genstartede. Prøvede bagefter at genstarte i fejlsikret tilstand med netværk, hentede MBAM og kørte en fuld scan som fandt 60 forskellige banditter - efter endnu en genstart fik jeg lov at geninstallere MSE som fandt 2 trojans som den ryddede op i. Pt kører pc’en uden problemer og diverse programmer har gen-scannet uden at finde noget. Tak for hjælpen.
[ Ignorer ] [ # 5 ] f-arn TeamSpywarefri
17.07.2012 18:44:51 Administrator Team Spywarefri Antal indlæg: 7045	Da du mener problemet er løst, lukker jeg tråden Hvis tråden ønskes genåbnet, kan opretteren af tråden klikke på mit brugernavn -> Send privat besked. Alle andre bør lave deres egen tråd. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !