kemsi
-
Innehållsantal
28 -
Gick med
-
Besökte senast
Inlägg postade av kemsi
-
-
Man kan med hjälp av t ex Windows-programmet diskrensning ta bort tillfälliga (temp) filer.
utmärkt och enkelt!
-
Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.
Hur? Se Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.
Tryck på Run Fix.
Om du blir tillfrågad om att starta om datorn så gör det.
Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.
Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.
Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.
Tror att jag lyckades avaktivera allt men det får resultatet visa:
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D98F4A33-7873-4BC1-BE30-D8E328BA753A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D98F4A33-7873-4BC1-BE30-D8E328BA753A}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "<a href="">http://search.condui...q={searchTerms}</a>" removed from browser.search.defaulturl
Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.selectedEngine
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\Web Assistant\Firefox not found.
C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\askcom.xml moved successfully.
C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\babylon1.xml moved successfully.
C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\MyStart Search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 01242013_193517
-
Kör med AVG där väl nog funkar rimligt bra, har med MBaM körande i bakgrunden.
En sak jag i alla dagar har förvånats över är att AVG nåt så kopiöst lämnar *.temp-filer efter sig och det är inte få kan jag säga.
AVG verkar inte själv ta bort dessa och jag raderar väl +200 AVG-temp filer i månaden.
Får väl maila supporten och påpeka eländet...
Jaså! det låter sådär bra, antar att datorn påverkas något i längden av dessa temp-filer?
Föreslår du ett annat antivirus program, eller är det bara att gå in och radera dessa vart eftersom?
-
Detta vart resultatet :
OTL logfile created on: 2013-01-21 00:02:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simton\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
7,98 Gb Total Physical Memory | 6,30 Gb Available Physical Memory | 78,91% Memory free
15,96 Gb Paging File | 14,11 Gb Available in Paging File | 88,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 330,26 Gb Free Space | 70,91% Space Free | Partition Type: NTFS
Drive E: | 465,66 Gb Total Space | 465,55 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Computer Name: SIMTON-PC | User Name: Simton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013-01-21 00:01:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simton\Downloads\OTL(1).exe
PRC - [2013-01-20 01:33:28 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-12-11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012-12-09 21:41:43 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-11-15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012-09-09 22:30:34 | 000,421,776 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
PRC - [2011-11-15 17:39:11 | 001,088,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2011-04-30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011-04-30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011-01-17 20:11:22 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011-01-17 20:11:22 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
========== Modules (No Company Name) ==========
MOD - [2013-01-20 01:33:27 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-08-27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-08-27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012-01-11 15:57:10 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011-11-01 23:00:45 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\05294b772c0c70720a498f6f848133f8\IAStorUtil.ni.dll
MOD - [2011-11-01 23:00:45 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d322354194d7b34f3341616fd2f7b721\IAStorCommon.ni.dll
MOD - [2009-07-14 05:56:03 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009-07-14 05:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009-07-14 05:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009-07-14 05:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009-07-14 05:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009-07-14 05:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009-07-14 05:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009-07-14 05:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009-07-14 05:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009-06-10 14:10:52 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009-06-10 14:10:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_sv_b77a5c561934e089\System.Runtime.Remoting.resources.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012-09-28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-01-20 01:33:28 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-12-09 21:41:43 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-11-15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012-06-07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-04-30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012-11-15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012-10-22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012-10-15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012-10-02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012-09-28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-09-28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-09-21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012-09-21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012-09-14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012-08-21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-07-09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-06-10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-06-02 10:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011-06-02 10:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011-04-26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-10-19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-09-23 08:24:00 | 000,050,176 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\shbecr.sys -- (Tdsshbecr)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 33 70 CA E2 98 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112059&tt=4912_6&babsrc=SP_ss&mntrId=6a2e753e000000000000f46d0466e5af
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyCb1Unhd&i=26
IE - HKCU\..\SearchScopes\{D98F4A33-7873-4BC1-BE30-D8E328BA753A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BLPV5&o=13157&src=crm&q={searchTerms}&locale=&apn_ptnrs=S3&apn_dtid=YYYYYYYYSE&apn_uid=b92c7d40-4658-49a9-8841-b8ad04df5a13&apn_sauid=B0751441-1438-45CE-8DBF-4193A10E50CF&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.se/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-20 01:33:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-20 01:33:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-20 01:33:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-20 01:33:26 | 000,000,000 | ---D | M]
[2011-11-02 22:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simton\AppData\Roaming\mozilla\Extensions
[2012-12-18 12:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simton\AppData\Roaming\mozilla\Firefox\Profiles\wiiym6vl.default\extensions
[2011-11-06 03:59:25 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2011-11-07 20:36:05 | 000,002,574 | ---- | M] () -- C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\askcom.xml
[2012-12-04 17:33:46 | 000,002,432 | ---- | M] () -- C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\babylon1.xml
[2012-05-18 00:18:43 | 000,002,203 | ---- | M] () -- C:\Users\Simton\AppData\Roaming\mozilla\firefox\profiles\wiiym6vl.default\searchplugins\MyStart Search.xml
[2013-01-20 01:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-01-20 01:33:28 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-01-11 15:56:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012-12-09 23:19:15 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2012-12-04 17:33:39 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012-08-30 01:32:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-12-09 23:19:15 | 000,002,883 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2012-12-09 23:19:15 | 000,001,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2012-08-30 01:32:27 | 000,001,387 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2012-08-30 01:32:27 | 000,001,164 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml
========== Chrome ==========
O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Simton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.8.31.209 79.138.0.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BE3653C-FFA6-4078-A512-1393FFD7B9FD}: DhcpNameServer = 85.8.31.209 79.138.0.180
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{12aedd1e-a06b-11e1-971d-f46d0466e5af}\Shell - "" = AutoRun
O33 - MountPoints2\{12aedd1e-a06b-11e1-971d-f46d0466e5af}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{8665c0a9-04f4-11e1-903e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8665c0a9-04f4-11e1-903e-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\Diablo III Setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013-01-20 01:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-01-13 14:25:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013-01-10 19:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-09-09 22:30:38 | 000,293,776 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll
[2012-09-09 22:30:34 | 000,421,776 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
[2012-09-09 22:30:34 | 000,403,344 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll
[2012-09-09 22:30:34 | 000,156,560 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll
[2012-09-09 22:30:28 | 009,777,040 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe
[2012-09-09 22:30:24 | 021,131,152 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll
[2012-09-09 22:30:22 | 003,008,536 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2012-09-09 22:30:22 | 000,776,216 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2012-09-09 22:30:22 | 000,262,680 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2012-09-09 22:30:22 | 000,219,672 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[2012-08-08 18:15:32 | 000,112,528 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\ITDetector.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013-01-20 23:12:04 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-01-20 22:30:02 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-01-20 22:29:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-01-20 22:29:35 | 2132,717,567 | -HS- | M] () -- C:\hiberfil.sys
[2013-01-20 01:36:45 | 000,000,526 | ---- | M] () -- C:\Users\Simton\Desktop\Attach20.lnk
[2013-01-16 19:45:15 | 000,045,304 | ---- | M] () -- C:\Users\Simton\Documents\Programlicensavtal för iPhone.rtf
[2013-01-16 19:34:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013-01-10 19:10:23 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013-01-09 00:11:36 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-01-09 00:11:36 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-01-07 23:52:20 | 000,105,450 | ---- | M] () -- C:\Users\Simton\Desktop\Lindas CV.. 2013.odt
[2013-01-07 23:50:40 | 000,105,441 | ---- | M] () -- C:\Users\Simton\Desktop\Lindas CV...odt
[2012-12-31 17:34:45 | 000,165,242 | ---- | M] () -- C:\Users\Simton\Desktop\kjhuh.png
[2012-12-30 22:16:04 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013-01-20 01:36:45 | 000,000,526 | ---- | C] () -- C:\Users\Simton\Desktop\Attach20.lnk
[2013-01-16 19:45:15 | 000,045,304 | ---- | C] () -- C:\Users\Simton\Documents\Programlicensavtal för iPhone.rtf
[2013-01-16 19:34:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013-01-07 23:52:20 | 000,105,450 | ---- | C] () -- C:\Users\Simton\Desktop\Lindas CV.. 2013.odt
[2012-12-31 17:34:44 | 000,165,242 | ---- | C] () -- C:\Users\Simton\Desktop\kjhuh.png
[2012-08-22 17:02:45 | 000,027,520 | ---- | C] () -- C:\Users\Simton\AppData\Local\dt.dat
[2012-08-08 18:14:16 | 000,064,083 | ---- | C] () -- C:\Program Files (x86)\Acknowledgements.rtf
[2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-04-10 13:11:55 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012-02-15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-02-15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-12-20 20:09:34 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011-11-02 21:47:53 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-11-02 21:47:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-11-01 23:25:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-11-01 22:56:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011-11-01 22:56:32 | 000,030,438 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012-12-16 15:25:39 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\AVG2013
[2012-10-02 21:53:34 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\BigHugeEngine
[2013-01-13 15:22:15 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\DAEMON Tools Lite
[2013-01-13 15:23:31 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\DAEMON Tools Pro
[2012-02-02 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Foxit Software
[2012-06-17 23:40:55 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Mumble
[2012-10-04 00:07:58 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Need for Speed World
[2012-01-11 15:58:07 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\OpenOffice.org
[2012-12-14 00:27:38 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Origin
[2011-11-15 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Personal
[2011-11-06 03:01:29 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\Sammsoft
[2012-09-12 22:04:27 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\TeamViewer
[2012-04-10 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\TS3Client
[2012-01-19 02:41:17 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\ts3overlay
[2012-12-16 15:23:42 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\TuneUp Software
[2013-01-19 00:10:43 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\uTorrent
[2012-10-05 00:58:11 | 000,000,000 | ---D | M] -- C:\Users\Simton\AppData\Roaming\WindSolutions
========== Purity Check ==========
< End of report >
-
Hej igen, ursäkta väntan kommit hem från thailand idag.
gjorde som du skrev och klistrade in dds och bifogade attach.
OBS! har nu stött på ett nytt problem med min Cd-rom. Den får ibland fnatt och börjar lysa och låta som om den hade en cd i, efter detta fryser skärmen sig och det går inget annat
än att stänga av datorn manuellt via chassit.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Simton at 1:31:46 on 2013-01-20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.8173.6560 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Simton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.8.31.209 79.138.0.180
TCP: Interfaces\{7BE3653C-FFA6-4078-A512-1393FFD7B9FD} : DHCPNameServer = 85.8.31.209 79.138.0.180
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Simton\AppData\Roaming\Mozilla\Firefox\Profiles\wiiym6vl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-1 13592]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-1 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2011-11-15 50176]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
.
=============== Created Last 30 ================
.
2013-01-13 13:25:28 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2013-01-08 23:11:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-01-08 23:11:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-30 21:16:04 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-09 20:41:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-11-15 22:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-22 12:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-09-09 21:30:38 293776 ----a-w- C:\Program Files (x86)\iTunesOutlookAddIn.dll
2012-09-09 21:30:34 421776 ----a-w- C:\Program Files (x86)\iTunesHelper.exe
2012-09-09 21:30:34 403344 ----a-w- C:\Program Files (x86)\iTunesAdmin.dll
2012-09-09 21:30:34 156560 ----a-w- C:\Program Files (x86)\iTunesHelper.dll
2012-09-09 21:30:28 9777040 ----a-w- C:\Program Files (x86)\iTunes.exe
2012-09-09 21:30:24 21131152 ----a-w- C:\Program Files (x86)\iTunes.dll
2012-09-09 21:30:22 776216 ----a-w- C:\Program Files (x86)\gnsdk_sdkmanager.dll
2012-09-09 21:30:22 3008536 ----a-w- C:\Program Files (x86)\gnsdk_dsp.dll
2012-09-09 21:30:22 262680 ----a-w- C:\Program Files (x86)\gnsdk_submit.dll
2012-09-09 21:30:22 219672 ----a-w- C:\Program Files (x86)\gnsdk_musicid.dll
2012-08-08 17:15:32 112528 ----a-w- C:\Program Files (x86)\ITDetector.ocx
.
============= FINISH: 1:32:27,85 ===============
Mvh simon
-
Dem var verkligen besvärlig och gick ej att finna filen någonvart, Virustotal sa bara att sökvägen inte hittades.
när jag gjorde en egen sökning så fann jag c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll som text i dds loggen endast. :/
Jag gjorde en anmälan av trojan horse alarmet iaf.
-
-
Det var underligt! jag tror jag fick bort alla angivna program, startade om och detta som resultat:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Simton at 12:33:47 on 2012-12-18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.8173.6599 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112059&tt=4912_6&babsrc=HP_ss&mntrId=6a2e753e000000000000f46d0466e5af
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Simton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.8.31.209 79.138.0.180
TCP: Interfaces\{7BE3653C-FFA6-4078-A512-1393FFD7B9FD} : DHCPNameServer = 85.8.31.209 79.138.0.180
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Simton\AppData\Roaming\Mozilla\Firefox\Profiles\wiiym6vl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyCb1Unhd&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 6a2e753e000000000000f46d0466e5af
FF - user.js: extensions.incredibar_i.instlDay - 15477
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.141:18:57
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyCb1Unhd
FF - user.js: extensions.incredibar_i.upn2n - 92261427968062711
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 20%5F5
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6a2e753e000000000000f46d0466e5af&q=
FF - user.js: extensions.BabylonToolbar.id - 6a2e753e000000000000f46d0466e5af
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15678
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.917:33:46
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112059&tt=4912_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-1 13592]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-1 539240]
R3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2011-11-15 50176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
.
=============== Created Last 30 ================
.
2012-12-18 11:24:07 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-12-16 14:25:39 -------- d-----w- C:\Users\Simton\AppData\Roaming\AVG2013
2012-12-16 14:23:42 -------- d-----w- C:\Users\Simton\AppData\Roaming\TuneUp Software
2012-12-16 14:21:49 -------- d-----w- C:\ProgramData\AVG2013
2012-12-16 14:19:59 -------- d-----w- C:\Users\Simton\AppData\Local\MFAData
2012-12-16 14:19:59 -------- d-----w- C:\Users\Simton\AppData\Local\Avg2013
2012-12-09 23:46:02 -------- d-----w- C:\Users\Simton\AppData\Local\My Games
2012-12-09 20:54:06 -------- d-----w- C:\ProgramData\Orbit
2012-12-09 20:46:11 -------- d-----w- C:\Users\Simton\AppData\Local\Ubisoft Game Launcher
2012-12-04 16:33:31 -------- d-----w- C:\Users\Simton\AppData\Roaming\Babylon
2012-12-04 16:33:31 -------- d-----w- C:\ProgramData\Babylon
2012-11-24 15:26:57 -------- d-----w- C:\Users\Simton\AppData\Local\ESN
.
==================== Find3M ====================
.
2012-12-16 15:59:28 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-16 15:59:28 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-15 13:10:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-09 20:41:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-10-22 12:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-15 02:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-05 02:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-02 02:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-28 14:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe
2012-09-28 14:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-09-28 14:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-09-28 14:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-09-28 14:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-09-28 14:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-09-28 14:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll
2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll
2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll
2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe
2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll
2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll
2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-09-21 02:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 02:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-09 21:30:38 293776 ----a-w- C:\Program Files (x86)\iTunesOutlookAddIn.dll
2012-09-09 21:30:34 421776 ----a-w- C:\Program Files (x86)\iTunesHelper.exe
2012-09-09 21:30:34 403344 ----a-w- C:\Program Files (x86)\iTunesAdmin.dll
2012-09-09 21:30:34 156560 ----a-w- C:\Program Files (x86)\iTunesHelper.dll
2012-09-09 21:30:28 9777040 ----a-w- C:\Program Files (x86)\iTunes.exe
2012-09-09 21:30:24 21131152 ----a-w- C:\Program Files (x86)\iTunes.dll
2012-09-09 21:30:22 776216 ----a-w- C:\Program Files (x86)\gnsdk_sdkmanager.dll
2012-09-09 21:30:22 3008536 ----a-w- C:\Program Files (x86)\gnsdk_dsp.dll
2012-09-09 21:30:22 262680 ----a-w- C:\Program Files (x86)\gnsdk_submit.dll
2012-09-09 21:30:22 219672 ----a-w- C:\Program Files (x86)\gnsdk_musicid.dll
2012-08-08 17:15:32 112528 ----a-w- C:\Program Files (x86)\ITDetector.ocx
.
============= FINISH: 12:34:27,45 ===============
Här kommer attach.txt från windows 7
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2011-11-01 22:50:31
System Uptime: 2012-12-18 12:30:24 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 LE
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 2277/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 328,172 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 465,549 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP71: 2012-12-16 15:21:19 - Installed AVG 2013
RP72: 2012-12-16 15:21:52 - Installed AVG 2013
RP73: 2012-12-18 12:23:30 - Removed Java™ 6 Update 29
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 11 Plugin 64-bit
Age of Conan: Unchained
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AOC UI Installer 3.1.0
Apple-programstöd
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
µTorrent
AVG 2013
BankID säkerhetsprogram 4.18.3
Battlefield 3™
Battlefield Heroes
Battlelog Web Plugins
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Counter-Strike
Diablo III
ESN Sonar
Far Cry 3
Foxit Reader 5.1
Google Earth Plug-in
Google Update Helper
Handelsbankens kortläsare
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java™ 6 Update 22
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 sv-SE)
Mozilla Maintenance Service
Mumble 1.2.3
Need For Speed™ World
NVIDIA PhysX
OpenOffice.org 3.3
Origin
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Skype™ 5.10
Steam
TeamSpeak 3 Client
Uplay
Ventrilo Client for Windows x64
Windows Media Player Firefox Plugin
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 1.1.11
.
==== End Of File ===========================
-
Jaså
tack för infon! avinstallerade demon tools samt hijackthis och lägger upp DDS loggen här:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Simton at 23:27:48 on 2012-12-17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.8173.6970 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112059&tt=4912_6&babsrc=HP_ss&mntrId=6a2e753e000000000000f46d0466e5af
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mWinlogon: Userinit = userinit.exe
BHO: ADDICT-THING Class: {31952F05-C6BA-DF50-CCA8-0FBD4679991F} - C:\ProgramData\ADDICT-THING\bhoclass.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Simton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.8.31.209 79.138.0.180
TCP: Interfaces\{7BE3653C-FFA6-4078-A512-1393FFD7B9FD} : DHCPNameServer = 85.8.31.209 79.138.0.180
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Simton\AppData\Roaming\Mozilla\Firefox\Profiles\wiiym6vl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Simton\AppData\Roaming\Mozilla\Firefox\Profiles\wiiym6vl.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyCb1Unhd&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 6a2e753e000000000000f46d0466e5af
FF - user.js: extensions.incredibar_i.instlDay - 15477
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.141:18:57
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyCb1Unhd
FF - user.js: extensions.incredibar_i.upn2n - 92261427968062711
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 20%5F5
FF - user.js: extentions.y2layers.installId - de9f5410-7329-42b1-8c6f-5276ad4bc0c5
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6a2e753e000000000000f46d0466e5af&q=
FF - user.js: extensions.BabylonToolbar.id - 6a2e753e000000000000f46d0466e5af
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15678
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.917:33:46
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112059&tt=4912_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-4 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-1 13592]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-5-18 185856]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-1 539240]
R3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2011-11-15 50176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
.
=============== Created Last 30 ================
.
2012-12-16 14:25:39 -------- d-----w- C:\Users\Simton\AppData\Roaming\AVG2013
2012-12-16 14:23:42 -------- d-----w- C:\Users\Simton\AppData\Roaming\TuneUp Software
2012-12-16 14:21:49 -------- d-----w- C:\ProgramData\AVG2013
2012-12-16 14:19:59 -------- d-----w- C:\Users\Simton\AppData\Local\MFAData
2012-12-16 14:19:59 -------- d-----w- C:\Users\Simton\AppData\Local\Avg2013
2012-12-09 23:46:02 -------- d-----w- C:\Users\Simton\AppData\Local\My Games
2012-12-09 20:54:06 -------- d-----w- C:\ProgramData\Orbit
2012-12-09 20:46:11 -------- d-----w- C:\Users\Simton\AppData\Local\Ubisoft Game Launcher
2012-12-04 16:53:37 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-12-04 16:53:33 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2012-12-04 16:33:31 -------- d-----w- C:\Users\Simton\AppData\Roaming\Babylon
2012-12-04 16:33:31 -------- d-----w- C:\ProgramData\Babylon
2012-11-24 15:26:57 -------- d-----w- C:\Users\Simton\AppData\Local\ESN
.
==================== Find3M ====================
.
2012-12-16 15:59:28 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-16 15:59:28 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-15 13:10:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-09 20:41:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-10-22 12:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-15 02:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-05 02:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-02 02:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-28 14:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe
2012-09-28 14:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-09-28 14:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-09-28 14:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-09-28 14:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-09-28 14:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-09-28 14:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll
2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll
2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll
2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe
2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll
2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll
2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-09-21 02:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 02:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-09 21:30:38 293776 ----a-w- C:\Program Files (x86)\iTunesOutlookAddIn.dll
2012-09-09 21:30:34 421776 ----a-w- C:\Program Files (x86)\iTunesHelper.exe
2012-09-09 21:30:34 403344 ----a-w- C:\Program Files (x86)\iTunesAdmin.dll
2012-09-09 21:30:34 156560 ----a-w- C:\Program Files (x86)\iTunesHelper.dll
2012-09-09 21:30:28 9777040 ----a-w- C:\Program Files (x86)\iTunes.exe
2012-09-09 21:30:24 21131152 ----a-w- C:\Program Files (x86)\iTunes.dll
2012-09-09 21:30:22 776216 ----a-w- C:\Program Files (x86)\gnsdk_sdkmanager.dll
2012-09-09 21:30:22 3008536 ----a-w- C:\Program Files (x86)\gnsdk_dsp.dll
2012-09-09 21:30:22 262680 ----a-w- C:\Program Files (x86)\gnsdk_submit.dll
2012-09-09 21:30:22 219672 ----a-w- C:\Program Files (x86)\gnsdk_musicid.dll
2012-08-08 17:15:32 112528 ----a-w- C:\Program Files (x86)\ITDetector.ocx
.
============= FINISH: 23:28:02,03 ===============
p.s vet inte om jag lyckades bifoga attach loggen rätt
Tack på förhand
-
Hej igen!
Nu var det ett tag sen jag var förbi här och det är väl ett gott tecken
Nu är det så att mitt vanliga anti virus program vanligen tar bort det mesta, men nu fick man 2 "infected files" som ej kunde tas bort av mitt AVG anit-virus;
"";"The file is signed with a broken digital signature, issued by: DT Soft Ltd., C:\Users\Simton\AppData\Local\Temp\is1598539481\2559086_Setup.DAT";"Infected"
"";"The file is signed with a broken digital signature, issued by: DT Soft Ltd., C:\Users\Simton\Downloads\DTLite4454-0315.exe";"Infected"
så jag tänkte att det är väl lika bra att posta en hijackthis log och kolla läget:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:02:13, on 2012-12-17
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Simton\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000f46d0466e5af
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ADDICT-THING - {31952F05-C6BA-DF50-CCA8-0FBD4679991F} - C:\ProgramData\ADDICT-THING\bhoclass.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe"
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files (x86)\Personal\bin\Personal.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9289 bytes
Mvh simon! -
Hej,
allt ser nu bra ut.
Några åtgärder kvar:
Uppdatera
VLC media player 0.9.8a till 1.1.4
Inaktivera/Ta bort
AVG Security Toolbar
DAEMON Tools Toolbar
I Mozilla Firefox, inaktivera/ta bort följande gamla Java consoler i Verktyg Tillägg.
Java 6 Update 12
Java 6 Update 13
Java 6 Update 15
Java 6 Update 16
Java 6 Update 17
Java 6 Update 18
Sedan en städomgång.
1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.
Börja med att skapa en ny systemåterställningspunkt:
XP:
Start - Program- Tillbehör - Systemverktyg - Systemåterställning
Välj att skapa en ny återställningspunkt och tryck på Nästa.
Vista och Windows 7 (?):
Högerklick på Datorn - Egenskaper - Systemskydd
Tryck på Skapa.
Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.
Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.
På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.
Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.
2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.
http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och de olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn. Ta bort DDS-programmet och dess loggar, liksom de olika RKill-filerna. Om något är kvar efter det så fråga hur du ska ta bort det.
3. Ta bort alla tillfälliga filer genom att ladda ner TFC-Cleaner på Skrivbordet:
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
Stäng av alla andra program, särskilt webbläsare.
Dubbelklicka på TFC-Cleaner.exe för att starta programmet.
Alternativt denna sida för ATF cleaner, om OTC fortsatt är off line.
http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25
4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.
http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.
Besök gärna Cecilias sida för flera tips!
http://sites.google.com/site/ceblstockholm/home
Tack för bra jobb!
Mvh
Mats H
TAck Mats, min dator är snabbare nu!
//Simon
-
Hej,
Här finns i det rester av Norton eller?
avinstallera, prova med detta verktyg,
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\NOS
c:\program files\Common Files\Symantec Shared
Kan du ladda upp denna fil på Virutotal.
c:\windows\system32\sfcfiles.dll
I Firefox, inaktivera alla Javatillägg utom Java 6 Udate 21, se Verktyg och Tillägg.
Återkom med en ny DDS efter detta.
Mvh
Mats H
Hej!
Försökte så gott jag kunde med att ta bort norton vilket jag inte visste att jag hade något kvar av. Kommer inte ihåg vilket norton det var men det var en gratis version iaf.
Avaktivireade alla java tillägg utom java 6 21.
c:\windows\system32\sfcfiles.dll
DDS (Ver_10-03-17.01) - NTFSx86
Run by Simon at 15:45:29,23 on 2010-09-24
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2046.1098 [GMT 2:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Simon\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_sv-SE;_rv:1.9.1.8)_Gecko/20100202_Firefox/3.5.8_(.NET_CLR_3.5.30729)" -"http://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1267181325916"
mRun: [soundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\07lsd12p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-25 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-25 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-20 308136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-19 54752]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-23 430152]
S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
=============== Created Last 30 ================
2010-09-15 11:12:57 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-09-15 11:12:56 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-09-15 11:12:52 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-09-13 11:12:06 0 d-----w- c:\docume~1\simon\applic~1\Malwarebytes
2010-09-13 11:11:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-13 11:11:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 17:55:24 0 d--h--w- c:\windows\PIF
==================== Find3M ====================
2010-09-24 02:03:19 46 ----a-w- c:\documents and settings\simon\jagex_runescape_preferences.dat
2010-09-24 02:03:18 99 ----a-w- c:\documents and settings\simon\jagex_runescape_preferences2.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-27 06:28:54 8463360 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-20 20:37:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:23:55 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:23:55 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2009-04-13 17:36:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-01-26 18:18:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012620090127\index.dat
2009-04-13 17:36:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 15:45:53,54 ===============
Mvh
Simon
-
Hej,
bra att dessa filer ej var infekterade.
Vill kolla med ComboFix också. Spara ComboFix på Skrivbordet:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.
Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.
VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.
När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.
Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.
Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.
Mvh
Mats H
Hej!
Nu har jag följt anvisningarna och det tycks ha gått bra (inget upphakande av datorn iaf).
ComboFix 10-09-19.03 - Simon 2010-09-20 13:00:59.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2046.1096 [GMT 2:00]
Körs från: c:\documents and settings\Simon\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Simon\Recent\Thumbs.db
c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
.
(((((((((((((((((((((((( Filer Skapade från 2010-08-20 till 2010-09-20 ))))))))))))))))))))))))))))))
.
2010-09-15 11:12 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-09-15 11:12 . 2010-06-18 17:43 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-09-15 11:12 . 2010-04-16 15:36 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-09-13 11:12 . 2010-09-13 11:12 -------- d-----w- c:\documents and settings\Simon\Application Data\Malwarebytes
2010-09-13 11:11 . 2010-09-13 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-13 11:11 . 2010-09-20 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 17:55 . 2010-08-31 17:55 -------- d--h--w- c:\windows\PIF
2010-08-26 16:14 . 2010-08-26 16:14 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 10:31 . 2010-05-24 12:11 0 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\prvlcl.dat
2010-09-19 22:08 . 2009-01-26 20:33 46 ----a-w- c:\documents and settings\Simon\jagex_runescape_preferences.dat
2010-09-19 21:34 . 2009-09-02 13:08 99 ----a-w- c:\documents and settings\Simon\jagex_runescape_preferences2.dat
2010-09-16 09:01 . 2009-12-21 20:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-18 21:18 . 2009-01-26 19:17 -------- d-----w- c:\documents and settings\Simon\Application Data\uTorrent
2010-08-17 20:17 . 2009-01-26 19:17 -------- d-----w- c:\program files\uTorrent
2010-08-17 13:17 . 2008-04-14 04:42 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 17:56 . 2010-04-20 09:41 -------- d-----w- c:\program files\DIALux
2010-08-10 12:20 . 2010-06-04 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-10 12:10 . 2009-03-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-04 15:55 . 2010-06-05 12:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-31 17:44 . 2010-07-31 17:44 -------- d-----w- c:\program files\Common Files\Java
2010-07-31 17:44 . 2010-07-31 17:44 503808 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44dd46d7-n\msvcp71.dll
2010-07-31 17:44 . 2010-07-31 17:44 12800 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46003649-n\decora-d3d.dll
2010-07-31 17:43 . 2010-07-31 17:43 61440 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46003649-n\decora-sse.dll
2010-07-31 17:43 . 2010-07-31 17:43 499712 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44dd46d7-n\jmc.dll
2010-07-31 17:43 . 2010-07-31 17:43 348160 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44dd46d7-n\msvcr71.dll
2010-07-31 17:43 . 2009-03-19 15:34 -------- d-----w- c:\program files\Java
2010-07-30 20:20 . 2009-02-07 19:09 -------- d-----w- c:\documents and settings\Simon\Application Data\dvdcss
2010-07-22 15:49 . 2008-04-14 04:42 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 12:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 12:29 . 2010-06-03 22:52 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-21 12:29 . 2010-07-21 12:29 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-21 12:29 . 2010-07-21 12:29 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-21 12:28 . 2010-07-21 12:28 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-21 12:28 . 2010-07-21 12:28 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-21 12:24 . 2010-06-03 22:51 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-21 12:24 . 2010-06-03 22:51 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-20 20:38 . 2009-09-25 21:02 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-20 20:37 . 2010-07-20 20:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-20 20:36 . 2009-09-25 21:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-17 03:00 . 2010-07-31 17:43 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:23 . 2009-01-08 19:11 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2008-10-16 19:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:14 . 2009-01-08 19:14 1861120 ----a-w- c:\windows\system32\win32k.sys
.
------- Sigcheck -------
[-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-01-26 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-20 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-20 20:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
path=
backup=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BankID Security Application.lnk]
backup=c:\windows\pss\BankID Security Application.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^Free Music Zilla.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 14:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Steam\\steamapps\\baileys_boy15@hotmail.com\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-09-25 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-09-25 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-20 308136]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-05-23 430152]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Innehållet i mappen 'Schemalagda aktiviteter':
2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 11:00]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 11:00]
2010-09-20 c:\windows\Tasks\User_Feed_Synchronization-{5F672323-F82B-4270-B21F-20C416B04789}.job
- c:\windows\system32\msfeedssync.exe [2009-01-08 02:31]
.
.
------- Extra genomsökning -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Personal\bin\np_prsnl.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICY ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
SharedTaskScheduler-{1BC61D34-C2A1-4146-8139-C47166786611} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 13:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Sluttid: 2010-09-20 13:08:15
ComboFix-quarantined-files.txt 2010-09-20 11:07
ComboFix2.txt 2009-11-06 15:53
Före genomsökningen: 17 349 648 384 bytes free
Efter genomsökningen: 17 691 598 848 bytes free
- - End Of File - - FCD78AFD5CA5D1923CEECD99DB60D673
//Simon
-
Hej,
kan du ladda upp följande filer på Virustotal:
c:\windows\system32\spoolsv.exe
c:\windows\system32\dllcache\spoolsv.exe
c:\windows\system32\dllcache\winsrv.dll
c:\windows\system32\dllcache\usp10.dll
Tryck på fliken Upload File, använd Bläddraknappen för att leta reda på filen, tryck Send File.
Återkom med svarslänkar, färdiganalyserade, här i din tråd.
(Klistra in länkarna).
Virustotal hittar du här: http://www.virustotal.com/index.html
Mvh
Mats H
Hej Mats!
körde igenom de filer du lade upp och här kommer länkar till resultaten.
c:\windows\system32\spoolsv.exe
c:\windows\system32\dllcache\spoolsv.exe
c:\windows\system32\dllcache\winsrv.dll
c:\windows\system32\dllcache\usp10.dll
Mvh Simon
-
Kan du få fram någon logg eller liknande som visar vad det var för fil som AVG ansåg vara en "Trojan horse Generic2_c.BDRQ" och i vilken mapp den filen fanns? Likaså vad det är för varningar den rapporterar om nu?
Kan du se om du i datorn kan hitta någon fil som heter antingen PaconspePyt eller Paconspe?
Hej cecilia!
Jag fann ingen fil vid namn PaconspePyt eller Paconspe tyvär.
Här kopierade jag loggtexten från AVG (då AVG fortfarande fann trojanen vid scenningen)
"Infection";"Trojan horse Generic2_c.BDRQ";"C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\6.0\33\608553a1-2d0b4f6d";"";"2010-08-31, 17:47:07"
När jag scannar Med AVG idag så dyker ingen Trojansk häst upp på loggen, vilket är underligt när jag inte tagit bort den.
Biofogar även loggen från Regcure som inte tycks kunna ta bort något under namnet COMActiveX.
-
Nu har jag kört AVG igen och denna gång fann den ingen trojansk häst,
iaf inte vad jag såg.
men nu är det 33 "Warnings" som inte blir removed och datorn går
fortfarande relativt trögt jämfört med någon månad sen.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Simon at 15:52:54,96 on 2010-09-17
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2046.999 [GMT 2:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Simon\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_sv-SE;_rv:1.9.1.8)_Gecko/20100202_Firefox/3.5.8_(.NET_CLR_3.5.30729)" -"http://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1267181325916"
mRun: [soundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: PaconspePyt: {1bc61d34-c2a1-4146-8139-c47166786611} - PaconspePyt.Paconspe
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\07lsd12p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-25 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-25 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-20 308136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-19 54752]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-23 430152]
S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
=============== Created Last 30 ================
2010-09-15 11:12:57 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-09-15 11:12:56 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-09-15 11:12:52 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-09-13 11:12:06 0 d-----w- c:\docume~1\simon\applic~1\Malwarebytes
2010-09-13 11:11:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 11:11:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-13 11:11:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-13 11:11:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 17:55:24 0 d--h--w- c:\windows\PIF
==================== Find3M ====================
2010-09-17 12:12:38 46 ----a-w- c:\documents and settings\simon\jagex_runescape_preferences.dat
2010-09-17 12:08:55 99 ----a-w- c:\documents and settings\simon\jagex_runescape_preferences2.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-27 06:28:54 8463360 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-20 20:38:01 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-20 20:37:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-20 20:36:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:23:55 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:23:55 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 15:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-24 02:14:38 1861120 ----a-w- c:\windows\system32\win32k.sys
2010-06-24 02:14:38 1861120 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 14:18:51 354304 ------w- c:\windows\system32\dllcache\srv.sys
2009-04-13 17:36:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-01-26 18:18:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012620090127\index.dat
2009-04-13 17:36:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 15:53:13,87 ===============
-
Jag har testade Malwarebytes' Anti-Malware för några dagar sen och den fann ingen trojan. Men
sen efter jag scannade med AVG efter så fann den Trojanen igen.
-
Hit man pro har jag inte testat, är programmet gratis?
Här kommer hijackthis loggen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:57, on 2010-09-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Simon\My Documents\Hämtade filer\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_sv-SE;_rv:1.9.1.8)_Gecko/20100202_Firefox/3.5.8_(.NET_CLR_3.5.30729)" -"http://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1267181325916"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: PaconspePyt - {1BC61D34-C2A1-4146-8139-C47166786611} - (no file)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7720 bytes
-
Scannade min dator för några dagar sedan med AVG
och fann då en trojan vid namnet "Trojan horse Generic2_c.BDRQ".
Har försökt med alla möjliga olika scanners men ingen tycks ta bort den.
den tycks byta "gömställe" efter varje scanning! jag har fixat HijackThis men är ingen
hejare på tyda resultaten men för er som kan läsa det lägger jag upp hijackthis loggen. Om den
är till nytta dvs.
//Simon
-
Ja, nu går det att se att det inte ser ut att finnas några rootkits.
Jag misstänker att AVG falsklarmade och att drivrutinen den satte i karantän tillhör Daemon Tools. För att ta reda på det så skulle jag vilja att du återställer en av filerna i karantänen och sedan bläddrar fram filen på sidan http://www.virustotal.com . Tryck därefter på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här.
Hmm, okej så vilken fil som helst från avg karantänen alltså? tog en (av vad jag gissar på är en av de filerna du menar) och körde igenom virustotal och de här blev resultatet (i länken nedan). Obs! jag tryckte på "restore as" till skrivbordet så jag lättare skulle hitta den, gick de bra att göra så? Tack!
http://www.virustotal.com/sv/analisis/57fd36595250cde1ac56c28bfa370c3bf861b7d238aebb125a94ed73cbfb71f6-1257696087
-
Det är väldigt mycket i loggarna som ser ut att ha med Daemon Tools att göra. Är du säker på att programmet är avinstallerat?
De här filerna som AVG har hittat finns de i AVGs karantän?
Jo de finns i karaktän ser det ut som.
Nu har jag tagit bort Daemon tools på rätt sätt och scannat om allt som i dina anvisningar. Det kanske ser bättre ut nu!
Tack!
Win32Diag
Running from: C:\Documents and Settings\Simon\Desktop\Win32kDiag(2).exe
Log file at : C:\Documents and Settings\Simon\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/08 14:19
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB625A000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5CC000 Size: 8192 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba4898a0
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba4898d0
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba489980
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba489a20
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba489ac0
Shadow SSDT
-------------------
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba489440
#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba4893b0
#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba4893f0
#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba489330
==EOF==
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-08 15:19:56
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Simon\LOCALS~1\Temp\uxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwClose [0xBA4898A0]
SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xBA4898D0]
SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xBA489980]
SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xBA489A20]
SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xBA489AC0]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCC 0x9F 0xB3 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCD 0xBE 0xD1 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAD 0x92 0x98 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCC 0x9F 0xB3 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCD 0xBE 0xD1 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAD 0x92 0x98 0xFF ...
---- EOF - GMER 1.0.15 ----
-
1. Om du har Daemon Tools, Alcohol 120% eller något liknande program som skapar virtuella CD-enheter så avinstallera det programmet för tillfället och starta sedan om datorn.
2. Spara denna fil på Skrivbordet:
http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe
Kör programmet.
När det är klart så skapas en loggfil Win32kDiag.txt på Skrivbordet. Klistra in den i ditt svar.
3. Spara denna fil på Skrivbordet:
http://rootrepeal.googlepages.com/RootRepeal.zip
Packa upp zip-filen (extrahera) så att du får en programfil.
Starta RootRepeal.
Välj Report-fliken och tryck på Scan.
Bocka för alla sju valen och tryck sedan på Yes/Ja.
Välj C: och tryck Ok.
Det tar ett tag för RootRepeal att söka igenom C:.
När sökningen är klar så tryck på Save Report och spara den med namnet rootrepeal.log. Klistra in innehållet i rootrepeal.log.
4. Spara Gmer på Skrivbordet från en av dessa sidor:
http://www.gmer.net/files.php'>http://www.gmer.net/files.php välj Gmer application
http://www.majorgeeks.com/GMER_d5198.html
Packa upp filen till Skrivbordet.
Dra ur internetanslutningen.
Stäng alla program, även antivirusprogram och brandvägg.
Starta programmet gmer.exe.
Om det kommer upp en fråga om "scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.
Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.
Tryck på Save och spara resultatet på Skrivbordet.
Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.
Klistra in resultatet i ditt svar.
Okej, nu har jag försökt inte missa något och klistrat in scanning loggarna från win32kdiag, rootrepeal och Gmer.
När jag scannade med win32kdiag uppkom "WARNING: Could not get backup privileges!" vad innebär detta? Tack:)
Win32kDiag.txt.
Running from: C:\Documents and Settings\Simon\Desktop\Win32kDiag(2).exe
Log file at : C:\Documents and Settings\Simon\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
rootrepeal.log.
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/07 02:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: a5bed12r.SYS
Image Path: C:\WINDOWS\System32\Drivers\a5bed12r.SYS
Address: 0xB8839000 Size: 221184 File Visible: No Signed: -
Status: -
Name: catchme.sys
Image Path: C:\DOCUME~1\Simon\LOCALS~1\Temp\catchme.sys
Address: 0xB4DD2000 Size: 31744 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB56A8000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5D0000 Size: 8192 File Visible: No Signed: -
Status: -
Name: PCI_PNP2594
Image Path: \Driver\PCI_PNP2594
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xBA5EE000 Size: 7872 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB4FEF000 Size: 49152 File Visible: No Signed: -
Status: -
Name: spcv.sys
Image Path: spcv.sys
Address: 0xB9EA7000 Size: 1048576 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba3c98a0
#: 041 Function Name: NtCreateKey
Status: Hooked by "spcv.sys" at address 0xb9ea80e0
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spcv.sys" at address 0xb9ec6ca2
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spcv.sys" at address 0xb9ec7030
#: 119 Function Name: NtOpenKey
Status: Hooked by "spcv.sys" at address 0xb9ea80c0
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba3c98d0
#: 160 Function Name: NtQueryKey
Status: Hooked by "spcv.sys" at address 0xb9ec7108
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spcv.sys" at address 0xb9ec6f88
#: 247 Function Name: NtSetValueKey
Status: Hooked by "spcv.sys" at address 0xb9ec719a
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba3c9980
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba3c9a20
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba3c9ac0
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89de71f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x89967438 Size: 121
Object: Hidden Code [Driver: a5bed12rЅఅ瑎獆ର, IRP_MJ_CREATE]
Process: System Address: 0x89b2a1f8 Size: 121
Object: Hidden Code [Driver: a5bed12rЅఅ瑎獆ର, IRP_MJ_CLOSE]
Process: System Address: 0x89b2a1f8 Size: 121
Object: Hidden Code [Driver: a5bed12rЅఅ瑎獆ର, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b2a1f8 Size: 121
Object: Hidden Code [Driver: a5bed12rЅఅ瑎獆ର, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b2a1f8 Size: 121
Object: Hidden Code [Driver: a5bed12rЅఅ瑎獆ର, IRP_MJ_POWER]
Process: System Address: 0x89b2a1f8 Size: 121
Object: Hidden Code [Driver: a5bed12rЅఅ瑎獆ର, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b2a1f8 Size: 121
Object: Hidden Code [Driver: a5bed12rЅఅ瑎獆ର, IRP_MJ_PNP]
Process: System Address: 0x89b2a1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89b381f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89e551f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x89ce81f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x89ce81f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89ce81f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89ce81f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x89ce81f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89ce81f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x89ce81f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89de91f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x895bd1f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x895bd1f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x895bd1f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x895bd1f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x895bd1f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x895bd1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x89cf0500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x89cf0500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89cf0500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89cf0500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x89cf0500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89cf0500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x89cf0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x89596500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_CREATE]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_CLOSE]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_READ]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_CLEANUP]
Process: System Address: 0x8991b500 Size: 121
Object: Hidden Code [Driver: Mup, IRP_MJ_PNP]
Process: System Address: 0x8991b500 Size: 121
Shadow SSDT
-------------------
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba3c9440
#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba3c93b0
#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba3c93f0
#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xba3c9330
==EOF==
Gmer.log
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-07 14:35:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Simon\LOCALS~1\Temp\uxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwClose [0xBA3C98A0]
SSDT spcv.sys ZwCreateKey [0xB9EA80E0]
SSDT spcv.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spcv.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spcv.sys ZwOpenKey [0xB9EA80C0]
SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xBA3C98D0]
SSDT spcv.sys ZwQueryKey [0xB9EC7108]
SSDT spcv.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spcv.sys ZwSetValueKey [0xB9EC719A]
SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xBA3C9980]
SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xBA3C9A20]
SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xBA3C9AC0]
INT 0x62 ? 89DE8BF8
INT 0x63 ? 89DE8BF8
INT 0x73 ? 89DE8BF8
INT 0x73 ? 89DE8BF8
INT 0x73 ? 89DE8BF8
INT 0xA4 ? 89CE9BF8
INT 0xB4 ? 89CE9BF8
Code \??\C:\DOCUME~1\Simon\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? spcv.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B92BB934 5 Bytes JMP 89CE91D8
? System32\Drivers\a5bed12r.SYS The system cannot find the path specified. !
? C:\DOCUME~1\Simon\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b9EA9040] spcv.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b9EA913C] spcv.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b9EA90BE] spcv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b9EA97FC] spcv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b9EA96D2] spcv.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b9EB9048] spcv.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89DE71F8
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
Device \FileSystem\Fastfat \FatCdrom 89967438
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbohci \Device\USBPDO-0 89CE81F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E551F8
Device \Driver\dmio \Device\DmControl\DmConfig 89E551F8
Device \Driver\dmio \Device\DmControl\DmPnP 89E551F8
Device \Driver\dmio \Device\DmControl\DmInfo 89E551F8
Device \Driver\usbehci \Device\USBPDO-1 89CF0500
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 89DE91F8
Device \Driver\Cdrom \Device\CdRom0 89B381F8
Device \Driver\Cdrom \Device\CdRom1 89B381F8
Device \Driver\atapi \Device\Ide\IdePort0 [b9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [b9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [b9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [b9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [b9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [b9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [b9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [b9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 895BD1F8
Device \Driver\NetBT \Device\NetbiosSmb 895BD1F8
Device \Driver\PCI_PNP2594 \Device\0000004d spcv.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{77919B9D-AD1B-4EEF-8615-E359AA46085D} 895BD1F8
Device \Driver\usbohci \Device\USBFDO-0 89CE81F8
Device \Driver\usbehci \Device\USBFDO-1 89CF0500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89596500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89596500
Device \Driver\sptd \Device\3276161344 spcv.sys
Device \Driver\Ftdisk \Device\FtControl 89DE91F8
Device \Driver\a5bed12r \Device\Scsi\a5bed12r1 89B2A1F8
Device \Driver\a5bed12r \Device\Scsi\a5bed12r1Port6Path0Target0Lun0 89B2A1F8
Device \FileSystem\Fastfat \Fat 89967438
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
Device \FileSystem\Cdfs \Cdfs 8991B500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCC 0x9F 0xB3 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCD 0xBE 0xD1 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAD 0x92 0x98 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCC 0x9F 0xB3 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCD 0xBE 0xD1 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAD 0x92 0x98 0xFF ...
---- EOF - GMER 1.0.15 ----
-
Byt inte ut AVG för tillfället för det är alltid risk för att installationen går fel.
Spara ComboFix på Skrivbordet:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.
Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.
VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.
När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.
Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.
Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.
Sådär nu har jag nog lyckats scanna datorn med combofix på rätt sätt, hade lite problem med programmet i början då de hängde sig 3 till 4 gånger.
Här kommer loggen, hoppas den säger dig något. Tack
ComboFix 09-11-05.01 - Simon 2009-11-06 16:45.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2046.1481 [GMT 1:00]
Körs från: c:\documents and settings\Simon\My Documents\Hämtade filer\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Föregående körning -------
.
C:\install.exe
.
(((((((((((((((((((((((( Filer Skapade från 2009-10-06 till 2009-11-06 ))))))))))))))))))))))))))))))
.
2009-11-06 14:05 . 2009-11-06 14:05 -------- d-----w- c:\windows\system32\xircom
2009-11-06 14:05 . 2009-11-06 14:05 -------- d-----w- c:\windows\system32\wbem\snmp
2009-11-06 14:05 . 2009-11-06 14:05 -------- d-----w- c:\program files\microsoft frontpage
2009-11-05 21:18 . 2009-11-05 21:18 152576 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-05 14:25 . 2009-10-21 09:41 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-03 14:49 . 2009-10-21 09:41 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-16 02:15 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-10-16 02:15 . 2009-08-26 08:03 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-10-16 02:14 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-10-13 19:42 . 2009-10-13 19:42 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-13 19:15 . 2009-10-13 19:41 -------- d-----w- c:\program files\LearnWARE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 21:19 . 2009-03-19 15:34 -------- d-----w- c:\program files\Java
2009-11-04 23:09 . 2009-03-12 00:12 -------- d-----w- c:\program files\Steam
2009-11-04 19:31 . 2009-01-26 20:33 38 ----a-w- c:\documents and settings\Simon\jagex_runescape_preferences.dat
2009-11-04 19:10 . 2009-09-02 13:08 63 ----a-w- c:\documents and settings\Simon\jagex_runescape_preferences2.dat
2009-10-27 21:09 . 2009-01-26 19:17 -------- d-----w- c:\documents and settings\Simon\Application Data\uTorrent
2009-10-23 15:50 . 2009-02-07 19:09 -------- d-----w- c:\documents and settings\Simon\Application Data\dvdcss
2009-10-11 03:17 . 2009-01-26 20:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 02:52 . 2009-03-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-29 14:30 . 2009-09-29 14:29 -------- d-----w- c:\program files\SwiftKit
2009-09-29 14:29 . 2009-09-29 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit
2009-09-28 11:58 . 2009-09-25 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-25 21:02 . 2009-09-25 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-25 21:02 . 2009-09-25 21:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-25 21:02 . 2009-09-25 21:02 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-09-25 21:02 . 2009-09-25 21:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-25 21:02 . 2009-09-25 21:02 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-25 21:02 . 2009-09-25 21:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-25 21:00 . 2009-09-25 21:00 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-09-25 21:00 . 2009-09-25 21:00 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-09-25 21:00 . 2009-01-26 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-25 19:44 . 2009-03-01 14:50 -------- d-----w- c:\program files\NOS
2009-09-17 13:47 . 2009-09-17 13:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-14 18:55 . 2009-09-14 18:55 -------- d-----w- c:\documents and settings\Simon\Application Data\Uniblue
2009-09-14 10:58 . 2009-09-14 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-12 13:20 . 2009-04-10 23:56 -------- d-----w- c:\program files\Free Music Zilla
2009-09-11 14:13 . 2009-01-08 19:09 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 10:59 . 2009-03-03 22:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 19:55 . 2009-09-10 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-04 21:03 . 2008-04-14 04:42 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 16:56 . 2009-09-03 16:56 152576 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-02 09:58 . 2009-09-28 11:58 1107200 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-08-29 08:08 . 2008-10-16 19:38 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:03 . 2009-01-08 19:12 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 11:52 . 2009-01-26 19:18 68840 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 14:48 . 2009-08-11 14:48 152576 ----a-w- c:\documents and settings\Simon\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-06_10.50.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-06 14:10 . 2009-11-06 14:10 16384 c:\windows\Temp\Perflib_Perfdata_2e4.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2009-01-26 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-25 21:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BankID Security Application.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^Free Music Zilla.lnk]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Simon\\Desktop\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Steam\\steamapps\\baileys_boy15@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-07-22 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-09-25 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-09-25 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-09-25 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-25 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-09-25 1370488]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-07-22 571912]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-07-19 55152]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-09-25 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2009-07-22 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2009-07-22 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2009-07-22 27232]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2009-07-22 5641736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-09-25 29208]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
--- Övriga tjänster/drivrutiner i minnet ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Innehållet i mappen 'Schemalagda aktiviteter':
2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{5F672323-F82B-4270-B21F-20C416B04789}.job
- c:\windows\system32\msfeedssync.exe [2009-01-08 02:31]
.
.
------- Extra genomsökning -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.google.se
FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Personal\bin\np_prsnl.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICY ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 16:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcv.sys >>UNKNOWN [0x89E09938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
atapi.sys @ 0x0 0x0 bytes
\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9DFCB40 atapi.sys
\Driver\atapi IRP hooks detected !
**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------
- - - - - - - > 'explorer.exe'(220)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Sluttid: 2009-11-06 16:53
ComboFix-quarantined-files.txt 2009-11-06 15:52
Före genomsökningen: 21 507 198 976 bytes free
Efter genomsökningen: 21 471 346 688 bytes free
- - End Of File - - 6CB80DD0A77FF6A9EDC971DAFDCA9C60
-
Rootkit innebär att det är en typ av skadligt program som har förmågan att dölja sig för andra program, vilket gör att den är svår att hitta och ta bort för antivirusprogram och andra liknande program. Sedan vad som sker i datorn, t ex spioneri eller spamskickande, kan variera stort. Många skadliga program, även om de inte är rootkit, ändrar inställningar i Windows för att det ska bli svårare att ta bort dem, t ex kan de stänga av aktivitetshanteraren.
Gick det att markera rootkit-skanningen igen?
Aha låter inte kul, det måste bort med andra ord. Jo det gick att markera "scan for rootkits" igen så inga problem där. Här är hela loggen för scanningen (ganska lång). AVG:n fann en massa "warnings" och en "rootkit" men den lyckades inte ta bort rootkiten som sagt eftersom den (som du sa) gömmer sig i något system sk "hidden driver". (inte uppdaterat AVG:n till ver.9 än, men fullt uppdaterad ver.8) Har även hittat en tidigare printscreen av min förra scanning där man ser mer detaljerad info om rootkiten. "C:\WINDOWS\SYSTEM32\Drivers\avw3tpy3.SYS" så heter den nu, men i förra scanningen hette den "C:\WINDOWS\SYSTEM32\Drivers\amb2d7rq.SYS" Tack!
"Scan ""Scan whole computer"" was finished."
"Rootkits";"1";"0";"1"
"Warnings";"31"
"Information";"94"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"den 5 november 2009, 15:30:37"
"Scan finished:";"den 5 november 2009, 16:52:51 (1 hour(s) 22 minute(s) 14 second(s))"
"Total object scanned:";"405720"
"User who launched the scan:";"kemsi"
"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Simon\Cookies\simon@atdmt[2].txt:\atdmt.com.9e6d7fd3";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Simon\Cookies\simon@atdmt[2].txt:\atdmt.com.74c5668";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Simon\Cookies\simon@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\ivwbox.de.41d82fe2";"Found Tracking cookie.Ivwbox";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\revsci.net.3c8e1d5b";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\adbrite.com.e1f04284";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\adbrite.com.775ee79c";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite:\2o7.net.706680ba";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\07lsd12p.default\cookies.sqlite";"Found Tracking cookie.2o7";"Potentially dangerous object"
"Rootkits"
"File";"Infection";"Result"
"C:\WINDOWS\System32\Drivers\avw3tpy3.SYS";"Hidden driver";"Object is hidden"
"Information"
"File";"Infection";"Result"
"C:\WINDOWS\system32\drivers\sptd.sys";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\SoftwareDistribution\Download\99aa722de62f08eaf0a08e358055eff7\MAINSP3ff.cab:\MAINSP3ff.msp:\PCW_CAB_H6000_1:\EUROTOOL.XLA";"Contains macros";""
"C:\WINDOWS\SoftwareDistribution\Download\99aa722de62f08eaf0a08e358055eff7\MAINSP3ff.cab:\MAINSP3ff.msp:\PCW_CAB_H6000_1";"Contains macros";""
"C:\WINDOWS\SoftwareDistribution\Download\99aa722de62f08eaf0a08e358055eff7\MAINSP3ff.cab:\MAINSP3ff.msp";"Contains macros";""
"C:\WINDOWS\SoftwareDistribution\Download\99aa722de62f08eaf0a08e358055eff7\MAINSP3ff.cab";"Contains macros";""
"C:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Program Files\Microsoft Office\Templates\1053\Thesis.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\PROFMLTR.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\PROFMFAX.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\PROFMADR.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Professional Resume.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Professional Report.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Professional Letter.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Professional Fax.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\MERGELTR.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Manual.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\ELEGMLTR.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\ELEGMFAX.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\ELEGMADR.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Elegant Resume.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Elegant Report.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Elegant Memo.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Elegant Letter.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Elegant Fax.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Directory.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\CONTMLTR.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\CONTMFAX.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\CONTMADR.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Contemporary Resume.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Contemporary Report.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Contemporary Memo.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Contemporary Letter.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Contemporary Fax.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Templates\1053\Brochure.dot";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Samples\SOLVSAMP.XLS";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Samples\SAMPLES.XLS";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Samples\Northwind.mdb:\embedded.doc";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Samples\Northwind.mdb";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Makrobib\SUMIF.XLA";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Makrobib\Solver\SOLVER.XLA";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Makrobib\LOOKUP.XLA";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Makrobib\HTML.XLA";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Makrobib\EUROTOOL.XLA";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Makrobib\Analys\PROCDB.XLA";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Makrobib\Analys\FUNCRES.XLA";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Makrobib\Analys\ATPVBASV.XLA";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Makrobib\Analys\ATPVBAEN.XLA";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\Macros\SUPPORT.DOT";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\1053\XL8GALRY.XLS";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\1053\FPNWIND.MDB:\embedded.doc";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\1053\FPNWIND.MDB";"Contains macros";""
"C:\Program Files\Microsoft Office\Office10\1053\EXPTOOWS.XLA";"Contains macros";""
"C:\Program Files\AVG\AVG8\IdentityProtection\agent\config\userList.zip";"Password-protected";""
"C:\Program Files\AVG\AVG8\IdentityProtection\agent\config\quarantinedList.zip";"Password-protected";""
"C:\Program Files\AVG\AVG8\IdentityProtection\agent\config\internalList.zip";"Password-protected";""
"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Simon\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Simon\My Documents\Downloads\ORK\ORK.CAB:\WWSUPPT.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\My Documents\Downloads\ORK\ORK.CAB:\REGKEY.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\My Documents\Downloads\ORK\ORK.CAB:\PRESBROD.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\My Documents\Downloads\ORK\ORK.CAB:\FILELIST.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\My Documents\Downloads\ORK\ORK.CAB:\ERRORMSG.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\My Documents\Downloads\ORK\ORK.CAB:\CLEANER.XLA";"Contains macros";""
"C:\Documents and Settings\Simon\My Documents\Downloads\ORK\ORK.CAB:\ASPSCRPT.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\My Documents\Downloads\ORK\ORK.CAB";"Contains macros";""
"C:\Documents and Settings\Simon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Simon\Desktop\DC++\ORK\ORK.CAB:\WWSUPPT.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\ORK\ORK.CAB:\REGKEY.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\ORK\ORK.CAB:\PRESBROD.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\ORK\ORK.CAB:\FILELIST.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\ORK\ORK.CAB:\ERRORMSG.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\ORK\ORK.CAB:\CLEANER.XLA";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\ORK\ORK.CAB:\ASPSCRPT.XLS";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\ORK\ORK.CAB";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\New Folder\Excel.en-us\ExcelLR.cab:\SUMIF.XLAM_1033";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\New Folder\Excel.en-us\ExcelLR.cab:\SOLVSAMP.XLS_1033";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\New Folder\Excel.en-us\ExcelLR.cab:\SOLVER.XLAM_1033";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\New Folder\Excel.en-us\ExcelLR.cab:\PROCDB.XLAM_1033";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\New Folder\Excel.en-us\ExcelLR.cab:\LOOKUP.XLAM_1033";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\New Folder\Excel.en-us\ExcelLR.cab:\FUNCRES.XLAM_1033";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\New Folder\Excel.en-us\ExcelLR.cab:\ATPVBAEN.XLAM_1033";"Contains macros";""
"C:\Documents and Settings\Simon\Desktop\DC++\New Folder\Excel.en-us\ExcelLR.cab";"Contains macros";""
"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{70ADDA88-7F88-46A1-A9C4-5BD9EA9934A1}\AVGIDP_setup.msi:\Data1.cab:\internallist.zip";"Password-protected";""
"C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{70ADDA88-7F88-46A1-A9C4-5BD9EA9934A1}\AVGIDP_setup.msi:\Data1.cab";"Password-protected";""
"C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{70ADDA88-7F88-46A1-A9C4-5BD9EA9934A1}\AVGIDP_setup.msi";"Password-protected";""
AVG kunde inte ta bort detta
i Borttagning av virus och andra skadliga program
Postad
Sådär nu bifogade jag OTL.txt loggen samt attach.txt och klistrar in DDS.txt så får vi så
p.s min dator har blivit snabb igen
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Simton at 12:14:25 on 2013-01-25
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.8173.6617 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid=&mid=821bc1623aed47d1a11e252442820c5c-5fac207aa663fd8407d9712e9a06ae5c957f71ed〈=us&ds=AVG&pr=fr&d=&pid=avg&sg=&v=&sap=hp
mWinlogon: Userinit = userinit.exe
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Simton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.8.31.209 79.138.0.180
TCP: Interfaces\{7BE3653C-FFA6-4078-A512-1393FFD7B9FD} : DHCPNameServer = 85.8.31.209 79.138.0.180
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Simton\AppData\Roaming\Mozilla\Firefox\Profiles\wiiym6vl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid=&mid=821bc1623aed47d1a11e252442820c5c-5fac207aa663fd8407d9712e9a06ae5c957f71ed〈=us&ds=AVG&pr=fr&d=&pid=avg&sg=&v=&sap=hp
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-1 13592]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-1 539240]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2011-11-15 50176]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
.
=============== Created Last 30 ================
.
2013-01-24 18:35:17 -------- d-----w- C:\_OTL
2013-01-13 13:25:28 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2013-01-08 23:11:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-01-08 23:11:36 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-30 21:16:04 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-09 20:41:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-11-15 22:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-09-09 21:30:38 293776 ----a-w- C:\Program Files (x86)\iTunesOutlookAddIn.dll
2012-09-09 21:30:34 421776 ----a-w- C:\Program Files (x86)\iTunesHelper.exe
2012-09-09 21:30:34 403344 ----a-w- C:\Program Files (x86)\iTunesAdmin.dll
2012-09-09 21:30:34 156560 ----a-w- C:\Program Files (x86)\iTunesHelper.dll
2012-09-09 21:30:28 9777040 ----a-w- C:\Program Files (x86)\iTunes.exe
2012-09-09 21:30:24 21131152 ----a-w- C:\Program Files (x86)\iTunes.dll
2012-09-09 21:30:22 776216 ----a-w- C:\Program Files (x86)\gnsdk_sdkmanager.dll
2012-09-09 21:30:22 3008536 ----a-w- C:\Program Files (x86)\gnsdk_dsp.dll
2012-09-09 21:30:22 262680 ----a-w- C:\Program Files (x86)\gnsdk_submit.dll
2012-09-09 21:30:22 219672 ----a-w- C:\Program Files (x86)\gnsdk_musicid.dll
2012-08-08 17:15:32 112528 ----a-w- C:\Program Files (x86)\ITDetector.ocx
.
============= FINISH: 12:14:30,43 ===============
attach.txt
1OTL.Txt