flaggis Posted May 22, 2010 Share Posted May 22, 2010 Hej, jag har sökt på både detta forum och på många andra men kan inte hitta en lösning som funkar till mitt problem. Jag märkte häromdan att min dator började lagga något så fruktansvärt och gick in i aktivitetshanteraren, där ser jag att Cpu usage låg på 100% och att boven var 'explorer' som låg på över 1 500 000k och tog upp all cpu, nä jag stängde av explorer låg usaget på 4-6 procent. många har föreslagit att stänga ner onödiga processer och liknande, jag har även sökt nya uppdateringar för drivrutiner, defragmenterat, rensat onödiga filer och processer, sökt igenom datorn efter virus, specialsökt explorer filerna med ett antal scanningprogram, testat att byta ut explorer.exe. Inget av detta har hjälpt och jag hoppas jag kan få hjälp här. datorn fungerar som sagt utmärkt utan explorer och jag använder för närvarande aktivitetshanteraren för att starta program -.-' Jag har: Microsoft Windows XP professional service pack 3 Acer Aspire T120 Tack på förhand. behöver ni veta mer är det bara att fråga. Quote Link to comment Share on other sites More sharing options...
Cecilia Posted May 22, 2010 Share Posted May 22, 2010 (edited) Vi kan se om DDS visar något särskilt. Spara DDS på Skrivbordet. http://download.bleepingcomputer.com/sUBs/dds.scr Starta programmet genom att dubbelklicka på det. Tryck Yes/Ja om frågan om Optional Scan dyker upp. I ditt svar klistrar du in loggen DSS.txt. Vad har du använt för program för att leta efter virus och liknande? Har något hittats? Edited May 22, 2010 by Cecilia Quote Link to comment Share on other sites More sharing options...
flaggis Posted May 22, 2010 Author Share Posted May 22, 2010 (edited) Jag använde Virustotal.com för de specifika filerna och för datorscannen Vga Inget hittades. DDS (Ver_10-03-17.01) - NTFSx86 Run by Erik at 18:45:40,45 on 2010-05-22 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1471.728 [GMT 2:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Personal\bin\Personal.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\Program Files\Opera\opera.exe C:\Program Files\RelevantKnowledge\rlvknlg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Erik\Local Settings\Application Data\Opera\Opera\temporary_downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll mASetup: {D1DCBBF9-254C-0B56-30E2-D255C092601D} - c:\windows\microsoft\svchost.exe s ============= SERVICES / DRIVERS =============== R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336] S3 PAC207;Webcam 1200;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\PFC027.SYS [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368] =============== Created Last 30 ================ 2010-05-21 18:34:22 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~3 2010-05-21 18:31:02 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~2 2010-05-21 18:29:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-05-21 18:29:40 76304 ----a-w- c:\windows\KHALMNPR.Exe 2010-05-21 18:29:40 37008 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2010-05-21 18:29:40 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2010-05-21 18:29:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2010-05-21 18:29:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-05-21 18:28:24 29072 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2010-05-21 18:28:24 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2010-05-21 18:04:56 0 d-----w- c:\program files\Uniblue 2010-05-21 18:03:19 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~1 2010-05-21 18:02:44 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~0 2010-05-14 17:29:31 0 d-----w- c:\program files\DX-Ball 2010-05-10 23:18:53 0 d-----w- c:\program files\CCleaner 2010-05-10 22:57:41 0 d-----w- C:\symbols 2010-05-08 08:29:27 0 d-----w- c:\docume~1\erik\applic~1\Canneverbe Limited 2010-05-08 08:29:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited 2010-05-08 08:29:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys ==================== Find3M ==================== 2010-05-22 13:16:02 24637 ----a-w- c:\docume~1\erik\applic~1\addon.dat 2010-04-18 18:58:01 132829955 ----a-w- C:\MedianXL_v1F9b.zip 2010-04-05 13:00:28 69895 ----a-w- c:\windows\DIIUnin.dat 2010-04-05 12:36:53 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-04-05 12:36:53 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-04-05 12:36:52 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-04-05 12:18:23 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-05 12:18:23 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-02 11:03:23 3912204 ----a-w- c:\program files\Patch_D2.mpq 2010-03-14 16:05:46 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll ============= FINISH: 18:46:01,37 =============== Edited May 22, 2010 by flaggis Quote Link to comment Share on other sites More sharing options...
Cecilia Posted May 22, 2010 Share Posted May 22, 2010 Du skulle behöva ett ordentligt antivirusprogram och ett bra antispionprogram så att du har färre skadliga filer i datorn. Börja med att avinstallera C:\Program Files\RelevantKnowledge det där räknas som ett olämpligt program att ha. Se t ex folks åsikter på http://www.mywot.com/sv/scorecard/relevantknowledge.com Ladda ner Malwarebytes Anti-Malware (MBAM) från: http://www.malwarebytes.org/mbam.php Dubbelklicka på mbam-setup för att installera programmet. Se till i slutet av installationen att det är bockar för: Uppdatera Malwarebytes' Anti-Malware Starta Malwarebytes' Anti-Malware Tryck på Slutför Om det finns någon uppdatering så kommer den att laddas ner och installeras. När programmet startar så välj "Utför snabb skanning" och tryck på Skanna. Skanningen tar ett tag. När den är klar så tryck på OK och sedan "Visa resultat". Bocka för allt och tryck sedan Ta bort markerade. När borttagningen är klar så öppnar Anteckningar med en logg. Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det. Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång. Om programmet inte kommer igång efter omstarten så starta det. Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM. Kopiera loggen och klistra in den i ditt svar tillsammans med en ny DDS-logg. Quote Link to comment Share on other sites More sharing options...
flaggis Posted May 22, 2010 Author Share Posted May 22, 2010 Sådär: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4131 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2010-05-22 20:33:21 mbam-log-2010-05-22 (20-33-21).txt Scan type: Quick scan Objects scanned: 112124 Time elapsed: 7 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot. Files Infected: C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Documents and Settings\Erik\Application Data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully. DDS (Ver_10-03-17.01) - NTFSx86 Run by Erik at 20:43:28,73 on 2010-05-22 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1471.930 [GMT 2:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Personal\bin\Personal.exe C:\Program Files\Hamachi\hamachi.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Erik\Local Settings\Application Data\Opera\Opera\temporary_downloads\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab mASetup: {D1DCBBF9-254C-0B56-30E2-D255C092601D} - c:\windows\microsoft\svchost.exe s ============= SERVICES / DRIVERS =============== R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336] S3 PAC207;Webcam 1200;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\PFC027.SYS [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368] =============== Created Last 30 ================ 2010-05-22 18:24:19 0 d-----w- c:\docume~1\erik\applic~1\Malwarebytes 2010-05-22 18:24:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-22 18:24:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-22 18:24:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-22 18:24:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-21 18:29:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-05-21 18:29:40 76304 ----a-w- c:\windows\KHALMNPR.Exe 2010-05-21 18:29:40 37008 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2010-05-21 18:29:40 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2010-05-21 18:29:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2010-05-21 18:29:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-05-21 18:28:24 29072 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2010-05-21 18:28:24 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2010-05-21 18:04:56 0 d-----w- c:\program files\Uniblue 2010-05-14 17:29:31 0 d-----w- c:\program files\DX-Ball 2010-05-10 23:18:53 0 d-----w- c:\program files\CCleaner 2010-05-10 22:57:41 0 d-----w- C:\symbols 2010-05-08 08:29:27 0 d-----w- c:\docume~1\erik\applic~1\Canneverbe Limited 2010-05-08 08:29:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited 2010-05-08 08:29:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys ==================== Find3M ==================== 2010-04-18 18:58:01 132829955 ----a-w- C:\MedianXL_v1F9b.zip 2010-04-05 13:00:28 69895 ----a-w- c:\windows\DIIUnin.dat 2010-04-05 12:36:53 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-04-05 12:36:53 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-04-05 12:36:52 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-04-05 12:18:23 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-05 12:18:23 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-02 11:03:23 3912204 ----a-w- c:\program files\Patch_D2.mpq 2010-03-14 16:05:46 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll ============= FINISH: 20:43:43,90 =============== Quote Link to comment Share on other sites More sharing options...
Cecilia Posted May 22, 2010 Share Posted May 22, 2010 På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här. c:\windows\microsoft\svchost.exe Quote Link to comment Share on other sites More sharing options...
flaggis Posted May 22, 2010 Author Share Posted May 22, 2010 Oj fan.. Quote Link to comment Share on other sites More sharing options...
Cecilia Posted May 22, 2010 Share Posted May 22, 2010 Installera gratis Avira Antivir antivirus och sök igenom datorn med det. Klistra in loggen och en ny DDS-logg. Quote Link to comment Share on other sites More sharing options...
flaggis Posted May 22, 2010 Author Share Posted May 22, 2010 Avira AntiVir Personal Report file date: den 23 maj 2010 00:51 Scanning for 2148185 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : Erik Computer name : TEZZERETSCITADE Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 2010-04-19 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 2010-04-01 11:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 2010-04-01 11:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 2010-03-07 17:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2010-02-10 22:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 2009-11-19 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 2010-01-20 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 2010-01-26 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 2010-03-05 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 2010-04-15 22:49:33 VBASE006.VDF : 7.10.6.83 2048 Bytes 2010-04-15 22:49:33 VBASE007.VDF : 7.10.6.84 2048 Bytes 2010-04-15 22:49:33 VBASE008.VDF : 7.10.6.85 2048 Bytes 2010-04-15 22:49:33 VBASE009.VDF : 7.10.6.86 2048 Bytes 2010-04-15 22:49:33 VBASE010.VDF : 7.10.6.87 2048 Bytes 2010-04-15 22:49:33 VBASE011.VDF : 7.10.6.88 2048 Bytes 2010-04-15 22:49:33 VBASE012.VDF : 7.10.6.89 2048 Bytes 2010-04-15 22:49:33 VBASE013.VDF : 7.10.6.90 2048 Bytes 2010-04-15 22:49:33 VBASE014.VDF : 7.10.6.123 126464 Bytes 2010-04-19 22:49:33 VBASE015.VDF : 7.10.6.152 123392 Bytes 2010-04-21 22:49:34 VBASE016.VDF : 7.10.6.178 122880 Bytes 2010-04-22 22:49:34 VBASE017.VDF : 7.10.6.206 120320 Bytes 2010-04-26 22:49:34 VBASE018.VDF : 7.10.6.232 99328 Bytes 2010-04-28 22:49:34 VBASE019.VDF : 7.10.7.2 155648 Bytes 2010-04-30 22:49:35 VBASE020.VDF : 7.10.7.26 119808 Bytes 2010-05-04 22:49:35 VBASE021.VDF : 7.10.7.51 118272 Bytes 2010-05-06 22:49:35 VBASE022.VDF : 7.10.7.75 404992 Bytes 2010-05-10 22:49:36 VBASE023.VDF : 7.10.7.100 125440 Bytes 2010-05-13 22:49:36 VBASE024.VDF : 7.10.7.119 177664 Bytes 2010-05-17 22:49:36 VBASE025.VDF : 7.10.7.139 129024 Bytes 2010-05-19 22:49:36 VBASE026.VDF : 7.10.7.140 2048 Bytes 2010-05-19 22:49:36 VBASE027.VDF : 7.10.7.141 2048 Bytes 2010-05-19 22:49:36 VBASE028.VDF : 7.10.7.142 2048 Bytes 2010-05-19 22:49:37 VBASE029.VDF : 7.10.7.143 2048 Bytes 2010-05-19 22:49:37 VBASE030.VDF : 7.10.7.144 2048 Bytes 2010-05-19 22:49:37 VBASE031.VDF : 7.10.7.155 155648 Bytes 2010-05-21 22:49:37 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 2010-05-22 22:49:41 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 2010-05-22 22:49:41 AESCN.DLL : 8.1.6.1 127347 Bytes 2010-05-22 22:49:41 AESBX.DLL : 8.1.3.1 254324 Bytes 2010-05-22 22:49:42 AERDL.DLL : 8.1.4.6 541043 Bytes 2010-05-22 22:49:40 AEPACK.DLL : 8.2.1.1 426358 Bytes 2010-03-19 11:34:51 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 2010-05-22 22:49:40 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 2010-05-22 22:49:40 AEHELP.DLL : 8.1.11.3 242039 Bytes 2010-04-01 15:05:25 AEGEN.DLL : 8.1.3.9 377203 Bytes 2010-05-22 22:49:38 AEEMU.DLL : 8.1.2.0 393588 Bytes 2010-05-22 22:49:38 AECORE.DLL : 8.1.15.3 192886 Bytes 2010-05-22 22:49:38 AEBB.DLL : 8.1.1.0 53618 Bytes 2010-05-22 22:49:37 AVWINLL.DLL : 10.0.0.0 19304 Bytes 2010-01-14 11:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 2010-01-14 11:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2010-02-18 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 2010-04-01 11:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 2010-04-01 11:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 2010-04-01 11:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2010-01-26 08:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 2010-01-28 11:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 2010-03-16 14:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2010-02-19 13:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 2010-01-28 12:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 2010-04-09 13:14:29 Configuration settings for the scan: Jobname.............................: Short system scan after installation Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: Intelligent file selection Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: den 23 maj 2010 00:51 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avconfig.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'setup.exe' - '1' Module(s) have been scanned Scan process 'presetup.exe' - '1' Module(s) have been scanned Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'RegistryHelper.exe' - '1' Module(s) have been scanned Scan process 'RegistryHelperService.exe' - '1' Module(s) have been scanned Scan process 'mplayerc.exe' - '1' Module(s) have been scanned Scan process 'Game.exe' - '1' Module(s) have been scanned Scan process 'taskmgr.exe' - '1' Module(s) have been scanned Scan process 'opera.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'hamachi.exe' - '1' Module(s) have been scanned Scan process 'Personal.exe' - '1' Module(s) have been scanned Scan process 'uTorrent.exe' - '1' Module(s) have been scanned Scan process 'DTLite.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'hamachi-2-ui.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned Scan process 'hamachi-2.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Starting to scan executable files (registry). C:\WINDOWS\Microsoft\svchost.exe [DETECTION] Is the TR/Dropper.Gen Trojan --> Object [DETECTION] Is the TR/Dropper.Gen Trojan The registry was scanned ( '366' files ). Beginning disinfection: C:\WINDOWS\Microsoft\svchost.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{D1DCBBF9-254C-0B56-30E2-D255C092601D}\StubPath> was removed successfully. [NOTE] The file was moved to the quarantine directory under the name '442ec405.qua'. End of the scan: den 23 maj 2010 00:52 Used time: 01:00 Minute(s) The scan has been done completely. 0 Scanned directories 842 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 841 Files not concerned 3 Archives were scanned 0 Warnings 1 Notes DDS (Ver_10-03-17.01) - NTFSx86 Run by Erik at 0:53:12,18 on 2010-05-23 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1471.741 [GMT 2:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Personal\bin\Personal.exe C:\Program Files\Hamachi\hamachi.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Diablo II 1.13\Game.exe C:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe C:\Program Files\Registry Helper\RegistryHelperService.exe C:\Program Files\Registry Helper\RegistryHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\msdtc.exe C:\Documents and Settings\Erik\Local Settings\Application Data\Opera\Opera\temporary_downloads\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [Registry Helper] "c:\program files\registry helper\RegistryHelper.Exe" /boot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab mASetup: {D1DCBBF9-254C-0B56-30E2-D255C092601D} - c:\windows\microsoft\svchost.exe s ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-23 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-23 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-23 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-23 60936] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336] R2 Registry Helper Service;Registry Helper Service;c:\program files\registry helper\RegistryHelperService.exe [2010-5-19 83328] S3 PAC207;Webcam 1200;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\PFC027.SYS [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368] =============== Created Last 30 ================ 2010-05-22 22:51:38 0 d-----w- c:\windows\system32\NtmsData 2010-05-22 22:45:13 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-22 22:45:12 0 d-----w- c:\program files\Avira 2010-05-22 22:45:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-05-22 22:39:47 24637 ----a-w- c:\docume~1\erik\applic~1\addon.dat 2010-05-22 22:37:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Registry Helper 2010-05-22 22:37:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Computer Updater 2010-05-22 22:37:21 0 d-----w- c:\program files\Registry Helper 2010-05-22 22:35:42 0 d-----w- c:\program files\Computer Updater 2010-05-22 18:24:19 0 d-----w- c:\docume~1\erik\applic~1\Malwarebytes 2010-05-22 18:24:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-22 18:24:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-22 18:24:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-22 18:24:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-21 18:29:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-05-21 18:29:40 76304 ----a-w- c:\windows\KHALMNPR.Exe 2010-05-21 18:29:40 37008 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2010-05-21 18:29:40 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2010-05-21 18:29:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2010-05-21 18:29:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-05-21 18:28:24 29072 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2010-05-21 18:28:24 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2010-05-21 18:04:56 0 d-----w- c:\program files\Uniblue 2010-05-19 18:07:34 69632 ----a-w- c:\windows\system32\CUUpdateComponent.ocx 2010-05-19 18:07:34 135168 ----a-w- c:\windows\system32\SafeAppRichList.ocx 2010-05-19 18:07:32 421888 ----a-w- c:\windows\system32\ComputerUpdaterLM.ocx 2010-05-19 18:01:46 389120 ----a-w- c:\windows\system32\DiskCleanerLM.ocx 2010-05-19 17:58:34 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx 2010-05-14 17:29:31 0 d-----w- c:\program files\DX-Ball 2010-05-10 23:18:53 0 d-----w- c:\program files\CCleaner 2010-05-10 22:57:41 0 d-----w- C:\symbols 2010-05-08 08:29:27 0 d-----w- c:\docume~1\erik\applic~1\Canneverbe Limited 2010-05-08 08:29:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited 2010-05-08 08:29:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys ==================== Find3M ==================== 2010-04-18 18:58:01 132829955 ----a-w- C:\MedianXL_v1F9b.zip 2010-04-05 13:00:28 69895 ----a-w- c:\windows\DIIUnin.dat 2010-04-05 12:36:53 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-04-05 12:36:53 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-04-05 12:36:52 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-04-05 12:18:23 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-05 12:18:23 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-02 11:03:23 3912204 ----a-w- c:\program files\Patch_D2.mpq 2010-03-14 16:05:46 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll ============= FINISH: 0:53:37,25 =============== Quote Link to comment Share on other sites More sharing options...
Cecilia Posted May 22, 2010 Share Posted May 22, 2010 Avinstallera de onödiga registerstädningsprogrammen: 2010-05-22 22:37:21 0 d-----w- c:\program files\Registry Helper 2010-05-22 22:35:42 0 d-----w- c:\program files\Computer Updater uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S CCleaner räcker bra och det ska inte bli mer röra än nödvändigt i datorn nu. Framför allt när du installerar sådant som är mer eller mindre skadligt, se till exempel åsikterna på http://www.mywot.com/sv/scorecard/reghelper.com Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på. Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html Kör ComboFix och följ anvisningarna som visas. Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja. VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig. När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet. Om du får problem med att komma ut på internet: Kontrollpanelen - Nätverksanslutningar högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn. Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix. Quote Link to comment Share on other sites More sharing options...
flaggis Posted May 23, 2010 Author Share Posted May 23, 2010 Hejsan wall of text -.-' iaf, var tvungen att sova lite därimellan ComboFix 10-05-22.01 - Erik 2010-05-23 12:32:47.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1471.1127 [GMT 2:00] Körs från: c:\documents and settings\Erik\Local Settings\Application Data\Opera\Opera\temporary_downloads\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Erik\Application Data\addon.dat c:\windows\explorer.exe.tmp c:\windows\MICROSOFT c:\windows\MICROSOFT\klog.dat c:\windows\system32\E599C61129.dll . (((((((((((((((((((((((( Filer Skapade från 2010-04-23 till 2010-05-23 )))))))))))))))))))))))))))))) . 2010-05-22 22:51 . 2010-05-22 22:52 -------- d-----w- c:\windows\system32\NtmsData 2010-05-22 22:45 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-22 22:45 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-22 22:45 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-22 22:45 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-22 22:45 . 2010-05-22 22:45 -------- d-----w- c:\program files\Avira 2010-05-22 22:45 . 2010-05-22 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Registry Helper 2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Computer Updater 2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\program files\Registry Helper 2010-05-22 18:24 . 2010-05-22 18:24 -------- d-----w- c:\documents and settings\Erik\Application Data\Malwarebytes 2010-05-22 18:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-22 18:24 . 2010-05-22 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-22 18:24 . 2010-05-22 18:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 18:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-21 18:36 . 2010-05-21 18:44 80032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-05-21 18:29 . 2008-02-29 09:12 37008 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2010-05-21 18:29 . 2008-02-29 09:12 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2010-05-21 18:29 . 2008-02-29 09:12 76304 ----a-w- c:\windows\KHALMNPR.Exe 2010-05-21 18:28 . 2008-02-29 10:00 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2010-05-21 18:28 . 2008-02-29 09:12 29072 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2010-05-21 18:05 . 2010-05-21 18:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-21 18:04 . 2010-05-21 18:49 -------- d-----w- c:\program files\Uniblue 2010-05-14 17:29 . 2010-05-14 17:29 -------- d-----w- c:\program files\DX-Ball 2010-05-10 23:18 . 2010-05-10 23:19 -------- d-----w- c:\program files\CCleaner 2010-05-10 22:57 . 2010-05-10 22:57 -------- d-----w- C:\symbols 2010-05-08 08:29 . 2010-05-08 08:29 -------- d-----w- c:\documents and settings\Erik\Application Data\Canneverbe Limited 2010-05-08 08:29 . 2010-05-08 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2010-05-08 08:29 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-05-08 08:29 . 2010-05-08 08:29 -------- d-----w- c:\program files\CDBurnerXP . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-23 00:02 . 2010-01-04 12:59 -------- d-----w- c:\documents and settings\Erik\Application Data\uTorrent 2010-05-22 22:36 . 2010-01-04 11:17 -------- d-----w- c:\documents and settings\Erik\Application Data\Hamachi 2010-05-22 18:48 . 2010-01-06 15:37 -------- d-----w- c:\program files\Diablo II 1.13 2010-05-22 09:01 . 2010-01-04 13:02 -------- d-----w- c:\program files\uTorrent 2010-05-21 18:49 . 2010-01-05 06:13 -------- d-----w- c:\documents and settings\Erik\Application Data\Uniblue 2010-05-21 18:49 . 2010-01-05 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2010-05-21 18:45 . 2010-01-04 19:12 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-21 18:29 . 2010-05-21 18:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-05-21 18:29 . 2010-05-21 18:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2010-05-21 18:29 . 2010-05-21 18:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-05-10 19:12 . 2010-01-04 13:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-10 19:09 . 2010-02-01 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-05-10 19:09 . 2010-01-04 11:37 -------- d-----w- c:\program files\Samurize 2010-05-10 19:08 . 2010-01-04 12:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-05-08 08:29 . 2010-01-04 12:55 23000 ----a-w- c:\documents and settings\Erik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-06 18:23 . 2010-04-05 12:17 -------- d-----w- c:\program files\Diablo II 2010-05-05 20:06 . 2010-01-04 11:37 -------- d-----w- c:\program files\Opera 2010-04-18 18:58 . 2010-04-18 18:49 132829955 ----a-w- C:\MedianXL_v1F9b.zip 2010-04-16 20:48 . 2010-04-16 20:47 -------- d-----w- c:\documents and settings\Erik\Application Data\Magic Set Editor 2010-04-16 20:47 . 2010-04-16 20:47 -------- d-----w- c:\program files\Magic Set Editor 2 2010-04-16 18:15 . 2010-04-13 20:20 -------- d-----w- c:\program files\StarCraft 2010-04-13 20:35 . 2010-04-13 20:20 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-04-05 13:00 . 2010-01-06 15:39 69895 ----a-w- c:\windows\DIIUnin.dat 2010-04-05 12:36 . 2010-01-04 11:06 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-04-05 12:36 . 2010-01-04 11:06 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-04-05 12:36 . 2010-01-04 11:06 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-04-05 12:18 . 2010-01-06 15:39 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-05 12:18 . 2010-01-06 15:39 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-02 11:03 . 2010-01-06 15:50 3912204 ----a-w- c:\program files\Patch_D2.mpq 2010-03-30 14:41 . 2010-03-30 14:41 -------- d-----w- c:\program files\LogMeIn Hamachi 2010-03-14 16:06 . 2010-03-14 16:06 503808 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4246ec20-n\msvcp71.dll 2010-03-14 16:06 . 2010-03-14 16:06 348160 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4246ec20-n\msvcr71.dll 2010-03-14 16:06 . 2010-03-14 16:06 499712 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4246ec20-n\jmc.dll 2010-03-14 16:06 . 2010-03-14 16:06 61440 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20dae6a8-n\decora-sse.dll 2010-03-14 16:06 . 2010-03-14 16:06 12800 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20dae6a8-n\decora-d3d.dll 2010-03-14 16:05 . 2010-03-14 16:05 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:15 . 2008-04-14 04:42 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 14:05 . 2010-03-09 14:05 0 ----a-w- c:\windows\nsreg.dat 2010-02-25 06:24 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2008-04-13 23:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-22 322352] "Registry Helper"="c:\program files\Registry Helper\RegistryHelper.Exe" [2010-05-19 5862768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BankID Security Application.lnk - c:\program files\Personal\bin\Personal.exe [2010-1-4 939920] hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2010-1-7 597544] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8375:TCP"= 8375:TCP:League of Legends Launcher "8375:UDP"= 8375:UDP:League of Legends Launcher R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-05-23 135336] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336] R2 Registry Helper Service;Registry Helper Service;c:\program files\Registry Helper\RegistryHelperService.exe [2010-05-19 83328] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-04 691696] S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\MSI\PC Alert 4\NTGLM7X.sys --> c:\program files\MSI\PC Alert 4\NTGLM7X.sys [?] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-09-23 42368] --- Övriga tjänster/drivrutiner i minnet --- *NewlyCreated* - SSMDRV . Innehållet i mappen 'Schemalagda aktiviteter': . . ------- Extra genomsökning ------- . uStart Page = about:blank Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe ActiveSetup-{D1DCBBF9-254C-0B56-30E2-D255C092601D} - c:\windows\Microsoft\svchost.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-23 12:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Sluttid: 2010-05-23 12:37:13 ComboFix-quarantined-files.txt 2010-05-23 10:37 Före genomsökningen: 4 606 656 512 bytes free Efter genomsökningen: 4 646 965 248 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 81B11D2310B89BD59F901EFD1489E204 DDS (Ver_10-03-17.01) - NTFSx86 Run by Erik at 12:44:02,93 on 2010-05-23 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1471.1036 [GMT 2:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\DOCUME~1\Erik\LOCALS~1\Temp\~nsu.tmp\Au_.exe C:\Documents and Settings\Erik\Local Settings\Application Data\Opera\Opera\temporary_downloads\dds (1).scr ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-23 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-23 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-23 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-23 60936] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336] S3 PAC207;Webcam 1200;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\PFC027.SYS [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368] =============== Created Last 30 ================ 2010-05-23 10:32:12 0 d-sha-r- C:\cmdcons 2010-05-23 00:05:28 98816 ----a-w- c:\windows\sed.exe 2010-05-23 00:05:28 77312 ----a-w- c:\windows\MBR.exe 2010-05-23 00:05:28 256512 ----a-w- c:\windows\PEV.exe 2010-05-23 00:05:28 161792 ----a-w- c:\windows\SWREG.exe 2010-05-22 22:51:38 0 d-----w- c:\windows\system32\NtmsData 2010-05-22 22:45:13 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-22 22:45:12 0 d-----w- c:\program files\Avira 2010-05-22 22:45:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-05-22 22:37:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Computer Updater 2010-05-22 18:24:19 0 d-----w- c:\docume~1\erik\applic~1\Malwarebytes 2010-05-22 18:24:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-22 18:24:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-22 18:24:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-22 18:24:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-21 18:29:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-05-21 18:29:40 76304 ----a-w- c:\windows\KHALMNPR.Exe 2010-05-21 18:29:40 37008 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2010-05-21 18:29:40 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2010-05-21 18:29:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2010-05-21 18:29:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-05-21 18:28:24 29072 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2010-05-21 18:28:24 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2010-05-21 18:04:56 0 d-----w- c:\program files\Uniblue 2010-05-19 18:07:34 69632 ----a-w- c:\windows\system32\CUUpdateComponent.ocx 2010-05-19 18:07:34 135168 ----a-w- c:\windows\system32\SafeAppRichList.ocx 2010-05-19 18:07:32 421888 ----a-w- c:\windows\system32\ComputerUpdaterLM.ocx 2010-05-19 18:01:46 389120 ----a-w- c:\windows\system32\DiskCleanerLM.ocx 2010-05-19 17:58:34 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx 2010-05-14 17:29:31 0 d-----w- c:\program files\DX-Ball 2010-05-10 23:18:53 0 d-----w- c:\program files\CCleaner 2010-05-10 22:57:41 0 d-----w- C:\symbols 2010-05-08 08:29:27 0 d-----w- c:\docume~1\erik\applic~1\Canneverbe Limited 2010-05-08 08:29:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited 2010-05-08 08:29:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys ==================== Find3M ==================== 2010-04-18 18:58:01 132829955 ----a-w- C:\MedianXL_v1F9b.zip 2010-04-05 13:00:28 69895 ----a-w- c:\windows\DIIUnin.dat 2010-04-05 12:36:53 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-04-05 12:36:53 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-04-05 12:36:52 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-04-05 12:18:23 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-05 12:18:23 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-02 11:03:23 3912204 ----a-w- c:\program files\Patch_D2.mpq 2010-03-14 16:05:46 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll ============= FINISH: 12:44:17,95 =============== Quote Link to comment Share on other sites More sharing options...
Cecilia Posted May 23, 2010 Share Posted May 23, 2010 Om programmen nu är avinstallerade så ta bort mapparna (om de finns kvar): 2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Registry Helper 2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Computer Updater 2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\program files\Registry Helper 2010-05-10 19:08 . 2010-01-04 12:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar och filerna: 2010-05-19 18:07:34 69632 ----a-w- c:\windows\system32\CUUpdateComponent.ocx 2010-05-19 18:07:34 135168 ----a-w- c:\windows\system32\SafeAppRichList.ocx 2010-05-19 18:07:32 421888 ----a-w- c:\windows\system32\ComputerUpdaterLM.ocx 2010-05-19 18:01:46 389120 ----a-w- c:\windows\system32\DiskCleanerLM.ocx 2010-05-19 17:58:34 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx Hur fungerar datorn nu om du har explorer.exe igång? Quote Link to comment Share on other sites More sharing options...
flaggis Posted May 23, 2010 Author Share Posted May 23, 2010 Det funkar fint nu, du ska ha tusen tack, du har varit en ängel ^^ Quote Link to comment Share on other sites More sharing options...
Cecilia Posted May 23, 2010 Share Posted May 23, 2010 Bra! Nu återstår bara en sista städomgång: 1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade. Börja med att skapa en ny systemåterställningspunkt: Start - Program- Tillbehör - Systemverktyg - Systemåterställning Välj att skapa en ny återställningspunkt och tryck på Nästa. Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet. Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper. På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den. Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste. 2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet. http://oldtimer.geekstogo.com/OTC.exe Dubbelklicka på filen för att starta programmet. Tryck på knappen CleanUp! och de olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn. Ta bort eventuella loggar som ligger på Skrivbordet. Om något är kvar efter det så fråga hur du ska ta bort det. 3. Ta bort alla tillfälliga filer genom att ladda ner ATF-Cleaner på Skrivbordet: http://www.atribune.org/ccount/click.php?id=1 Stäng av alla andra program, särskilt webbläsare. Dubbelklicka på ATF-Cleaner.exe för att starta programmet. Bocka i Select All. Tryck på Empty Selected. Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan. Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan. Tryck på Exit i Main-menyn för att stänga programmet. Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat. 4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer. http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc. 5. Förbättra skyddet i datorn, se mina Råd för en säkrare dator. http://sites.google.com/site/ceblstockholm/home och kör inte utan ett bra antivirusprogram. Quote Link to comment Share on other sites More sharing options...
flaggis Posted May 23, 2010 Author Share Posted May 23, 2010 Tack ännengång för allt ^^ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.