Hem | Forum | Chatt | Om webbplatsen | Kontakta oss

Problem med trojan

Här kan du skriva om du har problem med eller frågor om spionprogram, trojaner, virus o.s.v. Loggar från t.ex. Trend Micro Hijack This och Malwarebytes' Anti-Malware skall läggas in här.

Problem med trojan

Inläggav tenyearslater » mån 16 jul 2012, 06.47

Hej !
Jag har fått telefon från swedbank som säger att jag har någon form av virus, antagligen en trojan. Jag har kört en fullständig scan med mitt antaivirusprogram Mc Afee som hittade något och tog bort det.
Nu har jag gjort det mesta som innan jag startat denna tråd och det verkade som att Malvare hittade något och tog bort det.
Jag funderar allså på om det fortfarande finns något skit kvar som behöver åtgärdas.
Här kommer i alla fall en logga.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:39:41, on 2012-07-16
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Users\Kerstin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Kerstin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4691v665
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4691v665
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4691v665
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628200022.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Kerstin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Lokal tjänst')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Lokal tjänst')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Nätverkstjänst')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Nätverkstjänst')
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files (x86)\Personal\bin\Personal.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} (IBM Lotus iNotes 8.5 Control) - https://post.karlstad.se/dwa85W.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/free- ... player.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18470 bytes


/Lasse Berglind
tenyearslater
 
Inlägg: 65
Blev medlem: tis 24 jun 2008, 22.24

Re: Problem med trojan

Inläggav laston » mån 16 jul 2012, 08.27

Hej! Kan du posta loggarna från McAfee och Malwarebytes så jag kan se vad som hittats?Posta även en DDS logga som visar lite mer än Hijackthis

Hämta hem DDS:
http://download.bleepingcomputer.com/sUBs/dds.scr

1: Spara den till skrivbordet
2: Dubbelklicka på dds.scr för att starta verktyget.
3: Klicka Yes/Ja på frågan om Optional Scan
4: När DDS har scannat klart kommer där att dyka upp två textfiler DSS.txt och Attach.txt
5: Spara dessa till ditt skrivbord
4: Kopiera/Klistra in de båda loggarna DSS.txt och Attach.txt hit till din tråd.

OBS:
Kopiera INTE in loggan (textfilen) som bifogad fil ej heller inom code-taggar eller annat.
Kopiera/klistra in loggan DIREKT i ditt inlägg.


Mvh laston
laston
 

Re: Problem med trojan

Inläggav tenyearslater » mån 16 jul 2012, 18.42

Hej !
Lite mera loggar.

Malwarebytes Anti-Malware (Testversion) 1.62.0.1300
http://www.malwarebytes.org

Databasversion: v2012.07.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kerstin :: SYRUMMET [administratör]

Skydd: Aktiverad

2012-07-16 06:40:00
mbam-log-2012-07-16 (06-40-00).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 235712
Förfluten tid: 6 minut(er), 20 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 1
C:\Users\Kerstin\AppData\Roaming\Okaqby\iruk.exe (Trojan.Agent) -> Sattes i karantän och togs bort.

(klar)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kerstin at 19:24:07 on 2012-07-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.6143.3649 [GMT 2:00]
.
AV: McAfee Antivirus och antispionprogram *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus och antispionprogram *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Users\Kerstin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\TechSmith\SnagIt\SnagIt32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5w4691v665
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5w4691v665
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5w4691v665
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628200022.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
uRun: [Spotify Web Helper] "C:\Users\Kerstin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://post.karlstad.se/dwa85W.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free- ... player.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{38A539EC-BD99-446E-B737-1ED8EB2D4F37} : DhcpNameServer = 195.67.199.27 195.67.199.28
TCP: Interfaces\{B79CE39A-E74E-45D5-ADC9-A769BB3E125E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9E0DA4B-B776-4212-A4F8-38213768367F} : DhcpNameServer = 195.67.199.18 195.67.199.19
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {2670000A-7350-4f3c-8081-5663EE0C6C49}
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-23 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-23 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-23 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-23 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-27 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-27 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-16 243232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 250056]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 135664]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);C:\Windows\system32\DRIVERS\s1029bus.sys --> C:\Windows\system32\DRIVERS\s1029bus.sys [?]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1029mdfl.sys --> C:\Windows\system32\DRIVERS\s1029mdfl.sys [?]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1029mdm.sys --> C:\Windows\system32\DRIVERS\s1029mdm.sys [?]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1029mgmt.sys --> C:\Windows\system32\DRIVERS\s1029mgmt.sys [?]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1029nd5.sys --> C:\Windows\system32\DRIVERS\s1029nd5.sys [?]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1029obex.sys --> C:\Windows\system32\DRIVERS\s1029obex.sys [?]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1029unic.sys --> C:\Windows\system32\DRIVERS\s1029unic.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-16 17:02:02 -------- d-----w- C:\Program Files\iTunes
2012-07-16 17:02:02 -------- d-----w- C:\Program Files\iPod
2012-07-16 17:02:02 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-16 10:48:21 -------- d-----w- C:\Users\Kerstin\AppData\Local\{17FE820B-3B00-48B1-BD73-4B69816CCB28}
2012-07-16 10:48:08 -------- d-----w- C:\Users\Kerstin\AppData\Local\{F501C506-4B80-403F-BAD1-3A0E696F713C}
2012-07-15 22:47:40 -------- d-----w- C:\Users\Kerstin\AppData\Local\{0B134C01-112D-404E-8094-976B39267695}
2012-07-15 10:47:12 -------- d-----w- C:\Users\Kerstin\AppData\Local\{01D0D366-29C9-4E00-888A-75E5BC300165}
2012-07-15 06:32:15 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Malwarebytes
2012-07-15 06:32:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-15 06:32:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-15 06:32:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-15 06:25:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-07-15 06:16:19 -------- d-----w- C:\Program Files\CCleaner
2012-07-14 22:46:42 -------- d-----w- C:\Users\Kerstin\AppData\Local\{55EC1A62-E8BB-4460-8AD8-21D5D14ADB49}
2012-07-14 22:46:31 -------- d-----w- C:\Users\Kerstin\AppData\Local\{00B14279-9223-4377-9A88-89EDE87A42A7}
2012-07-14 10:45:56 -------- d-----w- C:\Users\Kerstin\AppData\Local\{5E1ED51F-624E-496D-8BCF-B5C2221A8C0C}
2012-07-14 10:45:45 -------- d-----w- C:\Users\Kerstin\AppData\Local\{3FC074C3-36BE-4C86-8B93-DC85067EB18C}
2012-07-13 20:19:10 -------- d-----w- C:\Users\Kerstin\AppData\Local\{485454B1-2111-4386-84C0-54E45CD7A12A}
2012-07-13 20:18:58 -------- d-----w- C:\Users\Kerstin\AppData\Local\{723B34C5-C838-4588-B216-856677291860}
2012-07-13 08:18:39 -------- d-----w- C:\Users\Kerstin\AppData\Local\{16C0CD96-617F-4B2A-AA8A-E57DD20F2125}
2012-07-13 08:18:20 -------- d-----w- C:\Users\Kerstin\AppData\Local\{43350E6D-785C-4CE8-A520-BAC990BC53D2}
2012-07-12 16:11:14 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-12 09:21:18 -------- d-----w- C:\Users\Kerstin\AppData\Local\{987E228B-CAC5-4B83-82F9-7B8D43B245D0}
2012-07-12 09:21:06 -------- d-----w- C:\Users\Kerstin\AppData\Local\{219279A3-AE10-490C-A22B-3054210F94E1}
2012-07-11 21:20:43 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 18:28:57 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Risyh
2012-07-11 18:28:57 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Pyadu
2012-07-11 18:28:57 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Noaxq
2012-07-11 18:28:03 -------- d-----w- C:\Users\Kerstin\AppData\Local\{ABF1769D-E759-407A-8EDA-7635D70D123F}
2012-07-11 18:27:50 -------- d-----w- C:\Users\Kerstin\AppData\Local\{646982CE-00E5-46C0-AC50-9C9F69A0D289}
2012-07-11 08:21:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 08:21:59 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 08:21:58 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 08:21:58 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 08:21:58 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 08:21:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 08:21:58 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 08:21:57 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 08:21:57 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 08:21:57 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 08:21:56 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 08:21:56 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 08:21:56 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-10 20:10:43 -------- d-----w- C:\Users\Kerstin\AppData\Local\{B9011A22-C9F6-4A26-B250-307E75E35AAC}
2012-07-10 20:10:32 -------- d-----w- C:\Users\Kerstin\AppData\Local\{B187859E-D5D2-4CC9-9C06-6C11A5A2C805}
2012-07-10 16:51:49 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Ryfeyg
2012-07-10 16:51:49 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Icuh
2012-07-10 16:51:49 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Cisi
2012-07-10 08:10:16 -------- d-----w- C:\Users\Kerstin\AppData\Local\{CE072D00-2B0A-4A31-8B06-CB41496ECC83}
2012-07-10 08:10:05 -------- d-----w- C:\Users\Kerstin\AppData\Local\{0297858D-6D44-4410-8C04-F6FCC30DE165}
2012-07-09 20:09:52 -------- d-----w- C:\Users\Kerstin\AppData\Local\{79E31A36-D8F1-42A9-B56E-C3B859EFFC99}
2012-07-09 20:09:41 -------- d-----w- C:\Users\Kerstin\AppData\Local\{E1BBD5F8-81FE-4C97-B553-2C740594DC8F}
2012-07-09 08:09:12 -------- d-----w- C:\Users\Kerstin\AppData\Local\{23F81179-1ED2-42A6-9AF1-13E7FE75DDE5}
2012-07-09 08:08:59 -------- d-----w- C:\Users\Kerstin\AppData\Local\{E99F3D98-CE72-4B55-8EB9-9AE37B4DBDDF}
2012-07-08 20:02:58 -------- d-----w- C:\Users\Kerstin\AppData\Local\{8C3DBFDC-7DA6-4761-864F-1FD2C25B7300}
2012-07-08 20:02:46 -------- d-----w- C:\Users\Kerstin\AppData\Local\{C490BF22-71AF-4E7C-AA82-C7AA09FF6F41}
2012-07-08 08:02:20 -------- d-----w- C:\Users\Kerstin\AppData\Local\{2B696B5A-103A-454B-88DD-7879A677564C}
2012-07-08 08:02:09 -------- d-----w- C:\Users\Kerstin\AppData\Local\{A9D40A13-30F1-4BEF-AE90-9A07BFCB5C31}
2012-07-07 18:24:37 -------- d-----w- C:\Users\Kerstin\AppData\Local\{547E6C08-9802-45CB-ACCB-88AE4D83F313}
2012-07-07 18:24:26 -------- d-----w- C:\Users\Kerstin\AppData\Local\{E0DDDF5C-BE98-40B0-96C5-1A5541D3A4EF}
2012-07-07 06:23:40 -------- d-----w- C:\Users\Kerstin\AppData\Local\{78756231-8F26-4A9D-A177-C1A31A562616}
2012-07-07 06:23:27 -------- d-----w- C:\Users\Kerstin\AppData\Local\{C48EE5F9-98E1-4DEA-ABC3-25776F87117F}
2012-07-06 10:24:02 -------- d-----w- C:\Users\Kerstin\AppData\Local\{8CABE73B-E6A3-4D59-8817-3556A4794245}
2012-07-06 10:23:49 -------- d-----w- C:\Users\Kerstin\AppData\Local\{2D3001A2-65B3-4AC7-A080-565EB2C9B2C2}
2012-07-05 17:24:34 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Yxewq
2012-07-05 17:24:34 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Okaqby
2012-07-05 17:24:34 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Imubqy
2012-07-05 17:24:26 -------- d-----w- C:\Users\Kerstin\AppData\Local\{D0DFC5D9-B3D1-497D-B08B-9EA81075D0E6}
2012-07-05 17:24:11 -------- d-----w- C:\Users\Kerstin\AppData\Local\{C8D588C0-A035-4FE5-AA6C-20CAA8E54648}
2012-07-04 21:42:21 -------- d-----w- C:\Users\Kerstin\AppData\Local\{BA22406F-07A6-4AE7-B50B-905FEBFF0BA0}
2012-07-04 21:42:10 -------- d-----w- C:\Users\Kerstin\AppData\Local\{8D77610A-7AE6-41B2-B3C7-3672F6E09113}
2012-07-04 17:14:45 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Ocziid
2012-07-04 17:14:45 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Muatx
2012-07-04 17:14:45 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Akqi
2012-07-04 09:34:34 -------- d-----w- C:\Users\Kerstin\AppData\Local\{7AB571CC-62BF-4B03-88C1-44842B4F09F0}
2012-07-04 09:34:23 -------- d-----w- C:\Users\Kerstin\AppData\Local\{219B79EB-CA2A-4FB3-840B-AEA8A8521439}
2012-07-03 20:22:33 -------- d-----w- C:\Users\Kerstin\AppData\Local\{4BEA3FDE-D975-4054-B30F-1024167EC4A2}
2012-07-03 20:22:22 -------- d-----w- C:\Users\Kerstin\AppData\Local\{6FDB3F3C-46FC-4249-A39C-8CCC74983066}
2012-07-03 08:22:06 -------- d-----w- C:\Users\Kerstin\AppData\Local\{FCEDD63D-1EF4-4D9D-AD12-83CFA06FC54E}
2012-07-03 08:21:54 -------- d-----w- C:\Users\Kerstin\AppData\Local\{3DB9A322-D302-46A8-87E9-6104B3D55511}
2012-07-02 20:21:20 -------- d-----w- C:\Users\Kerstin\AppData\Local\{F2673A09-EAEC-423F-AB26-994BC618723F}
2012-07-02 20:21:09 -------- d-----w- C:\Users\Kerstin\AppData\Local\{77BEED7B-5A6E-4E89-BCBD-FC9BF138CDE7}
2012-07-02 13:57:52 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Ypogg
2012-07-02 13:57:52 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Nineo
2012-07-02 13:57:52 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\Agdifa
2012-07-02 08:20:49 -------- d-----w- C:\Users\Kerstin\AppData\Local\{3AC2418B-41F3-4250-B4A7-1C13F5D13D70}
2012-07-02 08:20:36 -------- d-----w- C:\Users\Kerstin\AppData\Local\{FCD19B6C-5294-4872-A96F-6C7243D545A9}
2012-07-01 19:26:02 -------- d-----w- C:\Users\Kerstin\AppData\Local\{A51A9E33-EDD7-47E5-BE32-AE0CA6B0C2DF}
2012-07-01 19:25:51 -------- d-----w- C:\Users\Kerstin\AppData\Local\{4C686988-BA9D-4B79-AC24-DCD912E1995E}
2012-07-01 07:25:23 -------- d-----w- C:\Users\Kerstin\AppData\Local\{DA307A0B-4E63-401E-973C-56418AE556A7}
2012-07-01 07:25:11 -------- d-----w- C:\Users\Kerstin\AppData\Local\{6677972D-F781-4838-9CD6-068FEE63DCC3}
2012-06-30 14:32:59 -------- d-----w- C:\Users\Kerstin\AppData\Local\{C1D0B3F7-350F-4D3E-A0C7-4D16655C336C}
2012-06-30 14:32:42 -------- d-----w- C:\Users\Kerstin\AppData\Local\{B4DB0FA6-D08D-434C-81E3-79644112AF72}
2012-06-29 21:35:03 -------- d-----w- C:\Users\Kerstin\AppData\Local\{0855A5C5-5248-49B8-BBF9-4B9904CFD249}
2012-06-29 21:34:52 -------- d-----w- C:\Users\Kerstin\AppData\Local\{6C121FE8-FB4A-4F21-9BBC-79283DE10927}
2012-06-29 09:34:20 -------- d-----w- C:\Users\Kerstin\AppData\Local\{11026805-5460-4872-A9FC-C928007B7921}
2012-06-29 09:34:06 -------- d-----w- C:\Users\Kerstin\AppData\Local\{3E332D5B-AA69-4818-AD61-C9E9249327CA}
2012-06-28 20:20:58 -------- d-----w- C:\Users\Kerstin\AppData\Local\{45E2AEC3-CDB8-4E69-A3FC-1CC4CA709663}
2012-06-28 20:20:46 -------- d-----w- C:\Users\Kerstin\AppData\Local\{16AB5C3D-60E7-4405-B4BF-0B1C2E03106C}
2012-06-28 08:20:02 -------- d-----w- C:\Users\Kerstin\AppData\Local\{4F42A45D-EF67-499A-9644-89671A75479C}
2012-06-28 08:18:54 -------- d-----w- C:\Users\Kerstin\AppData\Local\{4DBBE456-AD9D-4946-83F5-8928E37CCDFA}
2012-06-27 15:45:52 -------- d-----w- C:\Users\Kerstin\AppData\Local\{7005720D-6E82-4363-BF89-4F910F2AC7FB}
2012-06-27 15:45:40 -------- d-----w- C:\Users\Kerstin\AppData\Local\{C6E424C6-9CE1-4305-A2EB-76B135D21A23}
2012-06-26 18:04:10 -------- d-----w- C:\Users\Kerstin\AppData\Local\{F0755856-F040-48A0-8CA7-6DB99AF86D90}
2012-06-26 18:03:58 -------- d-----w- C:\Users\Kerstin\AppData\Local\{7D3B0E38-09B7-4758-A50A-76DF7509492A}
2012-06-26 06:03:35 -------- d-----w- C:\Users\Kerstin\AppData\Local\{97C6FBE5-3CD8-4B9E-932F-8E042204745E}
2012-06-26 06:03:23 -------- d-----w- C:\Users\Kerstin\AppData\Local\{422E87DC-FC58-4951-83EF-91E98D143F2D}
2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-25 08:27:29 -------- d-----w- C:\Users\Kerstin\AppData\Local\{AEF9EF2C-6E16-49BC-B7F0-744FEE7E72ED}
2012-06-25 08:27:18 -------- d-----w- C:\Users\Kerstin\AppData\Local\{F396FFB1-F4DD-4E7B-8492-166AE7A27551}
2012-06-24 20:27:03 -------- d-----w- C:\Users\Kerstin\AppData\Local\{F0D7A83F-109E-4D6E-B428-F3D1EF8B8DEC}
2012-06-24 20:26:52 -------- d-----w- C:\Users\Kerstin\AppData\Local\{F3FED3B9-9AC6-4F22-98CD-F39504DC4861}
2012-06-24 13:08:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-24 13:08:09 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-24 13:07:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-24 13:07:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-24 08:26:25 -------- d-----w- C:\Users\Kerstin\AppData\Local\{EA4CE5AD-7772-49C4-BDF1-351E20E6FC49}
2012-06-24 08:26:03 -------- d-----w- C:\Users\Kerstin\AppData\Local\{29C4E098-9EDC-4851-B024-F23BFC89EDF6}
2012-06-24 08:04:57 -------- d-----w- C:\Users\Kerstin\AppData\Local\{528BE179-9585-4651-9EAB-280B45887A71}
2012-06-23 18:38:44 -------- d-----w- C:\Users\Kerstin\AppData\Local\{ACB9DAB1-5903-4905-A285-F70F86623E40}
2012-06-23 18:33:32 -------- d-----w- C:\Users\Kerstin\AppData\Local\{6C37DF78-6375-46E9-98DF-1B701E8AA7E8}
2012-06-21 08:44:03 -------- d-----w- C:\Users\Kerstin\AppData\Local\{F9D27784-F6A2-421D-A693-D5FC8760680F}
2012-06-21 08:43:50 -------- d-----w- C:\Users\Kerstin\AppData\Local\{BC56CB85-1C7D-4F15-AD9B-D53FA48D32E3}
2012-06-20 19:19:20 -------- d-----w- C:\Users\Kerstin\AppData\Local\{970A915E-82FE-4B13-AAF7-77F452870F8F}
2012-06-20 19:18:50 -------- d-----w- C:\Users\Kerstin\AppData\Local\{CDB23706-DC5E-4B55-A3D7-C04CC3DC2E59}
2012-06-19 17:32:30 -------- d-----w- C:\Users\Kerstin\AppData\Local\{5D9233E7-485A-4461-AE94-8501037B4307}
2012-06-19 17:32:18 -------- d-----w- C:\Users\Kerstin\AppData\Local\{A7CA8235-4673-4188-9CF7-3B839092DC10}
2012-06-19 05:31:34 -------- d-----w- C:\Users\Kerstin\AppData\Local\{342DC397-1F15-4193-85DD-BE94764BB7A0}
2012-06-19 05:31:22 -------- d-----w- C:\Users\Kerstin\AppData\Local\{5DD6582F-4EE6-4E13-9035-9D99AA33D570}
2012-06-18 17:30:56 -------- d-----w- C:\Users\Kerstin\AppData\Local\{67D4562A-4906-4FB0-AA09-7B6B1942FEAC}
2012-06-18 05:30:44 -------- d-----w- C:\Users\Kerstin\AppData\Local\{CE788286-8B3B-433B-95B4-4B3920161A5F}
2012-06-17 11:25:01 -------- d-----w- C:\Users\Kerstin\AppData\Roaming\pdfforge
2012-06-17 11:24:57 94208 ----a-w- C:\Windows\System32\pdfcmon.dll
2012-06-17 11:24:57 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2012-06-17 11:24:57 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2012-06-17 11:24:56 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2012-06-17 11:24:56 -------- d-----w- C:\Program Files (x86)\PDFCreator
2012-06-17 10:19:53 -------- d-----w- C:\Users\Kerstin\AppData\Local\{4A491129-1780-4EA3-B209-DB2143199FB8}
2012-06-16 22:19:27 -------- d-----w- C:\Users\Kerstin\AppData\Local\{78E393E2-3D23-46F7-A57C-1197E40420D3}
.
==================== Find3M ====================
.
2012-07-12 17:16:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 17:16:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 16:10:55 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 19:25:01,79 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2010-12-13 19:03:27
System Uptime: 2012-07-16 14:18:38 (5 hours ago)
.
Motherboard: Acer | | WG43M
Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz | CPU 1 | 2803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 291 GiB total, 57,348 GiB free.
D: is FIXED (NTFS) - 291 GiB total, 290,927 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP146: 2012-06-24 15:07:33 - Windows Update
RP147: 2012-06-28 17:54:58 - Installed HTC Sync.
RP148: 2012-07-05 20:25:40 - Schemalagd kontrollpunkt
RP149: 2012-07-11 23:11:19 - Windows Update
RP150: 2012-07-12 18:06:17 - Installed Java(TM) 6 Update 33
RP151: 2012-07-16 07:25:50 - Configured eSobi v2
.
==== Installed Programs ======================
.
Acer Arcade Deluxe
Acer Arcade Movie
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.3) - Svenska
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advertising Center
AMD DnD V1.0.20
Apple Application Support
Apple Software Update
µTorrent
BankID säkerhetsprogram 4.17.0
Bing Bar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack för Office 2007-systemet
D3DX10
EA Download Manager
Farm Frenzy 2
Galapago
Garmin City Navigator Europe NT 2011.32 Update
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
HijackThis 2.0.2
Hotkey Utility
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Identity Card
ImagXpress
Java Auto Updater
Java(TM) 6 Update 33
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Security Scan Plus
McAfee Total Protection
MediaShow Espresso
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Swedish) 2007
Microsoft Office Excel 2007 Help Uppdatering (KB963678)
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Swedish) 2007
Microsoft Office InfoPath MUI (Swedish) 2007
Microsoft Office Language Pack 2007 - Swedish/svenska
Microsoft Office O MUI (Swedish) 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office Outlook MUI (Swedish) 2007
Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office PowerPoint Viewer 2007 (Swedish)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Swedish) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (Swedish) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007 Help Uppdatering (KB963665)
Microsoft Office Word MUI (Swedish) 2007
Microsoft Office X MUI (Swedish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 3.0 Runtime
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Norton Online Backup
OLYMPUS Master 2
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PDF Settings
PDFCreator
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2518870)
Shredder
Skype Toolbars
Skype™ 5.9
SnagIt 5
Sony Ericsson PC Companion 1.60.13
Spin & Win
Spotify
The Sims™ 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
VLC media player 1.1.7
Zylom Games Player Plugin
.
==== End Of File ===========================

Jag hittade inte något sätt att få upp en logfil från McAfee men den skrev följande i någon form av rapport

DatumKlockslag Status Reparerad (borttagen)

Ett eller flera object hittades på datorn
Avkänningsnamn: FakeAlert-Security/Tool.es (Trojan)
Fil: C\Kerstin\AppData\Roaming\Ypogg\zuog.exe
Process: C:\Windows\Explorer.EXE
Processbeskrivning:Utforskaren

DatumKlockslag Status I karantän
Ett eller flera object hittades på datorn
Avkänningsnamn: PWS-Zbot.gen.agw (Trojan)
Fil: C\Kerstin\AppData\Local\Temp\tmp843ef83d\ntdll.exe


DatumKlockslag I karantän
Ett eller flera object hittades på datorn
Avkänningsnamn: PWS-Zbot.gen.agw (Trojan)
Fil: C\Kerstin\AppData\Roaming\Ocziid\hybeh.exe

Vet inte om detta kan vara till någon nytta

/Lasse
tenyearslater
 
Inlägg: 65
Blev medlem: tis 24 jun 2008, 22.24

Re: Problem med trojan

Inläggav laston » mån 16 jul 2012, 20.29

Ok mycket att gå igenom :)
Vad finns i dessa mappar?
C:\Users\Kerstin\AppData\Roaming\Risyh
C:\Users\Kerstin\AppData\Roaming\Pyadu
C:\Users\Kerstin\AppData\Roaming\Noaxq
C:\Users\Kerstin\AppData\Roaming\Ryfeyg
C:\Users\Kerstin\AppData\Roaming\Icuh
C:\Users\Kerstin\AppData\Roaming\Cisi
C:\Users\Kerstin\AppData\Roaming\Yxewq
C:\Users\Kerstin\AppData\Roaming\Okaqby
C:\Users\Kerstin\AppData\Roaming\Imubqy
C:\Users\Kerstin\AppData\Roaming\Ocziid
C:\Users\Kerstin\AppData\Roaming\Muatx
C:\Users\Kerstin\AppData\Roaming\Akqi
C:\Users\Kerstin\AppData\Roaming\Ypogg
C:\Users\Kerstin\AppData\Roaming\Nineo
C:\Users\Kerstin\AppData\Roaming\Agdifa

Dom som är tomma kan du kasta och om det är filer i dom så skannar du dessa filer på virustotal enl instruktioner som kommer nedan!

Gå till nedanstående sida:
http://www.virustotal.com/

Bild
1: Kopiera/Klistra in ett av följande filnamn i text-fältet bredvid Bläddra-knappen
(ELLER använd Bläddra-knappen och navigera dig fram till dessa)



Bild
2: Klicka på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd).
3: Klistra in resultatet från de olika antivirusprogrammen (inkl. filstorlek) här till din tråd (dock ej Övrig information)

Upprepa med nästa filnamn

2.Skanna datorn online på http://www.eset.com/onlinescan/
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet "Remove found threats"
Bocka för "Scan Archives

Klicka på "Advanced Settings"
Bocka för:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Tryck på Scan

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.


Mvh laston
laston
 

Re: Problem med trojan

Inläggav tenyearslater » tis 17 jul 2012, 05.26

Jag vet inte om detta är resultatet du menar eller ??

C:\Users\Kerstin\AppData\Roaming\Risyh var tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Pyadu var tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Agdifa var tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Icuh var tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Cisi var tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Yxewq var tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Okaqby var tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Imubqy ar tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Ocziid var tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Muatx var tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Akqi var tom tog bort den
C:\Users\Kerstin\AppData\Roaming\Ypogg var tom tog bort den


C:\Users\Kerstin\AppData\Roaming\Noaxq\nuuv.exe 287 kb


SHA256:

3498799422f3bfa9af17ad8ef2ee4cf06549ed11402f6cfa8f15233fe98f1e8d

File name:
nuuv.exe


Detection ratio:

25 / 42

Aalysis date:

2012-07-16 21:15:42 UTC ( 4 minuter ago )

AhnLab-V3

-

20120716

AntiVir

TR/PSW.Zbot.2634

20120716
Antiy-AVL

-

20120712

Avast

Win32:Rootkit-gen [Rtk]

20120716
AVG

Dropper.Generic6.AIOS

20120716


BitDefender

Trojan.Generic.KDV.670303

20120716

ByteHero

-

20120716
CAT-QuickHeal

-

20120716



ClamAV

-

20120716

Commtouch

-

20120716



Comodo

-

20120716



DrWeb

Trojan.PWS.Panda.2233

20120716



Emsisoft

Trojan-Downloader.Win32.Ransom!IK

20120716



eSafe

-

20120716



ESET-NOD32

Win32/Spy.Zbot.AAQ

20120716



F-Prot

-

20120716



F-Secure

Trojan.Generic.KDV.670303

20120716



Fortinet

W32/Zbot.YW!tr

20120716



GData

Trojan.Generic.KDV.670303

20120716



Ikarus

Trojan-Downloader.Win32.Ransom

20120716



Jiangmin

Trojan/Gimemo.dcn

20120716



K7AntiVirus

Trojan

20120716



Kaspersky

Trojan-Dropper.Win32.Injector.fivj

20120716



McAfee

PWS-Zbot.gen.agw

20120716



McAfee-GW-Edition

Heuristic.LooksLike.Win32.Suspicious.B

20120716



Microsoft

PWS:Win32/Zbot

20120716



Norman

-

20120716



nProtect

Trojan.Generic.KDV.670303

20120716



Panda

Suspicious file

20120716



PCTools

Trojan.Gen

20120716



Rising

-

20120716



Sophos

Mal/Zbot-HI

20120716



SUPERAntiSpyware

-

20120715



Symantec

Trojan.Gen

20120716



TheHacker

Trojan/Spy.Zbot.aaq

20120716



TotalDefense

-

20120713



TrendMicro

-

20120716



TrendMicro-HouseCall

-

20120716



VBA32

-

20120716



VIPRE

Trojan.Win32.Generic!BT

20120716



ViRobot

Trojan.Win32.A.Gimemo.116736

20120716



VirusBuster

-



C:\Users\Kerstin\AppData\Roaming\Ryfeyg\ixvuk.exe 287 kb

SHA256:

cd23208c0007c128e385137f407e04036ee9b88be1405271165fd7fc8dfcb392

File name:

ixvuk.exe


Detection ratio:

26 / 42



Analysis date:

2012-07-16 21:30:43 UTC ( 1 minut ago )


0



0


More details





Antivirus

Result

Update




AhnLab-V3

-

20120716



AntiVir

TR/Rogue.kdv.669068.1

20120716



Antiy-AVL

-

20120712



Avast

Win32:Dropper-gen [Drp]

20120716



AVG

Generic28.CDOH

20120716



BitDefender

Trojan.Generic.KDV.669068

20120716



ByteHero

-

20120716



CAT-QuickHeal

-

20120716



ClamAV

-

20120716



Commtouch

W32/Trojan3.DUF

20120716



Comodo

-

20120716



DrWeb

Trojan.PWS.Panda.2233

20120716



Emsisoft

Trojan-Downloader.Win32.Ransom!IK

20120716



eSafe

-

20120716



ESET-NOD32

a variant of Win32/Injector.TVU

20120716



F-Prot

W32/Trojan3.DUF

20120716



F-Secure

Trojan.Generic.KDV.669068

20120716



Fortinet

W32/Zbot.YW!tr

20120716



GData

Trojan.Generic.KDV.669068

20120716



Ikarus

Trojan-Downloader.Win32.Ransom

20120716



Jiangmin

Trojan/Gimemo.dcn

20120716



K7AntiVirus

Trojan

20120716



Kaspersky

Trojan-Ransom.Win32.Gimemo.acbl

20120716



McAfee

PWS-Zbot.gen.agw

20120716



McAfee-GW-Edition

-

20120716



Microsoft

PWS:Win32/Zbot

20120716



Norman

-

20120716



nProtect

Trojan/W32.Agent.293888.EL

20120716



Panda

Suspicious file

20120716



PCTools

Trojan.Gen

20120716



Rising

-

20120716



Sophos

Mal/Zbot-HI

20120716



SUPERAntiSpyware

-

20120715



Symantec

Trojan.Gen

20120716



TheHacker

Trojan/Gimemo.acbl

20120716



TotalDefense

-

20120713



TrendMicro

-

20120716



TrendMicro-HouseCall

-

20120716



VBA32

-

20120716



VIPRE

Trojan.Win32.Generic!BT

20120716



ViRobot

Trojan.Win32.A.Gimemo.116736

20120716



VirusBuster

-

20120716


C:\Users\Kerstin\AppData\Roaming\Nineo\irwyb.oca 407 kb



SHA256:

7ff9a99992b3100e1827cd16bebf63c2317cec440b8b560e6ea5e61fcdee272d


File name:

irwyb.oca









Detection ratio:

0 / 42



Analysis date:

2012-07-16 21:37:20 UTC ( 0 minuter ago )







0



0


More details





Antivirus

Result

Update




AhnLab-V3

-

20120716



AntiVir

-

20120716



Antiy-AVL

-

20120712



Avast

-

20120716



AVG

-

20120716



BitDefender

-

20120716



ByteHero

-

20120716



CAT-QuickHeal

-

20120716



ClamAV

-

20120716



Commtouch

-

20120716



Comodo

-

20120716



DrWeb

-

20120716



Emsisoft

-

20120716



eSafe

-

20120716



ESET-NOD32

-

20120716



F-Prot

-

20120716



F-Secure

-

20120716



Fortinet

-

20120716



GData

-

20120716



Ikarus

-

20120716



Jiangmin

-

20120716



K7AntiVirus

-

20120716



Kaspersky

-

20120716



McAfee

-

20120716



McAfee-GW-Edition

-

20120716



Microsoft

-

20120716



Norman

-

20120716



nProtect

-

20120716



Panda

-

20120716



PCTools

-

20120716



Rising

-

20120716



Sophos

-

20120716



SUPERAntiSpyware

-

20120715



Symantec

-

20120716



TheHacker

-

20120716



TotalDefense

-

20120713



TrendMicro

-

20120716



TrendMicro-HouseCall

-

20120716



VBA32

-

20120716



VIPRE

-

20120716



ViRobot

-

20120716



VirusBuster

-

20120716

C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2KWFLKDY\afr[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2KWFLKDY\afr[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5N3J3V2I\afr[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5N3J3V2I\afr[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5N3J3V2I\afr[3].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KNJVYGBB\afr[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KNJVYGBB\afr[3].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W0YLJ5M2\afr[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0XO6X3F\afr[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Kerstin\AppData\Roaming\Noaxq\nuuv.exe Win32/Spy.Zbot.AAQ trojan cleaned by deleting - quarantined
C:\Users\Kerstin\AppData\Roaming\Ryfeyg\ixvuk.exe a variant of Win32/Injector.TVU trojan cleaned by deleting - quarantined
C:\Users\Public\Documents\hdd\Lasses\pirate\PowerISO.v4.1.Incl.Keymaker-AGAiN\ag-3427a.zip a variant of Win32/Keygen.AF application deleted - quarantined
C:\Users\Public\Documents\hdd\Lasses\virusfix\SDFix.exe Win32/PrcView application deleted - quarantined

Allt för nu

/Lasse
tenyearslater
 
Inlägg: 65
Blev medlem: tis 24 jun 2008, 22.24

Re: Problem med trojan

Inläggav laston » tis 17 jul 2012, 08.53

Hej! Som jag misstänkte så fanns en del otäckingar kvar!
Uppdatera Malwarebytes och skanna igen,posta loggan om något hittas!

Spara aswMBR på skrivbordet: http://public.avast.com/~gmerek/aswMBR.exe
Starta om datorn och låt bli att starta några program.
Dubbel-klicka på aswMBR.exe för att köra programmet.
Klicka på Scan-knappen för att börja genomsökningen.
När den är klar så spara (Save) loggen på skrivbordet.
Klistra in loggen i ditt svar här.

Mvh laston
laston
 

Re: Problem med trojan

Inläggav tenyearslater » tis 17 jul 2012, 21.11

Hej !

Verkar som det inte fanns något här.
Malwarebytes Anti-Malware (Testversion) 1.62.0.1300
www.malwarebytes.org

Databasversion: v2012.07.17.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kerstin :: SYRUMMET [administratör]

Skydd: Aktiverad

2012-07-17 20:02:41
mbam-log-2012-07-17 (20-02-41).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 235792
Förfluten tid: 6 minut(er), 58 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 0
(Inga skadliga poster hittades)

(klar)



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-17 20:13:14
-----------------------------
20:13:14.125 OS Version: Windows x64 6.1.7601 Service Pack 1
20:13:14.126 Number of processors: 2 586 0x170A
20:13:14.128 ComputerName: SYRUMMET UserName: Kerstin
20:13:15.109 Initialize success
20:14:00.048 AVAST engine defs: 12071700
20:15:26.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:15:26.921 Disk 0 Vendor: Hitachi_ STDO Size: 610480MB BusType: 3
20:15:26.936 Disk 0 MBR read successfully
20:15:26.938 Disk 0 MBR scan
20:15:26.943 Disk 0 Windows 7 default MBR code
20:15:26.954 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
20:15:26.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
20:15:26.979 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 298188 MB offset 28878848
20:15:27.008 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 298190 MB offset 639567872
20:15:27.041 Disk 0 scanning C:\Windows\system32\drivers
20:15:42.365 Service scanning
20:16:12.114 Modules scanning
20:16:12.121 Disk 0 trace - called modules:
20:16:12.464 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:16:12.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007020060]
20:16:12.472 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f5e050]
20:16:13.273 AVAST engine scan C:\Windows
20:16:16.117 AVAST engine scan C:\Windows\system32
20:20:51.649 AVAST engine scan C:\Windows\system32\drivers
20:21:14.379 AVAST engine scan C:\Users\Kerstin
20:43:46.823 AVAST engine scan C:\ProgramData
20:50:24.430 Disk 0 MBR has been saved successfully to "C:\Users\Kerstin\Desktop\MBR.dat"
20:50:24.449 The log file has been saved successfully to "C:\Users\Kerstin\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-17 20:13:14
-----------------------------
20:13:14.125 OS Version: Windows x64 6.1.7601 Service Pack 1
20:13:14.126 Number of processors: 2 586 0x170A
20:13:14.128 ComputerName: SYRUMMET UserName: Kerstin
20:13:15.109 Initialize success
20:14:00.048 AVAST engine defs: 12071700
20:15:26.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:15:26.921 Disk 0 Vendor: Hitachi_ STDO Size: 610480MB BusType: 3
20:15:26.936 Disk 0 MBR read successfully
20:15:26.938 Disk 0 MBR scan
20:15:26.943 Disk 0 Windows 7 default MBR code
20:15:26.954 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
20:15:26.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
20:15:26.979 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 298188 MB offset 28878848
20:15:27.008 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 298190 MB offset 639567872
20:15:27.041 Disk 0 scanning C:\Windows\system32\drivers
20:15:42.365 Service scanning
20:16:12.114 Modules scanning
20:16:12.121 Disk 0 trace - called modules:
20:16:12.464 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:16:12.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007020060]
20:16:12.472 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f5e050]
20:16:13.273 AVAST engine scan C:\Windows
20:16:16.117 AVAST engine scan C:\Windows\system32
20:20:51.649 AVAST engine scan C:\Windows\system32\drivers
20:21:14.379 AVAST engine scan C:\Users\Kerstin
20:43:46.823 AVAST engine scan C:\ProgramData
20:50:24.430 Disk 0 MBR has been saved successfully to "C:\Users\Kerstin\Desktop\MBR.dat"
20:50:24.449 The log file has been saved successfully to "C:\Users\Kerstin\Desktop\aswMBR.txt"
20:52:44.957 Scan finished successfully
22:04:58.903 Disk 0 MBR has been saved successfully to "C:\Users\Kerstin\Desktop\MBR.dat"
22:04:58.910 The log file has been saved successfully to "C:\Users\Kerstin\Desktop\aswMBR.txt"


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:50, on 2012-07-17
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Users\Kerstin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Kerstin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4691v665
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4691v665
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4691v665
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628200022.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Kerstin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Lokal tjänst')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Lokal tjänst')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Nätverkstjänst')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Nätverkstjänst')
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files (x86)\Personal\bin\Personal.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} (IBM Lotus iNotes 8.5 Control) - https://post.karlstad.se/dwa85W.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/free- ... player.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18717 bytes

Hej då för nu

/Lasse
tenyearslater
 
Inlägg: 65
Blev medlem: tis 24 jun 2008, 22.24

Re: Problem med trojan

Inläggav laston » tis 17 jul 2012, 22.23

Hej! Ok då städar vi bara tempmapparna med TFC då!

Spara TFC av OldTimer på Skrivbordet.
http://oldtimer.geekstogo.com/TFC.exe

Stäng alla program och fönster.
Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).
Klicka på Start-knappen för att starta städningen.
Det kan ta några minuter och låt datorn vara ifred under tiden.

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv.


Mvh laston
laston
 

Re: Problem med trojan

Inläggav tenyearslater » tor 19 jul 2012, 08.43

Hej !

Nu har jag kört den sista rensningen av tempfilerna.
Tack så mycket för hjälpen denna gång, hoppas att den håller sig ren ett tag nu.

/Lasse
tenyearslater
 
Inlägg: 65
Blev medlem: tis 24 jun 2008, 22.24

Re: Problem med trojan

Inläggav laston » fre 20 jul 2012, 16.09

Hej! Varågod,se till att uppdatera bankid för det är inte senaste versionen(uppdateringstjänsten i dessa id är värdelös så man får hämta nytt på bankens hemsida istället)

Mvh laston
laston
 


Återgå till Allmänna frågor/problem rörande spionprogram, virus, trojaner m.m.

Vilka är online

Användare som besöker denna kategori: Inga registrerade användare och 1 gäst

cron