Spywarefri Forum

Virus?

[ Ignorer ] deras4
05.08.2012 20:01:40 Antal indlæg: 113	Hej! Jeg har brug for Jeres hjælp. Håber I kan guide mig igennem til en ren og funktionel computer igen… Jeg har fulgt Jeres vejledning og kørt de forskellige scannere, men er stadig ikke fri for smuds. Mit problem startede da mit internet gik ned. Jeg blev smidt ud af browseren med en fejlmeddelelse og blev nødt til at genstarte computeren. Efterfølgende startede den op i BSOD… Efter endnu en genstart, startede systemgendannelse automatisk, og herefter begyndte problemerne at vælte ind. Til at starte med kunne jeg ikke komme på internettet. Når jeg forsøgte at finde mit netværk, både LAN og trådløst, fik jeg en meddelelse om, at jeg ikke kunne få en valid IP. Så prøvede jeg at slå min Bullguard firewall fra. Det hjalp på min internetadgang. Nu troede jeg selvfølgelig, at alt var fint, men det duer selvfølgelig ikke at bruge nettet uden en firewall så jeg prøvede at tænde Windows Firewall - uden held. Jeg får nu en besked fra Windows om, at mine firewall-indstillinger ikke er opdaterede, og når jeg forsøger at bruge de anbefalede indstillinger kommer en fejlkode 0x80070424 frem og forhindrer mig i at ændre mine firewall indstillinger. Jeg mistænker en rootkin virus, men er ikke sikker på hvordan jeg fjerner den. Desuden får jeg et par meldinger om en bug i min Java-updater… Jeg kører Windows 7 Pro. DDS giver hieroglyffer når jeg kører dds.scr filen, så den poster jeg ikke. Men logs fra øvrige scannere poster jeg efterfølgende.
[ Ignorer ] [ # 1 ] deras4
05.08.2012 20:02:09 Antal indlæg: 113	ESET Log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6fe4c38b8f3fcb4ba0b60f634fc829da # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-08-05 02:31:19 # local_time=2012-08-05 04:31:19 (+0100, Rom, sommertid) # country=“Denmark” # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=4609 16776573 60 61 158607 36032837 0 0 # compatibility_mode=5893 16776574 66 94 53841375 95796643 0 0 # compatibility_mode=8192 67108863 100 0 107 107 0 0 # scanned=215905 # found=3 # cleaned=0 # scan_time=10285 C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\n Win64/Sirefef.W trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\3e4b5dfd-5d8cf0d4 a variant of Java/Exploit.CVE-2012-1723.AB trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\n Win64/Sirefef.W trojan (unable to clean) 00000000000000000000000000000000 I
[ Ignorer ] [ # 2 ] deras4
05.08.2012 20:02:33 Antal indlæg: 113	MBAM Log: Malwarebytes Anti-Malware 1.62.0.1300 http://www.malwarebytes.org Database version: v2012.08.05.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dennis :: TEGNESTUEN_DR [administrator] 05-08-2012 16:40:00 mbam-log-2012-08-05 (16-40-00).txt Skanningstype: Fuldstændig skanning (C:\\|) Skanningsmuligheder valgt: Hukommelse \| Opstart \| Registreringsdatabasen \| Filsystem \| Heuristics/Ekstra \| Heuristics/Shuriken \| PUP \| PUM Skanningsmuligheder som er deaktiverede: P2P Objekter skannet: 387596 Tid gået: 1 time(e), 8 minut(ter), 14 sekund(er) Hukommelses Processorer Inficeret: 0 (Ingen skadelige objekter blev fundet) Hukommelses Moduler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasenøgler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabaseværdier Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasedata Objekter Inficeret: 3 HKLM\SOFTWARE\Microsoft\Security Center\|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Dårlig: (1) God: (0) -> Sat i karantæne og erstattet succesfuldt. HKLM\SOFTWARE\Microsoft\Security Center\|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Dårlig: (1) God: (0) -> Sat i karantæne og erstattet succesfuldt. HKLM\SOFTWARE\Microsoft\Security Center\|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Dårlig: (1) God: (0) -> Sat i karantæne og erstattet succesfuldt. Inficerede Mapper: 0 (Ingen skadelige objekter blev fundet) Inficerede Filer: 2 C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\n (Trojan.Sirefef) -> Bliver slettet ved genstart. C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\n (Trojan.Sirefef) -> Sat i karantæne og slettet succesfuldt. (færdig)
[ Ignorer ] [ # 3 ] deras4
05.08.2012 20:02:57 Antal indlæg: 113	SAS Log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/05/2012 at 06:35 PM Application Version : 5.5.1012 Core Rules Database Version : 9012 Trace Rules Database Version: 6824 Scan type : Complete Scan Total Scan Time : 00:40:49 Operating System Information Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 769 Memory threats detected : 0 Registry items scanned : 70148 Registry threats detected : 0 File items scanned : 71010 File threats detected : 8 Adware.Tracking Cookie C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\RD260YS9.txt [ /accounts.google.com ] C:\USERS\DENNIS\AppData\Roaming\Microsoft\Windows\Cookies\ZFI8D1JB.txt [ Cookie:dennis@www.google.com/accounts ] C:\USERS\DENNIS\AppData\Roaming\Microsoft\Windows\Cookies\H7F6UE0R.txt [ Cookie:dennis@google.com/accounts/ ] C:\USERS\DENNIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis@www.google[3].txt [ Cookie:dennis@www.google.com/accounts ] C:\USERS\DENNIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis@google[2].txt [ Cookie:dennis@google.com/accounts/ ] C:\USERS\DENNIS\Cookies\ZFI8D1JB.txt [ Cookie:dennis@www.google.com/accounts ] C:\USERS\DENNIS\Cookies\RD260YS9.txt [ Cookie:dennis@accounts.google.com/ ] C:\USERS\DENNIS\Cookies\H7F6UE0R.txt [ Cookie:dennis@google.com/accounts/ ]
[ Ignorer ] [ # 4 ] Magic Spyhunter
05.08.2012 23:40:33 Administrator Supporter Emeritus Antal indlæg: 32078	Hej Du skal helst downloade fra en anden PC. ——— Til 32 bit Windows, hent Farbar Recovery Scan Tool og gem den på en USB nøgle. Sæt USB nøglen i den inficerede PC. Start PCen op med “Advanced Boot Options” (Tryk F8 flere gange under opstart) Vælg “Repair Your Computer” Vælg sprog. Vælg Bruger konto. Så skal du vælge Kommando Prompt. Der skriver du notepad, og trykker <Enter> Vælg Fil menu -> Åbn og vælg “Computer”. Find drevbogstavet til din USB nøgle. Luk Notesblok. Ved Kommando prompten skriver du e:\frst.exe Erstat e med det rigtige bogstav. Når Farbar Recovery Scan Tool er startet, klikker du på Scan. Den laver FRST.txt på USB nøglen. Kopier den herind i dit næste indlæg. Signatur Sund Computer fornuft
[ Ignorer ] [ # 5 ] deras4
06.08.2012 07:46:27 Antal indlæg: 113	Hej. Jeg har nu prøvet at ligge filen på både en usb-nøgle og en extern harddisk. Ingen af delene virker… Når jeg skriver f:\frst.exe (f er navnet på det korrekte drev), skriver den at: “Det undersystem, der skal bruges til at understøtte afbildningstypen, er ikke til stede.” Betyder det noget, at jeg kører 64-bit W7?
[ Ignorer ] [ # 6 ] Magic Spyhunter
06.08.2012 11:05:18 Administrator Supporter Emeritus Antal indlæg: 32078	Ja det gør det, det er denne du skal hente og bruge: http://download.bleepingcomputer.com/farbar/FRST64.exe Beklager Signatur Sund Computer fornuft
[ Ignorer ] [ # 7 ] deras4
06.08.2012 16:31:07 Antal indlæg: 113	Efter at have prøvet 5-6 gange og fået beskeden “missing operational system” ved gentagne F8 klik, fik jeg endelig adgang til Advanced Boot Options… Her er hvad frst64.exe gav af log: Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03 Ran by SYSTEM at 06-08-2012 16:26:00 Running from F:\ Windows 7 Professional Service Pack 1 (X64) OS Language: Danish The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-07] (IDT, Inc.) HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-01-14] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-01-14] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-01-14] (Intel Corporation) HKLM\...\Run: [IntelPROSet] “C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe” /tf Intel PROSet/Wireless [1934608 2010-12-23] (Intel(R) Corporation) HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [BullGuard] “C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe” -boot [1863008 2012-07-29] (BullGuard Ltd.) HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1694016 2011-09-07] () HKLM\...\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1086848 2012-04-30] (FileOpen Systems Inc.) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM-x32\...\Run: [IMSS] “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe” [112152 2011-01-17] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] “C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe” /mode2 [462993 2010-03-12] (Creative Technology Ltd) HKLM-x32\...\Run: [RemoteControl9] “C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe” [87336 2009-07-06] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] “C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe” [50472 2010-04-29] (CyberLink Corp.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [RoxWatchTray] “C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe” [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] “C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe” [514544 2010-11-17] () HKLM-x32\...\Run: [Adobe ARM] “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [843712 2012-01-03] (Adobe Systems Incorporated) HKU\Dennis\...\Run: [Pogoplug Backup] “C:\Program Files (x86)\PogoplugBackup\PogoplugMonitor.exe” [310592 2012-03-08] (Cloud Engines Inc.) HKU\Dennis\...\Run: [Spotify Web Helper] “C:\Users\Dennis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe” [932528 2012-06-29] () HKU\Dennis\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-07-10] (SUPERAntiSpyware.com) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) Tcpip\Parameters: [DhcpNameServer] 193.162.153.164 194.239.134.83 AppInit_DLLs: C:\Windows\system32\nvinitx.dll BgGamingMonitor.dll Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ==================== Services (Whitelisted) ====== 2 !SASCORE; “C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE” [140672 2011-08-12] (SUPERAntiSpyware.com) 2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [71520 2012-06-14] (BullGuard Ltd.) 2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [368480 2012-06-14] (BullGuard Ltd.) 2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [274784 2012-06-14] (BullGuard Ltd.) 2 BsFire; C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll [575840 2012-06-20] (BullGuard Ltd.) 2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [508256 2012-06-20] (BullGuard Ltd.) 2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [281440 2012-06-27] (BullGuard Ltd.) 2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [199520 2012-06-14] (BullGuard Ltd.) 2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [379744 2012-06-20] (BullGuard Ltd.) 2 DokanCEMounter; C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe [115520 2012-03-08] (Cloud Engines) 3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-01-24] (Dassault Systèmes) 2 FileOpenManagerSvc; “C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe” [334720 2012-04-30] (FileOpen Systems Inc.) 2 HBAdmin; C:\Program Files (x86)\Pogoplug\HBPLUG\HBADMIN.exe [891200 2012-01-31] (Cloud Engines, Inc.) 2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () 2 RoxWatch12; “C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe” [219632 2010-11-25] (Sonic Solutions) 2 Secunia PSI Agent; “C:\Program Files (x86)\Secunia\PSI\PSIA.exe”—start-service [1326176 2012-07-25] (Secunia) 2 Secunia Update Agent; “C:\Program Files (x86)\Secunia\PSI\sua.exe”—start-service [681056 2012-07-25] (Secunia) 2 simptcp; C:\Windows\SysWow64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation) 3 stllssvr; “C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe” [74392 2010-11-08] (MicroVision Development, Inc.) 2 tcsd_win32.exe; “C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe” [1629696 2010-07-13] () 4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation) 2 UNS; “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe” [2656280 2011-01-17] (Intel Corporation) 2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) ========================== Drivers (Whitelisted) ============= 1 AFW; C:\Windows\System32\Drivers\AFW.sys [38528 2012-06-20] (Agnitum Ltd.) 3 afwcore; C:\Windows\System32\Drivers\afwcore.sys [445568 2012-06-20] (Agnitum Ltd.) 1 BdSpy; C:\Windows\System32\Drivers\BdSpy.sys [66272 2011-06-15] (BullGuard Ltd.) 2 DokanCEDriver; \??\C:\Program Files (x86)\PogoplugBackup\dokance.sys [66880 2012-03-08] (Cloud Engines) 1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [256072 2012-03-05] (NovaShield, Inc.) 1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [25160 2012-03-05] (NovaShield, Inc.) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 3 Trufos; C:\Windows\System32\Drivers\Trufos.sys [290376 2012-03-05] (BitDefender S.R.L.) 3 xcetap0; C:\Windows\System32\Drivers\xcetap0.sys [39232 2012-01-13] (Cloud Engines, Inc.) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-06 16:25 - 2012-08-06 16:26 - 00000000 ____D C:\FRST 2012-08-05 18:30 - 2012-08-05 18:30 - 00544008 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll 2012-08-05 18:30 - 2012-08-05 18:30 - 00191240 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe 2012-08-05 18:30 - 2012-08-05 18:30 - 00172296 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe 2012-08-05 18:30 - 2012-08-05 18:30 - 00172296 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe 2012-08-05 18:30 - 2012-08-05 18:30 - 00000000 ____D C:\Program Files\Java 2012-08-05 18:26 - 2012-08-05 18:26 - 03098616 ____A (Secunia) C:\Users\Dennis\Downloads\PSISetup.exe 2012-08-05 18:26 - 2012-08-05 18:26 - 00000000 ____D C:\Users\Dennis\AppData\Local\Secunia PSI 2012-08-05 18:26 - 2012-08-05 18:26 - 00000000 ____D C:\Program Files (x86)\Secunia 2012-08-05 16:52 - 2012-08-05 16:52 - 18967544 ____A (SUPERAntiSpyware.com) C:\Users\Dennis\Downloads\SUPERAntiSpyware.exe 2012-08-05 16:52 - 2012-08-05 16:52 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-08-05 16:52 - 2012-08-05 16:52 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\SUPERAntiSpyware.com 2012-08-05 16:52 - 2012-08-05 16:52 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-08-05 16:52 - 2012-08-05 16:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-08-05 15:38 - 2012-08-05 15:38 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-05 15:37 - 2012-08-05 15:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes’ Anti-Malware 2012-08-05 15:37 - 2012-08-05 15:37 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Malwarebytes 2012-08-05 15:37 - 2012-08-05 15:37 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-08-05 15:37 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-05 15:37 - 2010-04-29 14:39 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys 2012-08-05 15:36 - 2012-08-05 15:36 - 06153352 ____A (Malwarebytes Corporation ) C:\Users\Dennis\Downloads\mbam-setup.exe 2012-08-05 12:38 - 2012-08-05 12:38 - 00000000 ____D C:\Program Files (x86)\ESET 2012-08-05 12:33 - 2012-08-06 15:18 - 00000560 ____A C:\Windows\setupact.log 2012-08-05 12:33 - 2012-08-05 12:33 - 00000000 ____A C:\Windows\setuperr.log 2012-08-05 12:32 - 2012-08-05 16:50 - 00000942 ____A C:\Windows\PFRO.log 2012-08-05 10:47 - 2012-08-05 10:47 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-08-05 10:47 - 2012-08-05 10:47 - 00000000 ____D C:\Program Files\CCleaner 2012-08-05 10:45 - 2012-08-05 18:35 - 00000000 ____D C:\Users\Dennis\Desktop\SWF 2012-08-05 10:38 - 2012-05-04 12:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2012-08-05 10:38 - 2012-05-04 10:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2012-08-05 10:04 - 2012-08-05 10:04 - 00016220 ____A C:\WirelessDiagLog.csv 2012-07-16 21:26 - 2012-07-16 21:26 - 00000000 ____D C:\Users\Dennis\Documents\Dell WebCam Central 2012-07-16 21:26 - 2012-07-16 21:26 - 00000000 ____D C:\Users\All Users\Creative 2012-07-11 13:42 - 2012-06-12 04:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 13:39 - 2012-06-02 13:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 13:39 - 2012-06-02 13:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 13:39 - 2012-06-02 13:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 13:39 - 2012-06-02 13:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 13:39 - 2012-06-02 13:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 13:39 - 2012-06-02 13:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 13:39 - 2012-06-02 13:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 13:39 - 2012-06-02 13:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 13:39 - 2012-06-02 13:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 13:39 - 2012-06-02 13:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 13:39 - 2012-06-02 12:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 13:39 - 2012-06-02 12:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 13:39 - 2012-06-02 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 13:39 - 2012-06-02 12:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 13:39 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-11 13:39 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-11 13:39 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-11 13:39 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-11 13:39 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-11 13:39 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-11 13:39 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-11 13:39 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-11 13:39 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-11 13:39 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-11 13:39 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-11 13:39 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-11 13:39 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-11 13:39 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 06:54 - 2012-06-09 06:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 06:54 - 2012-06-09 05:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 06:54 - 2012-06-06 07:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 06:54 - 2012-06-06 07:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 06:54 - 2012-06-06 07:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 06:54 - 2012-06-06 06:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 06:54 - 2012-06-06 06:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 06:54 - 2012-06-06 06:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 06:54 - 2012-06-02 06:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 06:54 - 2012-06-02 06:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 06:54 - 2012-06-02 06:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 06:54 - 2012-06-02 06:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 06:54 - 2012-06-02 06:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 06:54 - 2012-06-02 05:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 06:54 - 2012-06-02 05:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 06:54 - 2012-06-02 05:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 06:54 - 2012-06-02 05:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 06:54 - 2010-06-26 04:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 06:54 - 2010-06-26 04:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-07 14:45 - 2010-02-23 09:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe ============ 3 Months Modified Files ======================== 2012-08-06 15:21 - 2011-07-08 16:50 - 01207593 ____A C:\Windows\WindowsUpdate.log 2012-08-06 15:19 - 2011-07-17 20:59 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-06 15:19 - 2011-07-17 19:14 - 00000796 ____A C:\Windows\System32\config\afw_hm.conf 2012-08-06 15:19 - 2011-07-17 19:14 - 00000004 ____A C:\Windows\System32\config\afw_db.conf 2012-08-06 15:18 - 2012-08-05 12:33 - 00000560 ____A C:\Windows\setupact.log 2012-08-06 15:18 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-06 06:47 - 2009-07-14 05:45 - 00025040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-06 06:47 - 2009-07-14 05:45 - 00025040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-05 21:37 - 2012-04-04 21:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-05 21:35 - 2011-07-17 20:59 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-05 18:30 - 2012-08-05 18:30 - 00544008 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll 2012-08-05 18:30 - 2012-08-05 18:30 - 00191240 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe 2012-08-05 18:30 - 2012-08-05 18:30 - 00172296 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe 2012-08-05 18:30 - 2012-08-05 18:30 - 00172296 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe 2012-08-05 18:30 - 2011-07-08 22:57 - 00525576 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll 2012-08-05 18:26 - 2012-08-05 18:26 - 03098616 ____A (Secunia) C:\Users\Dennis\Downloads\PSISetup.exe 2012-08-05 16:52 - 2012-08-05 16:52 - 18967544 ____A (SUPERAntiSpyware.com) C:\Users\Dennis\Downloads\SUPERAntiSpyware.exe 2012-08-05 16:52 - 2012-08-05 16:52 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-08-05 16:50 - 2012-08-05 12:32 - 00000942 ____A C:\Windows\PFRO.log 2012-08-05 15:38 - 2012-08-05 15:38 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-05 15:36 - 2012-08-05 15:36 - 06153352 ____A (Malwarebytes Corporation ) C:\Users\Dennis\Downloads\mbam-setup.exe 2012-08-05 12:33 - 2012-08-05 12:33 - 00000000 ____A C:\Windows\setuperr.log 2012-08-05 10:47 - 2012-08-05 10:47 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-08-05 10:04 - 2012-08-05 10:04 - 00016220 ____A C:\WirelessDiagLog.csv 2012-08-04 09:05 - 2011-07-20 13:05 - 00264378 ____A C:\Users\Dennis\danid.log 2012-08-03 12:37 - 2012-04-04 21:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-03 12:37 - 2011-07-17 21:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-02 09:36 - 2012-06-17 17:30 - 00002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-07-28 08:20 - 2012-04-18 20:55 - 00001029 ____A C:\Users\Dennis\Desktop\Dropbox.lnk 2012-07-23 15:14 - 2010-11-21 09:43 - 00507462 ____A C:\Windows\System32\perfh006.dat 2012-07-23 15:14 - 2010-11-21 09:43 - 00097692 ____A C:\Windows\System32\perfc006.dat 2012-07-23 15:14 - 2009-07-14 06:13 - 01373392 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-11 17:22 - 2011-07-20 13:05 - 01052350 ____A C:\Users\Dennis\danid.log.1 2012-07-11 13:44 - 2009-07-14 05:45 - 00433824 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 13:40 - 2011-07-17 19:59 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-06 07:33 - 2009-07-14 06:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-03 17:27 - 2012-06-10 11:45 - 00000194 ___AH C:\Users\Dennis\Documents\Drawing1.dwl2 2012-07-03 17:27 - 2012-06-10 11:45 - 00000044 ___AH C:\Users\Dennis\Documents\Drawing1.dwl 2012-07-03 12:46 - 2012-08-05 15:37 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-20 20:14 - 2012-06-20 20:14 - 00000195 ___AH C:\Users\Dennis\Documents\Drawing3.dwl2 2012-06-20 20:14 - 2012-06-20 20:14 - 00000045 ___AH C:\Users\Dennis\Documents\Drawing3.dwl 2012-06-20 19:07 - 2012-06-20 19:07 - 00000195 ___AH C:\Users\Dennis\Documents\Drawing2.dwl2 2012-06-20 19:07 - 2012-06-20 19:07 - 00000045 ___AH C:\Users\Dennis\Documents\Drawing2.dwl 2012-06-20 17:15 - 2012-06-20 17:15 - 00148611 ____A C:\Users\Dennis\Downloads\Fastlock_download.zip 2012-06-20 16:42 - 2011-06-15 11:32 - 00445568 ___RA (Agnitum Ltd.) C:\Windows\System32\Drivers\AfwCore.sys 2012-06-20 16:42 - 2011-06-15 11:32 - 00038528 ___RA (Agnitum Ltd.) C:\Windows\System32\Drivers\Afw.sys 2012-06-12 04:08 - 2012-07-11 13:42 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-09 06:43 - 2012-07-11 06:54 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-09 05:41 - 2012-07-11 06:54 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-06 07:06 - 2012-07-11 06:54 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-06 07:06 - 2012-07-11 06:54 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-06 07:02 - 2012-07-11 06:54 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-06 06:05 - 2012-07-11 06:54 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-06 06:05 - 2012-07-11 06:54 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-06 06:03 - 2012-07-11 06:54 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-03 13:03 - 2012-04-10 17:12 - 00001945 ____A C:\Users\Public\Desktop\Sonos.lnk 2012-06-02 23:19 - 2012-06-21 20:52 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 23:19 - 2012-06-21 20:52 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 23:19 - 2012-06-21 20:52 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 23:19 - 2012-06-21 20:52 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 23:19 - 2012-06-21 20:52 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 23:15 - 2012-06-21 20:52 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 23:15 - 2012-06-21 20:52 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:19 - 2012-06-21 20:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:15 - 2012-06-21 20:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 13:49 - 2012-07-11 13:39 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 13:17 - 2012-07-11 13:39 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 13:12 - 2012-07-11 13:39 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 13:05 - 2012-07-11 13:39 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 13:05 - 2012-07-11 13:39 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 13:04 - 2012-07-11 13:39 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 13:04 - 2012-07-11 13:39 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 13:03 - 2012-07-11 13:39 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 13:01 - 2012-07-11 13:39 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 13:00 - 2012-07-11 13:39 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 12:59 - 2012-07-11 13:39 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 12:57 - 2012-07-11 13:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 12:57 - 2012-07-11 13:39 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 12:54 - 2012-07-11 13:39 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 10:07 - 2012-07-11 13:39 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 09:43 - 2012-07-11 13:39 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 09:33 - 2012-07-11 13:39 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 09:26 - 2012-07-11 13:39 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 09:25 - 2012-07-11 13:39 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 09:25 - 2012-07-11 13:39 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 09:23 - 2012-07-11 13:39 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 09:21 - 2012-07-11 13:39 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 09:20 - 2012-07-11 13:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 09:19 - 2012-07-11 13:39 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 09:19 - 2012-07-11 13:39 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 09:17 - 2012-07-11 13:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 09:16 - 2012-07-11 13:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 09:14 - 2012-07-11 13:39 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-02 06:50 - 2012-07-11 06:54 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-02 06:48 - 2012-07-11 06:54 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-02 06:48 - 2012-07-11 06:54 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 06:45 - 2012-07-11 06:54 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-02 06:44 - 2012-07-11 06:54 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-02 05:40 - 2012-07-11 06:54 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-02 05:40 - 2012-07-11 06:54 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-02 05:39 - 2012-07-11 06:54 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-02 05:34 - 2012-07-11 06:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-21 17:40 - 2012-05-21 17:40 - 00002214 ____A C:\Users\Public\Desktop\Google Earth.lnk 2012-05-14 17:01 - 2012-05-14 16:43 - 00062230 ____A C:\Windows\SysWOW64\DellSystem.xml 2012-05-14 16:43 - 2012-05-14 16:43 - 00000000 ____A C:\Windows\invcol.tmp 2012-05-14 16:38 - 2012-05-14 16:18 - 00001195 ____A C:\Users\Public\Desktop\Diablo III.lnk ZeroAccess: C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af} C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\@ C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\L C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\U C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\U\00000001.@ C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\U\800000cb.@ ZeroAccess: C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af} C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\@ C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\L C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\U C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\U\00000001.@ C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\U\800000cb.@ ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: “%1” %* => OK ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 8148.9 MB Available physical RAM: 7318.8 MB Total Pagefile: 8147.1 MB Available Pagefile: 7301.73 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:697.86 GB) (Free:619.39 GB) NTFS 3 Drive f: () (Removable) (Total:0.49 GB) (Free:0.49 GB) FAT 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.51 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Str. Ledig Dyn GPT ——————————- ———- ———- —- —- Disk 0 Online 698 GB 3072 KB Disk 1 Online 500 MB 0 B Partitions of Disk 0: =============== Partition ### Type Str. Forskydning ——————- ———————————- —————- Partition 1 OEM 39 MB 31 KB Partition 2 Prim‘r 752 MB 40 MB Partition 3 Prim‘r 697 GB 792 MB ================================================================================== Disk: 0 Partition 1 Type : DE Skjult: Ja Aktiv : Nej Forskydning i byte: 32256 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 4 FAT Partition 39 MB I orden Skjult ================================================================================== Disk: 0 Partition 2 Type : 07 Skjult: Nej Aktiv : Ja Forskydning i byte: 41943040 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 1 Y RECOVERY NTFS Partition 752 MB I orden ================================================================================== Disk: 0 Partition 3 Type : 07 Skjult: Nej Aktiv : Nej Forskydning i byte: 830472192 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 2 C OS NTFS Partition 697 GB I orden ================================================================================== Partitions of Disk 1: =============== Partition ### Type Str. Forskydning ——————- ———————————- —————- Partition 1 Prim‘r 499 MB 236 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Skjult: Nej Aktiv : Nej Forskydning i byte: 241664 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 3 F FAT Flytbar 499 MB I orden ================================================================================== ========================================================== Last Boot: 2012-07-28 09:43 ======================= End Of Log ==========================
[ Ignorer ] [ # 8 ] Magic Spyhunter
06.08.2012 17:20:34 Administrator Supporter Emeritus Antal indlæg: 32078	Der er vedhæftet en fil til dette indlæg med navnet fixlist.txt gem den samme sted som FRST Start PCen op med Kommando prompt. (Som før) Ved Kommando prompten starter du FRST (Farbar Recovery Scan Tool) og klikker på FIX (og venter til den er færdig) Den laver Fixlog.txt på USB nøglen. Kopier Fixlog.txt ind i dit næste indlæg, sammen med en combolog. Hent Combofix, og gem den på dit skrivebord: Her NB -> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind. Den kan også findes her - > C: combofix txt Vedhæftede filer fixlist.txt (Filstørrelse: 1 - Downloads: 29) Signatur Sund Computer fornuft
[ Ignorer ] [ # 9 ] deras4
06.08.2012 17:52:47 Antal indlæg: 113	Selvom jeg deaktiverede BullGuard, skrev Combofix at den havde registreret dem som aktive. Combofix kørte dog alligevel, så jeg regner ikke med at det har haft nogen betydning? Den kom du frem med en fejl 3 gange: Application Error “... in module ‘ERUNT.3XE’...”. Herunder de to logfiler Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 03 Ran by SYSTEM at 2012-08-06 17:27:35 Run:1 Running from F:\ ============================================== C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af} moved successfully. C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\@ not found. C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\L not found. C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\U not found. C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\U\00000001.@ not found. C:\Windows\Installer\{4b15b008-b978-43ff-96e3-a2e116d082af}\U\800000cb.@ not found. C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af} moved successfully. C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\@ not found. C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\L not found. C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\U not found. C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\U\00000001.@ not found. C:\Users\Dennis\AppData\Local\{4b15b008-b978-43ff-96e3-a2e116d082af}\U\800000cb.@ not found. ==== End of Fixlog ==== ——————————————————————————————————————————————- ComboFix 12-08-05.02 - Dennis 06-08-2012 17:37:29.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1030.18.8149.5890 [GMT 2:00] Kører fra: c:\users\Dennis\Desktop\ComboFix.exe AV: BullGuard Antivirus Enabled/Updated {504FFF66-3028-EB7E-2E60-62B19ADD791C} FW: BullGuard Firewall Disabled {68747E43-7A47-EA26-053F-CB84640E3E67} SP: BullGuard Antispyware Enabled/Updated {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\windows\SysWow64\DEBUG.log c:\windows\SysWow64\instsrv.exe . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-07-06 til 2012-08-06 ))))))))))))))))))))))))))))))))))) . . 2012-08-06 15:41 . 2012-08-06 15:41 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-08-06 15:25 . 2012-08-06 15:26 ———— d——-w- C:\FRST 2012-08-05 17:30 . 2012-08-05 17:30 544008 ——a-w- c:\windows\system32\npdeployJava1.dll 2012-08-05 17:30 . 2012-08-05 17:30 191240 ——a-w- c:\windows\system32\javaws.exe 2012-08-05 17:30 . 2012-08-05 17:30 172296 ——a-w- c:\windows\system32\javaw.exe 2012-08-05 17:30 . 2012-08-05 17:30 172296 ——a-w- c:\windows\system32\java.exe 2012-08-05 17:30 . 2012-08-05 17:30 ———— d——-w- c:\program files\Java 2012-08-05 17:26 . 2012-08-05 17:26 ———— d——-w- c:\users\Dennis\AppData\Local\Secunia PSI 2012-08-05 17:26 . 2012-08-05 17:26 ———— d——-w- c:\program files (x86)\Secunia 2012-08-05 15:52 . 2012-08-05 15:52 ———— d——-w- c:\users\Dennis\AppData\Roaming\SUPERAntiSpyware.com 2012-08-05 15:52 . 2012-08-05 15:52 ———— d——-w- c:\program files\SUPERAntiSpyware 2012-08-05 15:52 . 2012-08-05 15:52 ———— d——-w- c:\programdata\SUPERAntiSpyware.com 2012-08-05 14:37 . 2012-08-05 14:37 ———— d——-w- c:\users\Dennis\AppData\Roaming\Malwarebytes 2012-08-05 14:37 . 2010-04-29 13:39 38224 ——a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2012-08-05 14:37 . 2012-08-05 14:38 ———— d——-w- c:\program files (x86)\Malwarebytes’ Anti-Malware 2012-08-05 14:37 . 2012-08-05 14:37 ———— d——-w- c:\programdata\Malwarebytes 2012-08-05 14:37 . 2012-07-03 11:46 24904 ——a-w- c:\windows\system32\drivers\mbam.sys 2012-08-05 11:38 . 2012-08-05 11:38 ———— d——-w- c:\program files (x86)\ESET 2012-08-05 09:47 . 2012-08-05 09:47 ———— d——-w- c:\program files\CCleaner 2012-08-05 09:38 . 2012-05-04 11:00 366592 ——a-w- c:\windows\system32\qdvd.dll 2012-08-05 09:38 . 2012-05-04 09:59 514560 ——a-w- c:\windows\SysWow64\qdvd.dll 2012-07-20 12:47 . 2009-07-14 01:40 84992 ——a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL 2012-07-16 20:26 . 2012-07-16 20:26 ———— d——-w- c:\programdata\Creative 2012-07-11 12:42 . 2012-06-12 03:08 3148800 ——a-w- c:\windows\system32\win32k.sys 2012-07-11 05:54 . 2012-06-06 06:06 2004480 ——a-w- c:\windows\system32\msxml6.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-05 17:30 . 2011-07-08 21:57 525576 ——a-w- c:\windows\system32\deployJava1.dll 2012-08-03 11:37 . 2012-04-04 20:03 426184 ——a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-03 11:37 . 2011-07-17 20:04 70344 ——a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 12:40 . 2011-07-17 18:59 59701280 ——a-w- c:\windows\system32\MRT.exe 2012-06-20 15:42 . 2011-06-15 10:32 38528 ——a-r- c:\windows\system32\drivers\Afw.sys 2012-06-20 15:42 . 2011-06-15 10:32 445568 ——a-r- c:\windows\system32\drivers\AfwCore.sys 2012-06-02 22:19 . 2012-06-21 19:52 38424 ——a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 19:52 2428952 ——a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 19:52 57880 ——a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 19:52 44056 ——a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 19:52 701976 ——a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 19:52 2622464 ——a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 19:52 99840 ——a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 19:52 186752 ——a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-21 19:52 36864 ——a-w- c:\windows\system32\wuapp.exe 2012-05-14 15:43 . 2012-05-14 15:43 0 ——a-w- c:\windows\invcol.tmp . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @=”{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Pogoplug Backup”=“c:\program files (x86)\PogoplugBackup\PogoplugMonitor.exe” [2012-03-08 310592] “Spotify Web Helper”=“c:\users\Dennis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe” [2012-06-29 932528] “SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2012-07-09 5661056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] “IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe” [2010-11-06 283160] “IMSS”=“c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe” [2011-01-17 112152] “Dell Webcam Central”=“c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe” [2010-03-12 462993] “RemoteControl9”=“c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe” [2009-07-06 87336] “PDVD9LanguageShortcut”=“c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe” [2010-04-29 50472] “RoxWatchTray”=“c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe” [2010-11-25 240112] “Desktop Disc Tool”=“c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe” [2010-11-17 514544] “Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-03 843712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928] Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-7-25 572000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 0 (0x0) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableLUA”= 0 (0x0) “EnableUIADesktopToggle”= 0 (0x0) “PromptOnSecureDesktop”= 0 (0x0) “DisableCAD”= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] “LoadAppInit_DLLs”=1 (0x1) “AppInit_DLLs”=c:\windows\SysWOW64\nvinit.dll c:\windows\System32\BgGamingMonitor.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @=”“ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] @=“Service” . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] @=“Service” . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @=“Driver” . [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusOverride”=dword:00000001 “FirewallOverride”=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Tjenesten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-07-08 349736] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-07-08 39464] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 DraftSight API Service;DraftSight API Service;c:\program files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-01-24 78336] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-12 1436424] R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176] R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-17 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2012-06-20 38528] S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2011-06-15 66272] S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [2012-03-05 256072] S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [2012-03-05 25160] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2012-06-14 368480] S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2012-06-14 199520] S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-06-20 379744] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680] S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768] S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488] S2 DokanCEDriver;DokanCEDriver;c:\program files (x86)\PogoplugBackup\dokance.sys [2012-03-08 66880] S2 DokanCEMounter;DokanCEMounter;c:\program files (x86)\PogoplugBackup\dokanmnt.exe [2012-03-08 115520] S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [2012-04-30 334720] S2 HBAdmin;HBAdmin;c:\program files (x86)\Pogoplug\HBPLUG\HBADMIN.exe [2012-01-31 891200] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-24 381248] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760] S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2012-06-20 445568] S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-02-18 56160] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960] S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2010-08-24 38440] S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-10-28 315568] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000-serien adapter driver til Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-09 174184] S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984] S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] S3 xcetap0;XCETAP0 Adapter;c:\windows\system32\DRIVERS\xcetap0.sys [2012-01-13 39232] . . —- Andre Services/Drivers i Hukommelsen—- . Deregistered - FileOpenWebPublisherScreenHookDriver . Indhold af mappen ‘Planlagte Opgaver’ . 2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:37] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 19:59] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 19:59] . . ————- X64 Entries—————- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ——a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ——a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ——a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @=”{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ——a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @=”{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}” [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2010-10-16 21:17 138608 ——a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @=”{CF08DA3E-C97D-4891-A66B-E39B28DD270F}” [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2010-10-16 21:17 138608 ——a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Apoint”=“c:\program files\DellTPad\Apoint.exe” [2011-04-05 608112] “SysTrayApp”=“c:\program files\IDT\WDM\sttray64.exe” [2011-01-07 525312] “IgfxTray”=“c:\windows\system32\igfxtray.exe” [2011-01-14 167960] “HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2011-01-14 391704] “Persistence”=“c:\windows\system32\igfxpers.exe” [2011-01-14 418328] “IntelPROSet”=“c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe” [2010-12-23 1934608] “FreeFallProtection”=“c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe” [2010-12-17 686704] “BullGuard”=“c:\program files\BullGuard Ltd\BullGuard\bullguard.exe” [2012-07-29 1863008] “nwiz”=“c:\program files\NVIDIA Corporation\nView\nwiz.exe” [2011-09-07 1694016] “FileOpenBroker”=“c:\program files\FileOpen\Services\FileOpenBroker64.exe” [2012-04-30 1086848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “LoadAppInit_DLLs”=0x1 “AppInit_DLLs”=c:\windows\System32\nvinitx.dll c:\windows\System32\BgGamingMonitor.dll . ———- Yderligere scanning———- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab=wm&scc=1&ltmpl=default&ltmplcache=2 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksporter; til Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send billede til &Bluetooth;-enhed… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send siden til &Bluetooth;-enhed… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\BGLsp.dll TCP: DhcpNameServer = 193.162.153.164 194.239.134.83 DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab . - - - - TOMME GENVEJE FJERNET - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . ————————————Andre kørende processer———————————— . c:\windows\system32\DRIVERS\o2flash.exe c:\windows\sysWOW64\SDIOAssist.exe c:\program files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe c:\windows\SysWOW64\RunDll32.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Gennemført tid: 2012-08-06 17:48:12 - maskinen blev genstartet ComboFix-quarantined-files.txt 2012-08-06 15:48 . Pre-Kørsel: 664.810.930.176 byte ledig Post-Kørsel: 664.805.355.520 byte ledig . - - End Of File - - 093231FC587E8EE1A8318F6FAA6998AC
[ Ignorer ] [ # 10 ] deras4
06.08.2012 23:57:15 Antal indlæg: 113	Det lader til, at jeg er smuds-fri nu. Jeg kan opsætte windows firewall og bruge internettet med Bullguards firewall tændt… Kan I se om min log er ren?
[ Ignorer ] [ # 11 ] Magic Spyhunter
07.08.2012 11:18:24 Administrator Supporter Emeritus Antal indlæg: 32078	Det lyder godt, og der er ikke noget at komme efter. Hvis du er tilfreds, skal vi så ikke lukke “sagen” ? Signatur Sund Computer fornuft
[ Ignorer ] [ # 12 ] deras4
07.08.2012 11:19:50 Antal indlæg: 113	Jo lad os gøre det. Tak for hjælpen. Jeg smider et par mønter i kaffekassen
[ Ignorer ] [ # 13 ] Magic Spyhunter
07.08.2012 11:22:45 Administrator Supporter Emeritus Antal indlæg: 32078	Det gør vi bare, velbekomme, og på forhånd tak for mønterne Signatur Sund Computer fornuft