Gå till innehåll

kemsi

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    28

  • Gick med

  • Besökte senast

kemsi's Achievements

(1/8)

  1. kemsi
    Sådär nu bifogade jag OTL.txt loggen samt attach.txt och klistrar in DDS.txt så får vi så p.s min dator har blivit snabb igen DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 Run by Simton at 12:14:25 on 2013-01-25 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.8173.6617 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://isearch.avg.com/?cid=&mid=821bc1623aed47d1a11e252442820c5c-5fac207aa663fd8407d9712e9a06ae5c957f71ed〈=us&ds=AVG&pr=fr&d=&pid=avg&sg=&v=&sap=hp mWinlogon: Userinit = userinit.exe BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY StartupFolder: C:\Users\Simton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.8.31.209 79.138.0.180 TCP: Interfaces\{7BE3653C-FFA6-4078-A512-1393FFD7B9FD} : DHCPNameServer = 85.8.31.209 79.138.0.180 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Simton\AppData\Roaming\Mozilla\Firefox\Profiles\wiiym6vl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid=&mid=821bc1623aed47d1a11e252442820c5c-5fac207aa663fd8407d9712e9a06ae5c957f71ed〈=us&ds=AVG&pr=fr&d=&pid=avg&sg=&v=&sap=hp FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-1 13592] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-1 539240] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2011-11-15 50176] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] . =============== Created Last 30 ================ . 2013-01-24 18:35:17 -------- d-----w- C:\_OTL 2013-01-13 13:25:28 -------- d-----w- C:\Windows\pss . ==================== Find3M ==================== . 2013-01-08 23:11:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-01-08 23:11:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-12-30 21:16:04 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-12-09 20:41:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-11-15 22:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-09-09 21:30:38 293776 ----a-w- C:\Program Files (x86)\iTunesOutlookAddIn.dll 2012-09-09 21:30:34 421776 ----a-w- C:\Program Files (x86)\iTunesHelper.exe 2012-09-09 21:30:34 403344 ----a-w- C:\Program Files (x86)\iTunesAdmin.dll 2012-09-09 21:30:34 156560 ----a-w- C:\Program Files (x86)\iTunesHelper.dll 2012-09-09 21:30:28 9777040 ----a-w- C:\Program Files (x86)\iTunes.exe 2012-09-09 21:30:24 21131152 ----a-w- C:\Program Files (x86)\iTunes.dll 2012-09-09 21:30:22 776216 ----a-w- C:\Program Files (x86)\gnsdk_sdkmanager.dll 2012-09-09 21:30:22 3008536 ----a-w- C:\Program Files (x86)\gnsdk_dsp.dll 2012-09-09 21:30:22 262680 ----a-w- C:\Program Files (x86)\gnsdk_submit.dll 2012-09-09 21:30:22 219672 ----a-w- C:\Program Files (x86)\gnsdk_musicid.dll 2012-08-08 17:15:32 112528 ----a-w- C:\Program Files (x86)\ITDetector.ocx . ============= FINISH: 12:14:30,43 =============== attach.txt 1OTL.Txt
  2. kemsi
    utmärkt och enkelt!
  3. kemsi
    Tror att jag lyckades avaktivera allt men det får resultatet visa: ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D98F4A33-7873-4BC1-BE30-D8E328BA753A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D98F4A33-7873-4BC1-BE30-D8E328BA753A}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "MyStart Search" removed from browser.search.defaultenginename Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "<a href="">http://search.condui...q={searchTerms}</a>" removed from browser.search.defaulturl Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.selectedEngine Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found. File C:\Program Files\Web Assistant\Firefox not found. C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\askcom.xml moved successfully. C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\babylon1.xml moved successfully. C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\MyStart Search.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll deleted successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 01242013_193517
  4. kemsi
    Jaså! det låter sådär bra, antar att datorn påverkas något i längden av dessa temp-filer? Föreslår du ett annat antivirus program, eller är det bara att gå in och radera dessa vart eftersom?
  5. kemsi
    Detta vart resultatet : OTL logfile created on: 2013-01-21 00:02:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simton\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 7,98 Gb Total Physical Memory | 6,30 Gb Available Physical Memory | 78,91% Memory free 15,96 Gb Paging File | 14,11 Gb Available in Paging File | 88,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 330,26 Gb Free Space | 70,91% Space Free | Partition Type: NTFS Drive E: | 465,66 Gb Total Space | 465,55 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: SIMTON-PC | User Name: Simton | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-01-21 00:01:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simton\Downloads\OTL(1).exe PRC - [2013-01-20 01:33:28 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012-12-11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012-12-09 21:41:43 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012-11-15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012-09-09 22:30:34 | 000,421,776 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe PRC - [2011-11-15 17:39:11 | 001,088,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe PRC - [2011-04-30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-04-30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011-01-17 20:11:22 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011-01-17 20:11:22 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin ========== Modules (No Company Name) ========== MOD - [2013-01-20 01:33:27 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012-08-27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012-08-27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012-01-11 15:57:10 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011-11-01 23:00:45 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\05294b772c0c70720a498f6f848133f8\IAStorUtil.ni.dll MOD - [2011-11-01 23:00:45 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d322354194d7b34f3341616fd2f7b721\IAStorCommon.ni.dll MOD - [2009-07-14 05:56:03 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll MOD - [2009-07-14 05:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll MOD - [2009-07-14 05:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009-07-14 05:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009-07-14 05:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll MOD - [2009-07-14 05:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009-07-14 05:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll MOD - [2009-07-14 05:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009-07-14 05:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll MOD - [2009-06-10 14:10:52 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll MOD - [2009-06-10 14:10:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_sv_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012-09-28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-01-20 01:33:28 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-12-09 21:41:43 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012-11-15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012-06-07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-04-30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-11-15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012-10-22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012-10-15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012-10-02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012-09-28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012-09-28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012-09-21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012-09-21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012-09-14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012-08-21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012-07-09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011-06-10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011-06-02 10:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011-06-02 10:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011-04-26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010-10-19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008-09-23 08:24:00 | 000,050,176 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\shbecr.sys -- (Tdsshbecr) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 33 70 CA E2 98 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112059&tt=4912_6&babsrc=SP_ss&mntrId=6a2e753e000000000000f46d0466e5af IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyCb1Unhd&i=26 IE - HKCU\..\SearchScopes\{D98F4A33-7873-4BC1-BE30-D8E328BA753A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BLPV5&o=13157&src=crm&q={searchTerms}&locale=&apn_ptnrs=S3&apn_dtid=YYYYYYYYSE&apn_uid=b92c7d40-4658-49a9-8841-b8ad04df5a13&apn_sauid=B0751441-1438-45CE-8DBF-4193A10E50CF& IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.se/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-20 01:33:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-20 01:33:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-20 01:33:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-20 01:33:26 | 000,000,000 | ---D | M] [2011-11-02 22:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simton\AppData\Roaming\mozilla\Extensions [2012-12-18 12:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simton\AppData\Roaming\mozilla\Firefox\Profiles\wiiym6vl.default\extensions [2011-11-06 03:59:25 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2011-11-07 20:36:05 | 000,002,574 | ---- | M] () -- C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\askcom.xml [2012-12-04 17:33:46 | 000,002,432 | ---- | M] () -- C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\babylon1.xml [2012-05-18 00:18:43 | 000,002,203 | ---- | M] () -- C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\MyStart Search.xml [2013-01-20 01:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-01-20 01:33:28 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-01-11 15:56:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-12-09 23:19:15 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml [2012-12-04 17:33:39 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012-08-30 01:32:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012-12-09 23:19:15 | 000,002,883 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml [2012-12-09 23:19:15 | 000,001,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml [2012-08-30 01:32:27 | 000,001,387 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml [2012-08-30 01:32:27 | 000,001,164 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml ========== Chrome ========== O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\Simton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.8.31.209 79.138.0.180 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BE3653C-FFA6-4078-A512-1393FFD7B9FD}: DhcpNameServer = 85.8.31.209 79.138.0.180 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{12aedd1e-a06b-11e1-971d-f46d0466e5af}\Shell - "" = AutoRun O33 - MountPoints2\{12aedd1e-a06b-11e1-971d-f46d0466e5af}\Shell\AutoRun\command - "" = F:\Setup.exe O33 - MountPoints2\{8665c0a9-04f4-11e1-903e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8665c0a9-04f4-11e1-903e-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\Diablo III Setup.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-01-20 01:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-01-13 14:25:28 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013-01-10 19:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012-09-09 22:30:38 | 000,293,776 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll [2012-09-09 22:30:34 | 000,421,776 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe [2012-09-09 22:30:34 | 000,403,344 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll [2012-09-09 22:30:34 | 000,156,560 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll [2012-09-09 22:30:28 | 009,777,040 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe [2012-09-09 22:30:24 | 021,131,152 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll [2012-09-09 22:30:22 | 003,008,536 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll [2012-09-09 22:30:22 | 000,776,216 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll [2012-09-09 22:30:22 | 000,262,680 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll [2012-09-09 22:30:22 | 000,219,672 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll [2012-08-08 18:15:32 | 000,112,528 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\ITDetector.ocx [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013-01-20 23:12:04 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-01-20 22:30:02 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-01-20 22:29:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-20 22:29:35 | 2132,717,567 | -HS- | M] () -- C:\hiberfil.sys [2013-01-20 01:36:45 | 000,000,526 | ---- | M] () -- C:\Users\Simton\Desktop\Attach20.lnk [2013-01-16 19:45:15 | 000,045,304 | ---- | M] () -- C:\Users\Simton\Documents\Programlicensavtal för iPhone.rtf [2013-01-16 19:34:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013-01-10 19:10:23 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013-01-09 00:11:36 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-01-09 00:11:36 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-01-07 23:52:20 | 000,105,450 | ---- | M] () -- C:\Users\Simton\Desktop\Lindas CV.. 2013.odt [2013-01-07 23:50:40 | 000,105,441 | ---- | M] () -- C:\Users\Simton\Desktop\Lindas CV...odt [2012-12-31 17:34:45 | 000,165,242 | ---- | M] () -- C:\Users\Simton\Desktop\kjhuh.png [2012-12-30 22:16:04 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-01-20 01:36:45 | 000,000,526 | ---- | C] () -- C:\Users\Simton\Desktop\Attach20.lnk [2013-01-16 19:45:15 | 000,045,304 | ---- | C] () -- C:\Users\Simton\Documents\Programlicensavtal för iPhone.rtf [2013-01-16 19:34:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013-01-07 23:52:20 | 000,105,450 | ---- | C] () -- C:\Users\Simton\Desktop\Lindas CV.. 2013.odt [2012-12-31 17:34:44 | 000,165,242 | ---- | C] () -- C:\Users\Simton\Desktop\kjhuh.png [2012-08-22 17:02:45 | 000,027,520 | ---- | C] () -- C:\Users\Simton\AppData\Local\dt.dat [2012-08-08 18:14:16 | 000,064,083 | ---- | C] () -- C:\Program Files (x86)\Acknowledgements.rtf [2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012-04-10 13:11:55 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012-02-15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-02-15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011-12-20 20:09:34 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2011-11-02 21:47:53 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-11-02 21:47:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-11-01 23:25:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-11-01 22:56:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011-11-01 22:56:32 | 000,030,438 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012-12-16 15:25:39 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\AVG2013 [2012-10-02 21:53:34 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\BigHugeEngine [2013-01-13 15:22:15 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\DAEMON Tools Lite [2013-01-13 15:23:31 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\DAEMON Tools Pro [2012-02-02 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Foxit Software [2012-06-17 23:40:55 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Mumble [2012-10-04 00:07:58 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Need for Speed World [2012-01-11 15:58:07 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\OpenOffice.org [2012-12-14 00:27:38 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Origin [2011-11-15 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Personal [2011-11-06 03:01:29 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Sammsoft [2012-09-12 22:04:27 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\TeamViewer [2012-04-10 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\TS3Client [2012-01-19 02:41:17 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\ts3overlay [2012-12-16 15:23:42 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\TuneUp Software [2013-01-19 00:10:43 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\uTorrent [2012-10-05 00:58:11 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report >
  6. kemsi
    Hej igen, ursäkta väntan kommit hem från thailand idag. gjorde som du skrev och klistrade in dds och bifogade attach. OBS! har nu stött på ett nytt problem med min Cd-rom. Den får ibland fnatt och börjar lysa och låta som om den hade en cd i, efter detta fryser skärmen sig och det går inget annat än att stänga av datorn manuellt via chassit. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 Run by Simton at 1:31:46 on 2013-01-20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.8173.6560 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.se/ uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY StartupFolder: C:\Users\Simton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.8.31.209 79.138.0.180 TCP: Interfaces\{7BE3653C-FFA6-4078-A512-1393FFD7B9FD} : DHCPNameServer = 85.8.31.209 79.138.0.180 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Simton\AppData\Roaming\Mozilla\Firefox\Profiles\wiiym6vl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/ FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-1 13592] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-1 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2011-11-15 50176] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] . =============== Created Last 30 ================ . 2013-01-13 13:25:28 -------- d-----w- C:\Windows\pss . ==================== Find3M ==================== . 2013-01-08 23:11:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-01-08 23:11:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-12-30 21:16:04 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-12-09 20:41:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-11-15 22:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-10-22 12:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-09-09 21:30:38 293776 ----a-w- C:\Program Files (x86)\iTunesOutlookAddIn.dll 2012-09-09 21:30:34 421776 ----a-w- C:\Program Files (x86)\iTunesHelper.exe 2012-09-09 21:30:34 403344 ----a-w- C:\Program Files (x86)\iTunesAdmin.dll 2012-09-09 21:30:34 156560 ----a-w- C:\Program Files (x86)\iTunesHelper.dll 2012-09-09 21:30:28 9777040 ----a-w- C:\Program Files (x86)\iTunes.exe 2012-09-09 21:30:24 21131152 ----a-w- C:\Program Files (x86)\iTunes.dll 2012-09-09 21:30:22 776216 ----a-w- C:\Program Files (x86)\gnsdk_sdkmanager.dll 2012-09-09 21:30:22 3008536 ----a-w- C:\Program Files (x86)\gnsdk_dsp.dll 2012-09-09 21:30:22 262680 ----a-w- C:\Program Files (x86)\gnsdk_submit.dll 2012-09-09 21:30:22 219672 ----a-w- C:\Program Files (x86)\gnsdk_musicid.dll 2012-08-08 17:15:32 112528 ----a-w- C:\Program Files (x86)\ITDetector.ocx . ============= FINISH: 1:32:27,85 =============== Mvh simon Attach20.txt
  7. kemsi
    Dem var verkligen besvärlig och gick ej att finna filen någonvart, Virustotal sa bara att sökvägen inte hittades. när jag gjorde en egen sökning så fann jag c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll som text i dds loggen endast. :/ Jag gjorde en anmälan av trojan horse alarmet iaf.
  8. kemsi
    Hej igen, jag hann komma till punkt nr. 5 när ett trojan horse virus plötsligt attackerade mig. Vet inte varför riktigt men den låg nog gömd någonstans. Jag bifogar en print screen från AVG meddelandet. Mvh Simon p.s vilka följande filer skulle jag skanna på virustotal.com? Tack
  9. kemsi
    Det var underligt! jag tror jag fick bort alla angivna program, startade om och detta som resultat: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Run by Simton at 12:33:47 on 2012-12-18 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.8173.6599 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=112059&tt=4912_6&babsrc=HP_ss&mntrId=6a2e753e000000000000f46d0466e5af uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY StartupFolder: C:\Users\Simton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.8.31.209 79.138.0.180 TCP: Interfaces\{7BE3653C-FFA6-4078-A512-1393FFD7B9FD} : DHCPNameServer = 85.8.31.209 79.138.0.180 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Simton\AppData\Roaming\Mozilla\Firefox\Profiles\wiiym6vl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/ FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyCb1Unhd&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 6a2e753e000000000000f46d0466e5af FF - user.js: extensions.incredibar_i.instlDay - 15477 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.141:18:57 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyCb1Unhd FF - user.js: extensions.incredibar_i.upn2n - 92261427968062711 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10650 FF - user.js: extensions.incredibar_i.ppd - 20%5F5 FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6a2e753e000000000000f46d0466e5af&q= FF - user.js: extensions.BabylonToolbar.id - 6a2e753e000000000000f46d0466e5af FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15678 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.917:33:46 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar_i.excTlbr - false FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112059&tt=4912_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar.rvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false . . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-1 13592] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-1 539240] R3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2011-11-15 50176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] . =============== Created Last 30 ================ . 2012-12-18 11:24:07 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2012-12-16 14:25:39 -------- d-----w- C:\Users\Simton\AppData\Roaming\AVG2013 2012-12-16 14:23:42 -------- d-----w- C:\Users\Simton\AppData\Roaming\TuneUp Software 2012-12-16 14:21:49 -------- d-----w- C:\ProgramData\AVG2013 2012-12-16 14:19:59 -------- d-----w- C:\Users\Simton\AppData\Local\MFAData 2012-12-16 14:19:59 -------- d-----w- C:\Users\Simton\AppData\Local\Avg2013 2012-12-09 23:46:02 -------- d-----w- C:\Users\Simton\AppData\Local\My Games 2012-12-09 20:54:06 -------- d-----w- C:\ProgramData\Orbit 2012-12-09 20:46:11 -------- d-----w- C:\Users\Simton\AppData\Local\Ubisoft Game Launcher 2012-12-04 16:33:31 -------- d-----w- C:\Users\Simton\AppData\Roaming\Babylon 2012-12-04 16:33:31 -------- d-----w- C:\ProgramData\Babylon 2012-11-24 15:26:57 -------- d-----w- C:\Users\Simton\AppData\Local\ESN . ==================== Find3M ==================== . 2012-12-16 15:59:28 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-12-16 15:59:28 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-12-15 13:10:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-12-09 20:41:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-10-22 12:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-10-15 02:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-10-05 02:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-10-02 02:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-28 14:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe 2012-09-28 14:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-09-28 14:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-09-28 14:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-09-28 14:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-09-28 14:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll 2012-09-28 14:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll 2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll 2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll 2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe 2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll 2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll 2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-09-21 02:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-09-21 02:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2012-09-09 21:30:38 293776 ----a-w- C:\Program Files (x86)\iTunesOutlookAddIn.dll 2012-09-09 21:30:34 421776 ----a-w- C:\Program Files (x86)\iTunesHelper.exe 2012-09-09 21:30:34 403344 ----a-w- C:\Program Files (x86)\iTunesAdmin.dll 2012-09-09 21:30:34 156560 ----a-w- C:\Program Files (x86)\iTunesHelper.dll 2012-09-09 21:30:28 9777040 ----a-w- C:\Program Files (x86)\iTunes.exe 2012-09-09 21:30:24 21131152 ----a-w- C:\Program Files (x86)\iTunes.dll 2012-09-09 21:30:22 776216 ----a-w- C:\Program Files (x86)\gnsdk_sdkmanager.dll 2012-09-09 21:30:22 3008536 ----a-w- C:\Program Files (x86)\gnsdk_dsp.dll 2012-09-09 21:30:22 262680 ----a-w- C:\Program Files (x86)\gnsdk_submit.dll 2012-09-09 21:30:22 219672 ----a-w- C:\Program Files (x86)\gnsdk_musicid.dll 2012-08-08 17:15:32 112528 ----a-w- C:\Program Files (x86)\ITDetector.ocx . ============= FINISH: 12:34:27,45 =============== Här kommer attach.txt från windows 7 . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 2011-11-01 22:50:31 System Uptime: 2012-12-18 12:30:24 (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8P67 LE Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 2277/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 328,172 GiB free. D: is CDROM () E: is FIXED (NTFS) - 466 GiB total, 465,549 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP71: 2012-12-16 15:21:19 - Installed AVG 2013 RP72: 2012-12-16 15:21:52 - Installed AVG 2013 RP73: 2012-12-18 12:23:30 - Removed Java™ 6 Update 29 . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX 64-bit Adobe Flash Player 11 Plugin 64-bit Age of Conan: Unchained AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders AOC UI Installer 3.1.0 Apple-programstöd Apple Mobile Device Support Apple Software Update Asmedia ASM104x USB 3.0 Host Controller Driver µTorrent AVG 2013 BankID säkerhetsprogram 4.18.3 Battlefield 3™ Battlefield Heroes Battlelog Web Plugins Bonjour Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Counter-Strike Diablo III ESN Sonar Far Cry 3 Foxit Reader 5.1 Google Earth Plug-in Google Update Helper Handelsbankens kortläsare Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology iTunes Java Auto Updater Java™ 6 Update 22 Microsoft .NET Framework 4 Client Profile Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 17.0.1 (x86 sv-SE) Mozilla Maintenance Service Mumble 1.2.3 Need For Speed™ World NVIDIA PhysX OpenOffice.org 3.3 Origin PunkBuster Services Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Skype™ 5.10 Steam TeamSpeak 3 Client Uplay Ventrilo Client for Windows x64 Windows Media Player Firefox Plugin Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 1.1.11 . ==== End Of File ===========================
  10. kemsi
    Jaså Attach.txt tack för infon! avinstallerade demon tools samt hijackthis och lägger upp DDS loggen här: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29 Run by Simton at 23:27:48 on 2012-12-17 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.8173.6970 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Web Assistant\ExtensionUpdaterService.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=112059&tt=4912_6&babsrc=HP_ss&mntrId=6a2e753e000000000000f46d0466e5af uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll mWinlogon: Userinit = userinit.exe BHO: ADDICT-THING Class: {31952F05-C6BA-DF50-CCA8-0FBD4679991F} - C:\ProgramData\ADDICT-THING\bhoclass.dll BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY StartupFolder: C:\Users\Simton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.8.31.209 79.138.0.180 TCP: Interfaces\{7BE3653C-FFA6-4078-A512-1393FFD7B9FD} : DHCPNameServer = 85.8.31.209 79.138.0.180 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll SSODL: WebCheck - <orphaned> x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Simton\AppData\Roaming\Mozilla\Firefox\Profiles\wiiym6vl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/ FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Users\Simton\AppData\Roaming\Mozilla\Firefox\Profiles\wiiym6vl.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyCb1Unhd&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 6a2e753e000000000000f46d0466e5af FF - user.js: extensions.incredibar_i.instlDay - 15477 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.141:18:57 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyCb1Unhd FF - user.js: extensions.incredibar_i.upn2n - 92261427968062711 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10650 FF - user.js: extensions.incredibar_i.ppd - 20%5F5 FF - user.js: extentions.y2layers.installId - de9f5410-7329-42b1-8c6f-5276ad4bc0c5 FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock, FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6a2e753e000000000000f46d0466e5af&q= FF - user.js: extensions.BabylonToolbar.id - 6a2e753e000000000000f46d0466e5af FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15678 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.917:33:46 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar_i.excTlbr - false FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112059&tt=4912_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar.rvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-4 283200] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-1 13592] R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-5-18 185856] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-1 539240] R3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2011-11-15 50176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] . =============== Created Last 30 ================ . 2012-12-16 14:25:39 -------- d-----w- C:\Users\Simton\AppData\Roaming\AVG2013 2012-12-16 14:23:42 -------- d-----w- C:\Users\Simton\AppData\Roaming\TuneUp Software 2012-12-16 14:21:49 -------- d-----w- C:\ProgramData\AVG2013 2012-12-16 14:19:59 -------- d-----w- C:\Users\Simton\AppData\Local\MFAData 2012-12-16 14:19:59 -------- d-----w- C:\Users\Simton\AppData\Local\Avg2013 2012-12-09 23:46:02 -------- d-----w- C:\Users\Simton\AppData\Local\My Games 2012-12-09 20:54:06 -------- d-----w- C:\ProgramData\Orbit 2012-12-09 20:46:11 -------- d-----w- C:\Users\Simton\AppData\Local\Ubisoft Game Launcher 2012-12-04 16:53:37 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-12-04 16:53:33 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro 2012-12-04 16:33:31 -------- d-----w- C:\Users\Simton\AppData\Roaming\Babylon 2012-12-04 16:33:31 -------- d-----w- C:\ProgramData\Babylon 2012-11-24 15:26:57 -------- d-----w- C:\Users\Simton\AppData\Local\ESN . ==================== Find3M ==================== . 2012-12-16 15:59:28 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-12-16 15:59:28 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-12-15 13:10:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-12-09 20:41:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-10-22 12:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-10-15 02:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-10-05 02:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-10-02 02:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-28 14:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe 2012-09-28 14:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-09-28 14:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-09-28 14:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-09-28 14:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-09-28 14:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll 2012-09-28 14:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll 2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll 2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll 2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe 2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll 2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll 2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-09-21 02:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-09-21 02:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2012-09-09 21:30:38 293776 ----a-w- C:\Program Files (x86)\iTunesOutlookAddIn.dll 2012-09-09 21:30:34 421776 ----a-w- C:\Program Files (x86)\iTunesHelper.exe 2012-09-09 21:30:34 403344 ----a-w- C:\Program Files (x86)\iTunesAdmin.dll 2012-09-09 21:30:34 156560 ----a-w- C:\Program Files (x86)\iTunesHelper.dll 2012-09-09 21:30:28 9777040 ----a-w- C:\Program Files (x86)\iTunes.exe 2012-09-09 21:30:24 21131152 ----a-w- C:\Program Files (x86)\iTunes.dll 2012-09-09 21:30:22 776216 ----a-w- C:\Program Files (x86)\gnsdk_sdkmanager.dll 2012-09-09 21:30:22 3008536 ----a-w- C:\Program Files (x86)\gnsdk_dsp.dll 2012-09-09 21:30:22 262680 ----a-w- C:\Program Files (x86)\gnsdk_submit.dll 2012-09-09 21:30:22 219672 ----a-w- C:\Program Files (x86)\gnsdk_musicid.dll 2012-08-08 17:15:32 112528 ----a-w- C:\Program Files (x86)\ITDetector.ocx . ============= FINISH: 23:28:02,03 =============== p.s vet inte om jag lyckades bifoga attach loggen rätt Tack på förhand
  11. kemsi
    Hej igen! Nu var det ett tag sen jag var förbi här och det är väl ett gott tecken Nu är det så att mitt vanliga anti virus program vanligen tar bort det mesta, men nu fick man 2 "infected files" som ej kunde tas bort av mitt AVG anit-virus; "";"The file is signed with a broken digital signature, issued by: DT Soft Ltd., C:\Users\Simton\AppData\Local\Temp\is1598539481\2559086_Setup.DAT";"Infected" "";"The file is signed with a broken digital signature, issued by: DT Soft Ltd., C:\Users\Simton\Downloads\DTLite4454-0315.exe";"Infected" så jag tänkte att det är väl lika bra att posta en hijackthis log och kolla läget: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:02:13, on 2012-12-17 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Simton\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000f46d0466e5af R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: ADDICT-THING - {31952F05-C6BA-DF50-CCA8-0FBD4679991F} - C:\ProgramData\ADDICT-THING\bhoclass.dll O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files (x86)\Personal\bin\Personal.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9289 bytes Mvh simon!
  12. kemsi
    TAck Mats, min dator är snabbare nu! //Simon
  13. kemsi
    Hej! Försökte så gott jag kunde med att ta bort norton vilket jag inte visste att jag hade något kvar av. Kommer inte ihåg vilket norton det var men det var en gratis version iaf. Avaktivireade alla java tillägg utom java 6 21. c:\windows\system32\sfcfiles.dll http://www.virustotal.com/file-scan/report.html?id=8b9ef2f37266e7dcb4ebfc0e3f0065f6f5cc0d9555d7589ce8b5ca42cd158fc4-1285334233 DDS (Ver_10-03-17.01) - NTFSx86 Run by Simon at 15:45:29,23 on 2010-09-24 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2046.1098 [GMT 2:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Simon\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_sv-SE;_rv:1.9.1.8)_Gecko/20100202_Firefox/3.5.8_(.NET_CLR_3.5.30729)" -"http://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1267181325916" mRun: [soundMan] SOUNDMAN.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\07lsd12p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/ FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p= FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\personal\bin\np_prsnl.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B"); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-25 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-25 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-25 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-20 308136] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-19 54752] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-23 430152] S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] =============== Created Last 30 ================ 2010-09-15 11:12:57 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe 2010-09-15 11:12:56 293376 ------w- c:\windows\system32\dllcache\winsrv.dll 2010-09-15 11:12:52 406016 ------w- c:\windows\system32\dllcache\usp10.dll 2010-09-13 11:12:06 0 d-----w- c:\docume~1\simon\applic~1\Malwarebytes 2010-09-13 11:11:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-09-13 11:11:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-31 17:55:24 0 d--h--w- c:\windows\PIF ==================== Find3M ==================== 2010-09-24 02:03:19 46 ----a-w- c:\documents and settings\simon\jagex_runescape_preferences.dat 2010-09-24 02:03:18 99 ----a-w- c:\documents and settings\simon\jagex_runescape_preferences2.dat 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-07-27 06:28:54 8463360 ------w- c:\windows\system32\dllcache\shell32.dll 2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-20 20:37:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-30 12:23:55 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-30 12:23:55 149504 ------w- c:\windows\system32\dllcache\schannel.dll 2009-04-13 17:36:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-01-26 18:18:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012620090127\index.dat 2009-04-13 17:36:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 15:45:53,54 =============== Mvh Simon Attach123.txt
  14. kemsi
    Hej! Nu har jag följt anvisningarna och det tycks ha gått bra (inget upphakande av datorn iaf). ComboFix 10-09-19.03 - Simon 2010-09-20 13:00:59.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2046.1096 [GMT 2:00] Körs från: c:\documents and settings\Simon\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Simon\Recent\Thumbs.db c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll . (((((((((((((((((((((((( Filer Skapade från 2010-08-20 till 2010-09-20 )))))))))))))))))))))))))))))) . 2010-09-15 11:12 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe 2010-09-15 11:12 . 2010-06-18 17:43 293376 ------w- c:\windows\system32\dllcache\winsrv.dll 2010-09-15 11:12 . 2010-04-16 15:36 406016 ------w- c:\windows\system32\dllcache\usp10.dll 2010-09-13 11:12 . 2010-09-13 11:12 -------- d-----w- c:\documents and settings\Simon\Application Data\Malwarebytes 2010-09-13 11:11 . 2010-09-13 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-13 11:11 . 2010-09-20 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-31 17:55 . 2010-08-31 17:55 -------- d--h--w- c:\windows\PIF 2010-08-26 16:14 . 2010-08-26 16:14 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\Help . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-20 10:31 . 2010-05-24 12:11 0 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\prvlcl.dat 2010-09-19 22:08 . 2009-01-26 20:33 46 ----a-w- c:\documents and settings\Simon\jagex_runescape_preferences.dat 2010-09-19 21:34 . 2009-09-02 13:08 99 ----a-w- c:\documents and settings\Simon\jagex_runescape_preferences2.dat 2010-09-16 09:01 . 2009-12-21 20:55 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-18 21:18 . 2009-01-26 19:17 -------- d-----w- c:\documents and settings\Simon\Application Data\uTorrent 2010-08-17 20:17 . 2009-01-26 19:17 -------- d-----w- c:\program files\uTorrent 2010-08-17 13:17 . 2008-04-14 04:42 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-14 17:56 . 2010-04-20 09:41 -------- d-----w- c:\program files\DIALux 2010-08-10 12:20 . 2010-06-04 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-08-10 12:10 . 2009-03-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-08-04 15:55 . 2010-06-05 12:10 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-31 17:44 . 2010-07-31 17:44 -------- d-----w- c:\program files\Common Files\Java 2010-07-31 17:44 . 2010-07-31 17:44 503808 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44dd46d7-n\msvcp71.dll 2010-07-31 17:44 . 2010-07-31 17:44 12800 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46003649-n\decora-d3d.dll 2010-07-31 17:43 . 2010-07-31 17:43 61440 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46003649-n\decora-sse.dll 2010-07-31 17:43 . 2010-07-31 17:43 499712 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44dd46d7-n\jmc.dll 2010-07-31 17:43 . 2010-07-31 17:43 348160 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44dd46d7-n\msvcr71.dll 2010-07-31 17:43 . 2009-03-19 15:34 -------- d-----w- c:\program files\Java 2010-07-30 20:20 . 2009-02-07 19:09 -------- d-----w- c:\documents and settings\Simon\Application Data\dvdcss 2010-07-22 15:49 . 2008-04-14 04:42 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 05:57 . 2009-04-15 12:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-21 12:29 . 2010-06-03 22:52 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-07-21 12:29 . 2010-07-21 12:29 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-07-21 12:29 . 2010-07-21 12:29 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-07-21 12:28 . 2010-07-21 12:28 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-07-21 12:28 . 2010-07-21 12:28 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-07-21 12:24 . 2010-06-03 22:51 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-07-21 12:24 . 2010-06-03 22:51 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-07-20 20:38 . 2009-09-25 21:02 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-20 20:37 . 2010-07-20 20:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-20 20:36 . 2009-09-25 21:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-17 03:00 . 2010-07-31 17:43 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-30 12:23 . 2009-01-08 19:11 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2008-10-16 19:38 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 02:14 . 2009-01-08 19:14 1861120 ----a-w- c:\windows\system32\win32k.sys . ------- Sigcheck ------- [-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2009-01-26 577536] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] "nwiz"="nwiz.exe" [2009-01-15 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-20 2065760] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-20 20:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll path= backup= [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BankID Security Application.lnk] backup=c:\windows\pss\BankID Security Application.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^Free Music Zilla.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-04-02 14:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Steam\\steamapps\\baileys_boy15@hotmail.com\\counter-strike\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-09-25 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-09-25 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-20 308136] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-05-23 430152] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] . Innehållet i mappen 'Schemalagda aktiviteter': 2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 11:00] 2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 11:00] 2010-09-20 c:\windows\Tasks\User_Feed_Synchronization-{5F672323-F82B-4270-B21F-20C416B04789}.job - c:\windows\system32\msfeedssync.exe [2009-01-08 02:31] . . ------- Extra genomsökning ------- . uInternet Settings,ProxyOverride = *.local IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/ FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p= FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Personal\bin\np_prsnl.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICY ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - SharedTaskScheduler-{1BC61D34-C2A1-4146-8139-C47166786611} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-20 13:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Sluttid: 2010-09-20 13:08:15 ComboFix-quarantined-files.txt 2010-09-20 11:07 ComboFix2.txt 2009-11-06 15:53 Före genomsökningen: 17 349 648 384 bytes free Efter genomsökningen: 17 691 598 848 bytes free - - End Of File - - FCD78AFD5CA5D1923CEECD99DB60D673 //Simon
  15. kemsi
    Hej Mats! körde igenom de filer du lade upp och här kommer länkar till resultaten. c:\windows\system32\spoolsv.exe http://www.virustotal.com/file-scan/report.html?id=e0b07f08e60ffbad36c2e58180f4b2a16dca47716044cbe0213df7b74d742f1f-1284923413 c:\windows\system32\dllcache\spoolsv.exe http://www.virustotal.com/file-scan/report.html?id=e0b07f08e60ffbad36c2e58180f4b2a16dca47716044cbe0213df7b74d742f1f-1284923685 c:\windows\system32\dllcache\winsrv.dll http://www.virustotal.com/file-scan/report.html?id=2b3d44451afb46179f1f841c45265465a8d668d76e19150dade96accd7291779-1284923856 c:\windows\system32\dllcache\usp10.dll http://www.virustotal.com/file-scan/report.html?id=55da924168c44f33fea38e84df66ed285c7f2c226e6d70caaa3a305d6014173c-1284923989 Mvh Simon
×
×
  • Skapa nytt...