Elakartat virus som inte går att ta bort

[swempisen80]

Hej!

Min kompis har varit och laddat ner något program när han ville skämta med en kille via MSN, men när han installerade programmet så kom det upp ca 207 rutor med cmd.exe. Det är väl något med DOS antar jag.

 

Jag har testat med Ad-aware, super anti spyware, AVG och IObit Secrurity 360 och fått bort lite saker men problemet kvarstår.. Jag blir galen!

 

Jag skickar med "loggen" också, jag hoppas verkligen någon här kan hjälpa mig med detta viruset som verkar omöjligt att få bort!

Jag kunde inte bifoga så jag lägger in den här...

 

Logfile of IObit HijackScan v1.0.0.0

Scan saved at 2:52:41, on 2010-5-16

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\Program\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\Program\ActivIdentity\ActivClient\acevents.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AVG\AVG9\avgchsvx.exe

C:\Program\AVG\AVG9\avgrsx.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\msdtc.exe

C:\Program\ActivIdentity\ActivClient\accoca.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Intel\WiFi\bin\EvtEng.exe

C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

C:\Program\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program\Delade filer\InterVideo\RegMgr\iviRegMgr.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\AVG\AVG9\avgnsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\PDF Complete\pdfsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Voddler\service\voddler.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Hewlett-Packard\IAM\bin\asghost.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\AccelerometerSt.Exe

C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program\ActivIdentity\ActivClient\accrdsub.exe

C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program\ActivIdentity\ActivClient\acevents.exe

C:\Program\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe

C:\Program\Hp\HP Software Update\HPWuSchd2.exe

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\MMTray.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\Voddler\service\VNetManager.exe

C:\Program\Delade filer\Nokia\MPlatform\NokiaMServer.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program\IObit\IObit Security 360\is360.exe

C:\Program\IObit\IObit Security 360\IS360tray.exe

C:\Program\IObit\IObit Security 360\IS360srv.exe

C:\Program\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: []

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [NokiaOviSuite2] C:\Program\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [soundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [CognizanceTS] rundll32.exe C:\Program\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Cpqset] C:\Program\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [WatchDog] C:\Program\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [accrdsub] "C:\Program\ActivIdentity\ActivClient\accrdsub.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PTHOSTTR] C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QlbCtrl.exe] C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PDF Complete] C:\Program\PDF Complete\pdfsty.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [hpWirelessAssistant] C:\Program\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [intelZeroConfig] "C:\Program\Intel\WiFi\bin\ZCfgSvc.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [intelWireless] "C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HP Software Update] C:\Program\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MMTray] MMTray.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe_ID0EYTHM] C:\Program\DELADE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NokiaMServer] C:\Program\Delade filer\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVG9_TRAY] C:\Program\AVG\AVG9\avgtray.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [msg] C:\WINDOWS\msg.bat

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}SoftwareDistribution.MicrosoftUpdateWebControl.1 - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251998510015

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program\ActivIdentity\ActivClient\accoca.exe

O23 - Service: Adobe Version Cue CS3 (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program\Delade filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Com4QLBEx (Com4QLBEx) - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service (FLEXnet Licensing Service) - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP ProtectTools Service (HP ProtectTools Service) - Hewlett-Packard Development Company, L.P - C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

O23 - Service: hpqwmiex (hpqwmiex) - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr (IviRegMgr) - InterVideo - C:\Program\Delade filer\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program\PDF Complete\pdfsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program\Intel\WiFi\bin\S24EvMon.exe

O23 - Service: ServiceLayer (ServiceLayer) - Nokia - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: stllssvr (stllssvr) - Unknown - c:\Program\Delade filer\SureThing Shared\stllssvr.exe

O23 - Service: VoddlerNet (VoddlerNet) - Voddler - C:\Program\Voddler\service\voddler.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program\IObit\IObit Security 360\IS360srv.exe

[Mats H]

Hej!

Tråkigt skämt, kan du göra så här:

 

Om något antivirus- eller antispionprogram har hittat något skadligt så klistra in en logg där det framgår vad som har hittats och vilka filer och mappar som är inblandade.

 

Du skrev Ad-aware, super anti spyware, AVG och IObit Secrurity 360 och fått bort lite saker men problemet kvarstår.. Finns det några loggar så bifoga dem, precis som du gjort med Hijack This loggen, helt rätt.

 

Kör följande som ger en betydligt bättre bild av din kompis dator:

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt.

Medan du bifogar Attach.txt som en fil,

använd Full Redigerare, knappen under rutan för att bifoga filer.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

 

Återkom!

Mvh

Mats H

[swempisen80]

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrat”r at 9:47:55,43 on 2010-05-16

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2039.785 [GMT 2:00]

 

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

============== Running Processes ===============

 

C:\WINDOWS\System32\svchost.exe -k Cognizance

C:\WINDOWS\system32\svchost -k DcomLaunch

c:\Program\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\Program\ActivIdentity\ActivClient\acevents.exe

C:\Program\AVG\AVG9\avgchsvx.exe

C:\Program\AVG\AVG9\avgrsx.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\msdtc.exe

C:\Program\ActivIdentity\ActivClient\accoca.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Intel\WiFi\bin\EvtEng.exe

C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

C:\Program\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program\IObit\IObit Security 360\IS360srv.exe

C:\Program\AVG\AVG9\avgnsx.exe

C:\Program\Delade filer\InterVideo\RegMgr\iviRegMgr.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program\PDF Complete\pdfsvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Voddler\service\voddler.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\Hewlett-Packard\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\AccelerometerSt.Exe

C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program\ActivIdentity\ActivClient\accrdsub.exe

C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program\ActivIdentity\ActivClient\acevents.exe

C:\Program\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe

C:\Program\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\MMTray.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\Voddler\service\VNetManager.exe

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program\Delade filer\Nokia\MPlatform\NokiaMServer.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program\IObit\IObit Security 360\IS360tray.exe

C:\Program\Hewlett-Packard\Shared\HpqToaster.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program\Delade filer\Nokia\NoA\nokiaaserver.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administratör\Mina dokument\Hämtade filer\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se

mDefault_Page_URL = hxxp://www.hp.com

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg9\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program\hewlett-packard\iam\bin\ItIEAddIn.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program\superantispyware\SUPERAntiSpyware.exe

uRun: [<NO NAME>]

uRun: [NokiaOviSuite2] c:\program\nokia\nokia ovi suite\NokiaOviSuite.exe -tray

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [soundMAXPnP] c:\program\analog devices\core\smax4pnp.exe

mRun: [soundMAX] c:\program\analog devices\soundmax\Smax4.exe /tray

mRun: [synTPEnh] c:\program\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [CognizanceTS] rundll32.exe c:\program\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [Reminder] c:\windows\creator\Remind_XP.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [Cpqset] c:\program\hewlett-packard\default settings\cpqset.exe

mRun: [WatchDog] c:\program\intervideo\dvd check\DVDCheck.exe

mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe

mRun: [iAAnotif] c:\program\intel\intel matrix storage manager\iaanotif.exe

mRun: [accrdsub] "c:\program\actividentity\activclient\accrdsub.exe"

mRun: [PTHOSTTR] c:\program\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [QlbCtrl.exe] c:\program\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [PDF Complete] c:\program\pdf complete\pdfsty.exe

mRun: [hpWirelessAssistant] c:\program\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [intelZeroConfig] "c:\program\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program\delade filer\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [HP Software Update] c:\program\hp\hp software update\HPWuSchd2.exe

mRun: [Windows Defender] "c:\program\windows defender\MSASCui.exe" -hide

mRun: [QuickTime Task] "c:\program\quicktime\QTTask.exe" -atboottime

mRun: [MMTray] MMTray.exe

mRun: [GrooveMonitor] "c:\program\microsoft office\office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe

mRun: [Adobe_ID0EYTHM] c:\program\delade~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [NokiaMServer] c:\program\delade filer\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG9_TRAY] c:\program\avg\avg9\avgtray.exe

mRun: [msg] c:\windows\msg.bat

mRun: [iObit Security 360] "c:\program\iobit\iobit security 360\IS360tray.exe" /autostart

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bttray.lnk - c:\program\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\dvdche~1.lnk - c:\program\intervideo\dvd check\DVDCheck.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office12\EXCEL.EXE/3000

IE: Skicka till &Bluetooth-enhet... - c:\program\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka till Bluetooth - c:\program\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office12\REFIEBAR.DLL

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251998510015

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program\avg\avg9\avgpp.dll

Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.dll

Notify: ackpbsc - c:\windows\system32\ackpbsc.dll

Notify: acunlock - c:\program\actividentity\activclient\acunlock.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: OneCard - c:\program\hewlett-packard\iam\bin\ASWLNPkg.dll

AppInit_DLLs: APSHook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\program\wifd1f~1\MpShHook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL

LSA: Notification Packages = SbHpNp scecli ASWLNPkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program\delade filer\lightscribe\LSRunOnce.exe"

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\qb4coaf3.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - www.aftonbladet.se

FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=

FF - component: c:\program\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program\microsoft\office live\npOLW.dll

FF - plugin: c:\program\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program\voddler\plugin\npvoddler.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-30 64288]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-4-22 100095]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-3-29 13696]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-3 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-3 29512]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-3 242896]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-4-22 5808]

R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\SASDIFSV.SYS [2009-11-23 12872]

R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2009-11-23 68168]

R2 accoca;ActivClient Middleware Service;c:\program\actividentity\activclient\accoca.exe [2007-5-15 182576]

R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]

R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]

R2 avg9wd;AVG Free WatchDog;c:\program\avg\avg9\avgwdsvc.exe [2010-4-21 308064]

R2 HP ProtectTools Service;HP ProtectTools Service;c:\program\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-10 18944]

R2 HpFkCryptService;Drive Encryption Service;c:\program\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-4-22 221184]

R2 IS360service;IS360service;c:\program\iobit\iobit security 360\is360srv.exe [2010-5-16 311568]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]

R2 pdfcDispatcher;PDF Document Manager;c:\program\pdf complete\pdfsvc.exe [2007-10-16 576536]

R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2010-3-18 1160912]

R3 Com4QLBEx;Com4QLBEx;c:\program\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-28 193840]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-9-19 36608]

S2 WinDefend;Windows Defender;c:\program\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2009-11-23 12872]

S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-6-21 56448]

 

=============== Created Last 30 ================

 

2010-05-16 00:41:05 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit

2010-05-16 00:41:03 0 d-----w- c:\program\IObit

2010-05-16 00:04:44 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-05-16 00:04:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-16 00:04:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-16 00:04:34 0 d-----w- c:\program\Malwarebytes' Anti-Malware

2010-05-16 00:04:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-15 21:00:15 0 d-----w- C:\Window

2010-05-15 21:00:13 7208 ---ha-r- c:\windows\msg.bat

2010-05-15 21:00:12 7208 ---ha-r- c:\windows\svchost.bat

2010-05-15 20:49:59 0 d-----w- c:\program\ABF software

2010-05-06 13:22:54 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-24 07:05:29 0 d-----w- c:\docume~1\admini~1\applic~1\VoddlerPlayer.22AA32E1C519F8FB77514A36DC6C2AE2C623240F.1

2010-04-21 17:28:30 0 d--h--w- C:\$AVG

2010-04-21 17:25:41 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

 

==================== Find3M ====================

 

2010-05-16 07:32:47 4456448 ---ha-w- c:\documents and settings\administratör\NTUSER.DAT

2010-04-24 06:58:11 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-21 17:28:12 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-04-21 17:28:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-04-06 07:32:12 324664 ----a-w- c:\windows\fonts\NIGHT STALKER TRIAL.otf

2010-04-03 16:57:28 57520 ----a-w- c:\windows\fonts\VTC-BadTattooHandOne.otf

2010-04-03 11:35:08 5473 ----a-w- c:\windows\fonts\VTC-Vigilante Typeface Corporation Commercial Licensing.txt

2010-03-29 16:34:05 88458 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-29 16:34:05 456318 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-20 15:54:28 338471 ----a-w- c:\windows\fonts\BILLY ARGEL NIGHT STALKER FONT.jpg

2010-03-13 02:05:42 2363 ----a-w- c:\windows\fonts\VTC Copyright License.txt

2010-03-10 04:44:43 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll

2010-03-10 04:44:33 1025024 ------w- c:\windows\system32\dllcache\browseui.dll

2010-03-09 11:11:42 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-03-09 11:11:42 430080 ------w- c:\windows\system32\dllcache\vbscript.dll

2010-02-28 13:22:22 186194 ----a-w- c:\windows\fonts\Impact Label Sample.pdf

2010-02-28 12:44:24 127200 ----a-w- c:\windows\fonts\Impact Label Reversed.ttf

2010-02-28 12:41:26 136136 ----a-w- c:\windows\fonts\Impact Label.ttf

2010-02-26 05:44:05 667648 ----a-w- c:\windows\system32\wininet.dll

2010-02-26 05:44:05 667648 ------w- c:\windows\system32\dllcache\wininet.dll

2010-02-26 05:44:05 626688 ------w- c:\windows\system32\dllcache\urlmon.dll

2010-02-26 05:44:04 3094016 ------w- c:\windows\system32\dllcache\mshtml.dll

2010-02-26 05:44:02 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-02-26 05:44:02 81920 ------w- c:\windows\system32\dllcache\ieencode.dll

2010-02-26 05:44:02 251904 ------w- c:\windows\system32\dllcache\iepeers.dll

2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-18 13:48:46 83252 ----a-w- c:\windows\fonts\lte50328.ttf

2010-02-17 12:09:32 2190720 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-02-16 19:09:30 2067584 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-02-16 19:09:26 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:09:26 2147328 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-02-16 19:09:26 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-16 19:09:26 2025472 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

 

============= FINISH: 9:49:01,93 ===============

[swempisen80]

Nej jag kan inte lägga upp attach.rar

Har kollar inställningarna på min profil men utan tresultat..

Kan jag inte skicka den till dig?

[Mats H]

Nej jag kan inte lägga upp attach.rar

Har kollar inställningarna på min profil men utan tresultat..

Kan jag inte skicka den till dig?

 

Hej,

det borde sparats en fil som heter attach.txt på skrivbordet!

Om inte, ladda upp den här och ge mig svarslänken i din tråd här!

Bry dig inte o email adresser eller ngt sådant, de behövs inte.

 

Sprend

 

Mvh

Mats H

[Mats H]

Hej,

Starta datorn i Fel/Säkert läge, så kommer du nog att slippa dumheterna.

Logga in som adminstratör.

Leta rätt på:

Här är "skämtet"!

2010-05-15 21:00:15 0 d-----w- C:\Window

2010-05-15 21:00:13 7208 ---ha-r- c:\windows\msg.bat

2010-05-15 21:00:12 7208 ---ha-r- c:\windows\svchost.bat

 

Kontrollera vad som finns i mappen C:\Window

och återkom med det.

 

Deleta dessa 3 filer, kör diskrensning och starta om datorn.

 

Övrigt

ABF software - http://www.abf-soft.com/

2010-05-15 20:49:59 0 d-----w- c:\program\ABF software

Skapades 10 minuter innan "skämtet", är det ngt som ska finnas kvar?

Kontrollera

 

IOBit 360

Avinstallera detta,

du ska inte köra två antivirusprogram samtidigt.

Det kan skapa konflikter.

 

Återkom med en ny DDS när du gjort detta, för kontroll.

Mvh

Mats H

[swempisen80]

Det finns inget i den mappen

[Cecilia]

Ta bort då bort C:\Window liksom de två bat-filerna.

[swempisen80]

Kommer jag åt bat-filerna om jag startar datorn i felsäkert läge?

Jag har försökt att söka efter dom på datorn men lyckas inte få en enda träff

[Cecilia]

Ställ in Den här datorn eller Utforskaren så att du kan se dolda filer:

Verktyg - Mappalternativ - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

 

så kan du nog se filerna.

 

Vad var det för program som laddades ner från början?

[swempisen80]

viruset/programmet har tydligen tagit bort menyerna så jag kan inte komma åt alternativen!

Vad göra nu då?

[Mats H]

Hej,

Vi gör följande,

starta Hijack This, Tryck på knappen "Open the Misc Tools",

välj sedan Delete a file on Reboot.

Klistra in denna fil med sökväg:

c:\windows\msg.bat , tryck Öppna, sedan svara No på Reboot, sedan denna

c:\windows\svchost.bat , tryck Öppna svara Yes på Reboot.

 

Efter omstart, prova att manuellt ta bort mappen:

C:\Window

 

Återkom med resultatet, och en ny DDS logg.

 

Lycka till.

Mvh

Mats H

[swempisen80]

Jag vet inte om jag fick bort filerna... men fortfarande startas det upp ett fönster (cmd.exe) samt 3D pinball och tre internet explorer upp.

 

Här kommer loggen..

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrat”r at 18:34:21,48 on 2010-05-16

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2039.793 [GMT 2:00]

 

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

============== Running Processes ===============

 

C:\WINDOWS\System32\svchost.exe -k Cognizance

C:\WINDOWS\system32\svchost -k DcomLaunch

c:\Program\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\Program\ActivIdentity\ActivClient\acevents.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AVG\AVG9\avgchsvx.exe

C:\Program\AVG\AVG9\avgrsx.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\msdtc.exe

C:\Program\ActivIdentity\ActivClient\accoca.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Intel\WiFi\bin\EvtEng.exe

C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

C:\Program\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program\IObit\IObit Security 360\IS360srv.exe

C:\Program\AVG\AVG9\avgnsx.exe

C:\Program\Delade filer\InterVideo\RegMgr\iviRegMgr.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program\PDF Complete\pdfsvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Voddler\service\voddler.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\Hewlett-Packard\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\AccelerometerSt.Exe

C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program\ActivIdentity\ActivClient\accrdsub.exe

C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program\ActivIdentity\ActivClient\acevents.exe

C:\Program\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe

C:\Program\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\MMTray.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\Voddler\service\VNetManager.exe

C:\Program\Delade filer\Nokia\MPlatform\NokiaMServer.exe

C:\Program\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\IObit\IObit Security 360\IS360tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program\Delade filer\Nokia\NoA\nokiaaserver.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\Windows Live\Toolbar\wltuser.exe

C:\Program\IObit\IObit Security 360\is360.exe

C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Administratör\Mina dokument\Hämtade filer\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se

mDefault_Page_URL = hxxp://www.hp.com

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg9\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program\hewlett-packard\iam\bin\ItIEAddIn.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program\superantispyware\SUPERAntiSpyware.exe

uRun: [<NO NAME>]

uRun: [NokiaOviSuite2] c:\program\nokia\nokia ovi suite\NokiaOviSuite.exe -tray

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [soundMAXPnP] c:\program\analog devices\core\smax4pnp.exe

mRun: [soundMAX] c:\program\analog devices\soundmax\Smax4.exe /tray

mRun: [synTPEnh] c:\program\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [CognizanceTS] rundll32.exe c:\program\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [Reminder] c:\windows\creator\Remind_XP.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [Cpqset] c:\program\hewlett-packard\default settings\cpqset.exe

mRun: [WatchDog] c:\program\intervideo\dvd check\DVDCheck.exe

mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe

mRun: [iAAnotif] c:\program\intel\intel matrix storage manager\iaanotif.exe

mRun: [accrdsub] "c:\program\actividentity\activclient\accrdsub.exe"

mRun: [PTHOSTTR] c:\program\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [QlbCtrl.exe] c:\program\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [PDF Complete] c:\program\pdf complete\pdfsty.exe

mRun: [hpWirelessAssistant] c:\program\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [intelZeroConfig] "c:\program\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program\delade filer\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [HP Software Update] c:\program\hp\hp software update\HPWuSchd2.exe

mRun: [Windows Defender] "c:\program\windows defender\MSASCui.exe" -hide

mRun: [QuickTime Task] "c:\program\quicktime\QTTask.exe" -atboottime

mRun: [MMTray] MMTray.exe

mRun: [GrooveMonitor] "c:\program\microsoft office\office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe

mRun: [Adobe_ID0EYTHM] c:\program\delade~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [NokiaMServer] c:\program\delade filer\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG9_TRAY] c:\program\avg\avg9\avgtray.exe

mRun: [msg] c:\windows\msg.bat

mRun: [iObit Security 360] "c:\program\iobit\iobit security 360\IS360tray.exe" /autostart

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bttray.lnk - c:\program\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\dvdche~1.lnk - c:\program\intervideo\dvd check\DVDCheck.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office12\EXCEL.EXE/3000

IE: Skicka till &Bluetooth-enhet... - c:\program\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka till Bluetooth - c:\program\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office12\REFIEBAR.DLL

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251998510015

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program\avg\avg9\avgpp.dll

Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.dll

Notify: ackpbsc - c:\windows\system32\ackpbsc.dll

Notify: acunlock - c:\program\actividentity\activclient\acunlock.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: OneCard - c:\program\hewlett-packard\iam\bin\ASWLNPkg.dll

AppInit_DLLs: APSHook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\program\wifd1f~1\MpShHook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL

LSA: Notification Packages = SbHpNp scecli ASWLNPkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program\delade filer\lightscribe\LSRunOnce.exe"

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\qb4coaf3.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - www.aftonbladet.se

FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=

FF - component: c:\program\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program\microsoft\office live\npOLW.dll

FF - plugin: c:\program\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program\voddler\plugin\npvoddler.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-30 64288]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-4-22 100095]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-3-29 13696]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-3 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-3 29512]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-3 242896]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-4-22 5808]

R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\SASDIFSV.SYS [2009-11-23 12872]

R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2009-11-23 68168]

R2 accoca;ActivClient Middleware Service;c:\program\actividentity\activclient\accoca.exe [2007-5-15 182576]

R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]

R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]

R2 avg9wd;AVG Free WatchDog;c:\program\avg\avg9\avgwdsvc.exe [2010-4-21 308064]

R2 HP ProtectTools Service;HP ProtectTools Service;c:\program\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-10 18944]

R2 HpFkCryptService;Drive Encryption Service;c:\program\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-4-22 221184]

R2 IS360service;IS360service;c:\program\iobit\iobit security 360\is360srv.exe [2010-5-16 311568]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]

R2 pdfcDispatcher;PDF Document Manager;c:\program\pdf complete\pdfsvc.exe [2007-10-16 576536]

R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2010-3-18 1160912]

R3 Com4QLBEx;Com4QLBEx;c:\program\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-28 193840]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-9-19 36608]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-16 38224]

S2 WinDefend;Windows Defender;c:\program\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2009-11-23 12872]

S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-6-21 56448]

 

=============== Created Last 30 ================

 

2010-05-16 16:17:45 0 d-----w- c:\program\Trend Micro

2010-05-16 00:41:05 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit

2010-05-16 00:41:03 0 d-----w- c:\program\IObit

2010-05-16 00:04:44 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-05-16 00:04:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-16 00:04:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-16 00:04:34 0 d-----w- c:\program\Malwarebytes' Anti-Malware

2010-05-16 00:04:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-15 21:00:13 7208 ---ha-r- c:\windows\msg.bat

2010-05-15 21:00:12 7208 ---ha-r- c:\windows\svchost.bat

2010-05-15 20:49:59 0 d-----w- c:\program\ABF software

2010-05-06 13:22:54 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-24 07:05:29 0 d-----w- c:\docume~1\admini~1\applic~1\VoddlerPlayer.22AA32E1C519F8FB77514A36DC6C2AE2C623240F.1

2010-04-21 17:28:30 0 d--h--w- C:\$AVG

2010-04-21 17:25:41 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

 

==================== Find3M ====================

 

2010-05-16 16:26:17 4456448 ---ha-w- c:\documents and settings\administratör\NTUSER.DAT

2010-04-24 06:58:11 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-21 17:28:12 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-04-21 17:28:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-04-06 07:32:12 324664 ----a-w- c:\windows\fonts\NIGHT STALKER TRIAL.otf

2010-04-03 16:57:28 57520 ----a-w- c:\windows\fonts\VTC-BadTattooHandOne.otf

2010-04-03 11:35:08 5473 ----a-w- c:\windows\fonts\VTC-Vigilante Typeface Corporation Commercial Licensing.txt

2010-03-29 16:34:05 88458 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-29 16:34:05 456318 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-20 15:54:28 338471 ----a-w- c:\windows\fonts\BILLY ARGEL NIGHT STALKER FONT.jpg

2010-03-13 02:05:42 2363 ----a-w- c:\windows\fonts\VTC Copyright License.txt

2010-03-10 04:44:43 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll

2010-03-10 04:44:33 1025024 ------w- c:\windows\system32\dllcache\browseui.dll

2010-03-09 11:11:42 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-03-09 11:11:42 430080 ------w- c:\windows\system32\dllcache\vbscript.dll

2010-02-28 13:22:22 186194 ----a-w- c:\windows\fonts\Impact Label Sample.pdf

2010-02-28 12:44:24 127200 ----a-w- c:\windows\fonts\Impact Label Reversed.ttf

2010-02-28 12:41:26 136136 ----a-w- c:\windows\fonts\Impact Label.ttf

2010-02-26 05:44:05 667648 ----a-w- c:\windows\system32\wininet.dll

2010-02-26 05:44:05 667648 ------w- c:\windows\system32\dllcache\wininet.dll

2010-02-26 05:44:05 626688 ------w- c:\windows\system32\dllcache\urlmon.dll

2010-02-26 05:44:04 3094016 ------w- c:\windows\system32\dllcache\mshtml.dll

2010-02-26 05:44:02 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-02-26 05:44:02 81920 ------w- c:\windows\system32\dllcache\ieencode.dll

2010-02-26 05:44:02 251904 ------w- c:\windows\system32\dllcache\iepeers.dll

2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-18 13:48:46 83252 ----a-w- c:\windows\fonts\lte50328.ttf

2010-02-17 12:09:32 2190720 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-02-16 19:09:30 2067584 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-02-16 19:09:26 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:09:26 2147328 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-02-16 19:09:26 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-16 19:09:26 2025472 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

 

============= FINISH: 18:35:28,76 ===============

[Mats H]

Hej!

Nej de 2 elakingarna biter sig envist fast, riktigt illa.

 

Då tar vi fram lite tyngre redskap!

 

Vill kolla med ComboFix också. Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Mvh

Mats H

[swempisen80]

innan jag ska påbörja combofix så får jag upp meddelande: Warning

CD emulations drivers are running on this machine. ComboFix needs to tempoarily disable them.

sedan en OK knapp..

Jag tog bort deamon tools nu för jag använder inte det mer, kan det vara det?

[Mats H]

Hej,

Combofix stänger temporärt ned så bara tryck OK!

(ComboFix needs to tempoarily disable them.

sedan en OK knapp..)

Du hade inte behövt att ta bort deamon tools!

 

Men det ordnar sig!

Kör på!

Mvh

Mats H

[swempisen80]

ComboFix 10-05-16.01 - Administratör 2010-05-16 20:45:34.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2039.1136 [GMT 2:00]

Körs från: c:\documents and settings\Administratör\Mina dokument\Hämtade filer\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

E:\Autorun.inf

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-04-16 till 2010-05-16 ))))))))))))))))))))))))))))))

.

 

2010-05-16 17:02 . 2010-05-16 18:37 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-05-16 17:02 . 2010-05-16 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-05-16 17:02 . 2010-05-16 17:02 -------- d-----w- c:\program\Hitman Pro 3.5

2010-05-16 16:17 . 2010-05-16 16:17 -------- d-----w- c:\program\Trend Micro

2010-05-16 00:41 . 2010-05-16 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-05-16 00:41 . 2010-05-16 00:41 -------- d-----w- c:\program\IObit

2010-05-16 00:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-16 00:04 . 2010-05-16 00:04 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-05-16 00:04 . 2010-05-16 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-16 00:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-15 21:00 . 2010-02-13 13:12 7208 ---ha-r- c:\windows\msg.bat

2010-05-15 21:00 . 2010-02-13 13:12 7208 ---ha-r- c:\windows\svchost.bat

2010-05-15 20:49 . 2010-05-15 23:00 -------- d-----w- c:\program\ABF software

2010-05-06 13:22 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-24 06:58 . 2010-04-24 06:58 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-04-24 06:56 . 2010-04-24 06:56 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-04-22 11:37 . 2010-04-22 11:37 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-04-21 17:28 . 2010-04-21 17:28 -------- d-----w- C:\$AVG

2010-04-21 17:25 . 2010-04-21 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-15 23:09 . 2009-08-29 01:07 -------- d-----w- c:\program\Delade filer\Roxio Shared

2010-05-15 23:09 . 2009-08-29 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio

2010-05-15 23:05 . 2009-08-29 01:08 -------- d-----w- c:\program\Roxio

2010-05-15 23:01 . 2009-09-10 17:58 -------- d-----w- c:\program\Hide My Torrent

2010-05-15 23:00 . 2009-09-15 18:45 -------- d-----w- c:\program\Bonjour

2010-05-12 05:07 . 2009-08-29 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-05-08 04:16 . 2009-12-10 16:11 -------- d-----w- c:\program\SUPERAntiSpyware

2010-05-06 13:22 . 2009-08-29 01:07 -------- d-----w- c:\program\Java

2010-04-24 16:51 . 2009-09-08 19:19 -------- d-----w- c:\program\VersePerfect

2010-04-24 06:58 . 2009-09-03 16:00 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-21 17:28 . 2009-09-03 16:00 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-04-21 17:28 . 2009-09-03 16:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-04-21 17:28 . 2009-09-03 16:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-04-21 17:23 . 2009-09-03 16:00 -------- d-----w- c:\program\AVG

2010-04-17 14:40 . 2009-12-17 15:21 -------- d-----w- c:\program\Voddler

2010-04-06 13:37 . 2010-04-06 13:37 -------- d-----w- c:\program\DVD Decrypter

2010-04-06 06:20 . 2009-08-29 01:07 -------- d-----w- c:\program\Delade filer\Java

2010-03-29 16:34 . 2004-09-08 09:02 88458 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-29 16:34 . 2004-09-08 09:02 456318 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-25 15:58 . 2010-03-25 15:58 -------- d-----w- c:\program\Delade filer\Adobe AIR

2010-03-22 12:29 . 2010-03-22 12:28 -------- d-----w- c:\program\SmartFTP Client

2010-03-22 12:28 . 2010-03-22 12:28 -------- d-----w- c:\program\SmartFTP Client 4.0 Setup Files

2010-03-20 16:05 . 2010-04-23 19:20 189 ----a-w- c:\windows\Fonts\READ ME .txt

2010-03-09 11:11 . 2004-08-04 08:00 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-02-28 12:55 . 2010-03-18 18:45 1464 ----a-w- c:\windows\Fonts\Impact Label Licence.txt

2010-02-26 05:44 . 2004-08-04 08:00 667648 ----a-w- c:\windows\system32\wininet.dll

2010-02-26 05:44 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-02-24 13:11 . 2004-08-04 08:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-24 08:16 . 2009-10-03 06:36 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-16 19:09 . 2004-08-04 08:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:09 . 2004-08-04 08:00 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-08 2017280]

"NokiaOviSuite2"="c:\program\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program\Delade filer\Nokia\MPlatform\NokiaMServer" [X]

"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]

"CognizanceTS"="c:\program\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]

"Cpqset"="c:\program\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]

"WatchDog"="c:\program\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-04-11 77672]

"IAAnotif"="c:\program\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]

"accrdsub"="c:\program\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]

"PTHOSTTR"="c:\program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]

"QlbCtrl.exe"="c:\program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]

"PDF Complete"="c:\program\PDF Complete\pdfsty.exe" [2008-04-14 318488]

"hpWirelessAssistant"="c:\program\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"IntelZeroConfig"="c:\program\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]

"IntelWireless"="c:\program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]

"HP Software Update"="c:\program\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Windows Defender"="c:\program\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2009-09-04 417792]

"MMTray"="MMTray.exe" [2001-11-09 53248]

"GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-02-18 248040]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-15 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"msg"="c:\windows\msg.bat" [2010-02-13 7208]

"IObit Security 360"="c:\program\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]

"HitmanPro35"="c:\program\Hitman Pro 3.5\HitmanPro35.exe" [2010-05-16 5937984]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BTTray.lnk - c:\program\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]

DVD Check.lnk - c:\program\InterVideo\DVD Check\DVDCheck.exe [2009-8-28 192512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2007-05-15 14:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2007-05-15 14:08 281088 ----a-w- c:\program\ActivIdentity\ActivClient\acunlock.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-04-21 17:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2007-02-07 01:30 74240 ----a-r- c:\program\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\APSHook.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ SbHpNp scecli

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\BitTorrent\\bittorrent.exe"=

"c:\\Program\\Sports Interactive\\Football Manager 2009\\fm.exe"=

"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program\\Mozilla Firefox\\firefox.exe"=

"c:\\Program\\Delade filer\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Documents and Settings\\Administratör\\Skrivbord\\spotify.exe"=

"c:\\Program\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-09-30 64288]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-04-22 100095]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-09 44720]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-03-29 13696]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-09-19 682232]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-09-03 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-09-03 242896]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-04-22 5808]

R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 12872]

R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2009-11-23 68168]

R2 accoca;ActivClient Middleware Service;c:\program\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-04-21 308064]

R2 HP ProtectTools Service;HP ProtectTools Service;c:\program\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-10 18944]

R2 HpFkCryptService;Drive Encryption Service;c:\program\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1181328]

R2 pdfcDispatcher;PDF Document Manager;c:\program\PDF Complete\pdfsvc.exe [2007-10-16 576536]

R3 Com4QLBEx;Com4QLBEx;c:\program\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-08-28 193840]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-09-19 36608]

S2 IS360service;IS360service;c:\program\IObit\IObit Security 360\is360srv.exe [2010-05-16 311568]

S2 WinDefend;Windows Defender;c:\program\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 12872]

S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-06-21 56448]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

Cognizance REG_MULTI_SZ ASBroker ASChannel

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 11:23 452136 ----a-w- c:\program\Delade filer\LightScribe\LSRunOnce.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:08]

 

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:08]

 

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:08]

 

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:08]

 

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:08]

 

2010-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office12\EXCEL.EXE/3000

IE: Skicka till &Bluetooth-enhet... - c:\program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Skicka till Bluetooth - c:\program\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\documents and settings\Administratör\Application Data\Mozilla\Firefox\Profiles\qb4coaf3.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - www.aftonbladet.se

FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=

FF - component: c:\program\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\program\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program\Voddler\plugin\npvoddler.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Administratör\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-16 21:01

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program\Hewlett-Packard\Default Settings\cpqset.exe?|( ??????????T??? ??????????|?M?|?????M?|&?@

 

scanning hidden files ...

 

 

c:\windows\TEMP\jhlpackk.TMP 616448 bytes

 

scan completed successfully

hidden files: 1

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(1012)

c:\program\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\ackpbsc.dll

c:\windows\system32\aclog.dll

c:\windows\system32\ACLIBEAY.dll

c:\windows\system32\acevtsub.dll

c:\windows\system32\asphat32.dll

c:\windows\system32\acerrmes.dll

c:\windows\system32\aspcom.dll

c:\program\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll

c:\program\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll

c:\program\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

c:\program\Hewlett-Packard\IAM\bin\ItMsg.dll

c:\program\Hewlett-Packard\IAM\Bin\TrayIcon.dll

c:\program\Hewlett-Packard\IAM\bin\HPBrand.dll

c:\program\Hewlett-Packard\IAM\Bin\ASChnl.dll

c:\program\Hewlett-Packard\IAM\Bin\ItDAC.dll

c:\program\Hewlett-Packard\IAM\Bin\ItReports.DLL

c:\program\Hewlett-Packard\IAM\Bin\BioAuth.dll

c:\program\Hewlett-Packard\IAM\Bin\ittal.dll

c:\program\Hewlett-Packard\IAM\Bin\ASBIoAT.dll

c:\program\Hewlett-Packard\IAM\Bin\STEngine.dll

c:\program\Hewlett-Packard\IAM\Bin\ItVCClient.dll

c:\windows\SbHpNp.DLL

c:\program\Hewlett-Packard\IAM\Bin\AuthWiz.dll

c:\program\ActivIdentity\ActivClient\acunlock.dll

c:\windows\system32\aipingui.dll

c:\program\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll

c:\program\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

 

- - - - - - - > 'lsass.exe'(1068)

c:\windows\SbHpNp.dll

 

- - - - - - - > 'explorer.exe'(3396)

c:\windows\system32\APSHook.dll

c:\program\SmartFTP Client\en-US\sfShellTools.dll.mui

c:\windows\system32\btmmhook.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_swe.nlr

c:\program\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program\Intel\WiFi\bin\S24EvMon.exe

c:\program\ActivIdentity\ActivClient\acevents.exe

c:\program\AVG\AVG9\avgchsvx.exe

c:\program\AVG\AVG9\avgrsx.exe

c:\program\AVG\AVG9\avgcsrvx.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\msdtc.exe

c:\windows\system32\agrsmsvc.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Intel\WiFi\bin\EvtEng.exe

c:\program\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program\AVG\AVG9\avgnsx.exe

c:\program\Delade filer\InterVideo\RegMgr\iviRegMgr.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\LightScribe\LSSrvc.exe

c:\program\Delade filer\Intel\WirelessCommon\RegSrvc.exe

c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program\Voddler\service\voddler.exe

c:\program\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\mqsvc.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program\Hewlett-Packard\IAM\bin\asghost.exe

c:\windows\system32\igfxsrvc.exe

c:\program\ActivIdentity\ActivClient\acevents.exe

c:\windows\system32\MMTray.exe

c:\program\Hewlett-Packard\Shared\HpqToaster.exe

c:\program\Delade filer\Nokia\MPlatform\NokiaMServer.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program\Windows Live\Toolbar\wltuser.exe

c:\program\Delade filer\Nokia\NoA\nokiaaserver.exe

c:\program\PC Connectivity Solution\ServiceLayer.exe

c:\program\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Sluttid: 2010-05-16 21:03:36 - datorn startades om.

ComboFix-quarantined-files.txt 2010-05-16 19:03

 

Före genomsökningen: 10 594 885 632 byte ledigt

Efter genomsökningen: 13 395 918 848 byte ledigt

 

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - C6315E914C47DCC1A9809C65EF266B67

 

 

Vad ska jag göra nu?

[Mats H]

Hej,

ladda ned script från denna länk, http://www.sendspace.com/file/qsz8el

lägg på skrivbordet och dra den till Combofixikonen och kör Combofix igen.

Mvh

Mats H

[swempisen80]

ComboFix 10-05-16.01 - Administratör 2010-05-16 22:24:38.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2039.1172 [GMT 2:00]

Körs från: c:\documents and settings\Administratör\Mina dokument\Hämtade filer\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Administratör\Skrivbord\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

FILE ::

"c:\windows\msg.bat"

"c:\windows\svchost.bat"

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\msg.bat

c:\windows\svchost.bat

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-04-16 till 2010-05-16 ))))))))))))))))))))))))))))))

.

 

2010-05-16 17:02 . 2010-05-16 19:11 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-05-16 17:02 . 2010-05-16 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-05-16 17:02 . 2010-05-16 17:02 -------- d-----w- c:\program\Hitman Pro 3.5

2010-05-16 16:17 . 2010-05-16 16:17 -------- d-----w- c:\program\Trend Micro

2010-05-16 00:41 . 2010-05-16 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-05-16 00:41 . 2010-05-16 00:41 -------- d-----w- c:\program\IObit

2010-05-16 00:04 . 2010-05-16 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-15 20:49 . 2010-05-15 23:00 -------- d-----w- c:\program\ABF software

2010-05-06 13:22 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-24 06:58 . 2010-04-24 06:58 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-04-24 06:56 . 2010-04-24 06:56 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-04-22 11:37 . 2010-04-22 11:37 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-04-21 17:28 . 2010-04-21 17:28 -------- d-----w- C:\$AVG

2010-04-21 17:25 . 2010-04-21 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-16 19:15 . 2010-01-09 09:21 -------- d-----w- c:\program\Nokia

2010-05-16 19:15 . 2010-01-09 09:21 -------- d-----w- c:\program\Delade filer\Nokia

2010-05-16 19:12 . 2009-09-19 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive

2010-05-15 23:09 . 2009-08-29 01:07 -------- d-----w- c:\program\Delade filer\Roxio Shared

2010-05-15 23:09 . 2009-08-29 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio

2010-05-15 23:05 . 2009-08-29 01:08 -------- d-----w- c:\program\Roxio

2010-05-15 23:01 . 2009-09-10 17:58 -------- d-----w- c:\program\Hide My Torrent

2010-05-15 23:00 . 2009-09-15 18:45 -------- d-----w- c:\program\Bonjour

2010-05-12 05:07 . 2009-08-29 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-05-08 04:16 . 2009-12-10 16:11 -------- d-----w- c:\program\SUPERAntiSpyware

2010-05-06 13:22 . 2009-08-29 01:07 -------- d-----w- c:\program\Java

2010-04-24 16:51 . 2009-09-08 19:19 -------- d-----w- c:\program\VersePerfect

2010-04-24 06:58 . 2009-09-03 16:00 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-21 17:28 . 2009-09-03 16:00 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-04-21 17:28 . 2009-09-03 16:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-04-21 17:28 . 2009-09-03 16:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-04-21 17:23 . 2009-09-03 16:00 -------- d-----w- c:\program\AVG

2010-04-17 14:40 . 2009-12-17 15:21 -------- d-----w- c:\program\Voddler

2010-04-06 13:37 . 2010-04-06 13:37 -------- d-----w- c:\program\DVD Decrypter

2010-04-06 06:20 . 2009-08-29 01:07 -------- d-----w- c:\program\Delade filer\Java

2010-03-29 16:34 . 2004-09-08 09:02 88458 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-29 16:34 . 2004-09-08 09:02 456318 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-25 15:58 . 2010-03-25 15:58 -------- d-----w- c:\program\Delade filer\Adobe AIR

2010-03-22 12:29 . 2010-03-22 12:28 -------- d-----w- c:\program\SmartFTP Client

2010-03-22 12:28 . 2010-03-22 12:28 -------- d-----w- c:\program\SmartFTP Client 4.0 Setup Files

2010-03-20 16:05 . 2010-04-23 19:20 189 ----a-w- c:\windows\Fonts\READ ME .txt

2010-03-09 11:11 . 2004-08-04 08:00 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-02-28 12:55 . 2010-03-18 18:45 1464 ----a-w- c:\windows\Fonts\Impact Label Licence.txt

2010-02-26 05:44 . 2004-08-04 08:00 667648 ----a-w- c:\windows\system32\wininet.dll

2010-02-26 05:44 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-02-24 13:11 . 2004-08-04 08:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-24 08:16 . 2009-10-03 06:36 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-16 19:09 . 2004-08-04 08:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:09 . 2004-08-04 08:00 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]

"CognizanceTS"="c:\program\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]

"Cpqset"="c:\program\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]

"WatchDog"="c:\program\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-04-11 77672]

"IAAnotif"="c:\program\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]

"accrdsub"="c:\program\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]

"PTHOSTTR"="c:\program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]

"QlbCtrl.exe"="c:\program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]

"PDF Complete"="c:\program\PDF Complete\pdfsty.exe" [2008-04-14 318488]

"hpWirelessAssistant"="c:\program\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"IntelZeroConfig"="c:\program\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]

"IntelWireless"="c:\program\Delade filer\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]

"HP Software Update"="c:\program\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Windows Defender"="c:\program\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2009-09-04 417792]

"MMTray"="MMTray.exe" [2001-11-09 53248]

"GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-02-18 248040]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-15 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BTTray.lnk - c:\program\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]

DVD Check.lnk - c:\program\InterVideo\DVD Check\DVDCheck.exe [2009-8-28 192512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2007-05-15 14:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2007-05-15 14:08 281088 ----a-w- c:\program\ActivIdentity\ActivClient\acunlock.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-04-21 17:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2007-02-07 01:30 74240 ----a-r- c:\program\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\APSHook.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ SbHpNp scecli

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\BitTorrent\\bittorrent.exe"=

"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program\\Mozilla Firefox\\firefox.exe"=

"c:\\Program\\Delade filer\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Documents and Settings\\Administratör\\Skrivbord\\spotify.exe"=

"c:\\Program\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-09-30 64288]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-04-22 100095]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-09 44720]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-03-29 13696]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-09-03 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-09-03 242896]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-04-22 5808]

R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 12872]

R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2009-11-23 68168]

R2 accoca;ActivClient Middleware Service;c:\program\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-04-21 308064]

R2 HP ProtectTools Service;HP ProtectTools Service;c:\program\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-10 18944]

R2 HpFkCryptService;Drive Encryption Service;c:\program\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1181328]

R2 pdfcDispatcher;PDF Document Manager;c:\program\PDF Complete\pdfsvc.exe [2007-10-16 576536]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-09-19 36608]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-09-19 682232]

S2 WinDefend;Windows Defender;c:\program\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 Com4QLBEx;Com4QLBEx;c:\program\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-08-28 193840]

S3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 12872]

S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-06-21 56448]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

Cognizance REG_MULTI_SZ ASBroker ASChannel

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 11:23 452136 ----a-w- c:\program\Delade filer\LightScribe\LSRunOnce.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:08]

 

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:08]

 

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:08]

 

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:08]

 

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:08]

 

2010-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office12\EXCEL.EXE/3000

IE: Skicka till &Bluetooth-enhet... - c:\program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Skicka till Bluetooth - c:\program\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\documents and settings\Administratör\Application Data\Mozilla\Firefox\Profiles\qb4coaf3.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - www.aftonbladet.se

FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=

FF - component: c:\program\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\program\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program\Voddler\plugin\npvoddler.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKCU-Run-NokiaOviSuite2 - c:\program\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

HKLM-Run-msg - c:\windows\msg.bat

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-16 22:32

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program\Hewlett-Packard\Default Settings\cpqset.exe?|( ??????????T??? ??????????|?M?|?????M?|&?@

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(956)

c:\program\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\ackpbsc.dll

c:\windows\system32\aclog.dll

c:\windows\system32\ACLIBEAY.dll

c:\windows\system32\acevtsub.dll

c:\windows\system32\asphat32.dll

c:\windows\system32\acerrmes.dll

c:\windows\system32\aspcom.dll

c:\program\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll

c:\program\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll

c:\program\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

c:\program\Hewlett-Packard\IAM\bin\ItMsg.dll

c:\program\Hewlett-Packard\IAM\Bin\TrayIcon.dll

c:\program\Hewlett-Packard\IAM\bin\HPBrand.dll

c:\program\Hewlett-Packard\IAM\Bin\ASChnl.dll

c:\program\Hewlett-Packard\IAM\Bin\ItDAC.dll

c:\program\Hewlett-Packard\IAM\Bin\ItReports.DLL

c:\program\Hewlett-Packard\IAM\Bin\BioAuth.dll

c:\program\Hewlett-Packard\IAM\Bin\ASBIoAT.dll

c:\program\Hewlett-Packard\IAM\Bin\ittal.dll

c:\program\Hewlett-Packard\IAM\Bin\STEngine.dll

c:\program\Hewlett-Packard\IAM\Bin\ItVCClient.dll

c:\program\Hewlett-Packard\IAM\Bin\AuthWiz.dll

c:\windows\SbHpNp.DLL

c:\program\ActivIdentity\ActivClient\acunlock.dll

c:\windows\system32\aipingui.dll

c:\program\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll

c:\program\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

 

- - - - - - - > 'lsass.exe'(1016)

c:\windows\SbHpNp.dll

.

Sluttid: 2010-05-16 22:34:04

ComboFix-quarantined-files.txt 2010-05-16 20:34

ComboFix2.txt 2010-05-16 19:03

 

Före genomsökningen: 15 383 539 712 byte ledigt

Efter genomsökningen: 15 351 717 888 byte ledigt

 

- - End Of File - - EEBD64247C17DD9F7EA34ABE5FC27D69

[swempisen80]

Nu är sakerna borta när jag startar datorn igen! Yes!

Nu är det bara ett problem som återstår.. När jag klickar på start fär att sedan kunna välja något program så kommer jag inte åt den listan... känns som någon har spärrat den.

Sedan om man öppnar t.ex. utforskaren så kan jag inte se Arkiv, redigera vertyg m.m

 

Tack Mats för din hjälp!

Att du inte startar företag för du är en jäkel på sånt här verkar det som!

Tack

[Mats H]

Hej,

tack för ditt omdömme!

 

Vi är inte riktigt färdiga här ännu tyvärr, vi ska börja med att städa lite!

Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och ComboFix kommer att avinstalleras, liksom detta program, efter en omstart av datorn. Ta bort programmen DDS och dess loggar också!

 

Ta bort alla tillfälliga filer genom att ladda ner ATF-Cleaner på Skrivbordet:

http://www.atribune..../click.php?id=1

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

 

Efter det starta om datorn och prova om du ka få hjälp med dina andra problem här:

Microsoft Fix it Center Online

 

Återkom med resultatet.

Mvh

Mats H

[Cecilia]

Övrigt

ABF software - http://www.abf-soft.com/

2010-05-15 20:49:59 0 d-----w- c:\program\ABF software

Skapades 10 minuter innan "skämtet", är det ngt som ska finnas kvar?

Kontrollera

Vad är det för program därifrån som har installerats?

[swempis]

Nej det ska tas bort, vet inte vad det är

[Mats H]

Hej,

gör så!

Har du provat om Microsoft tjänsten hjälper med de andra problem?

Om inte så finns här nog en lösning på detta:

http://support.microsoft.com/kb/962963

Tryck bara på Fix It, så ska det ordna sig förhoppningsvis.

Återkom med hur det gick!

Mvh

Mats H

[Mats H]

Hej,

när du avinstallerat ABF programmet, och kört Fix It från länken, återkom med en ny DDS!

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Mvh

Mats H