Just nu i M3-nätverket
Gå till innehåll

Rob..

Medlem
  • Antal inlägg

    118
  • Gick med

  • Senaste besök

Allt postat av Rob..

  1. Ajdå låter inte bra. Dessvärre är det över min nivå o klona o stoppa in disken i en annan dator. det finns ingen möjlighet att göra på ngt annat sätt?
  2. Hej, Behöver hjälp med en HP 635 notebook PC som inte startar. Hamnar i ett läge där det står; "boot device not found please install an operating system on your hard disk hard disk 3f0 " har ingen backup/startskiva. Har googlat runt lite o då hamnade jag på ett ställe där de nämnde att man skulle enable legacy support. Men när jag letade runt i boot menu så hittade jag aldrig det. Är det ngn som vet om man kan få igång skrället?
  3. ja dator mår bättre nu! 21 april FRST.txt Addition 21 apr.txt
  4. Hej, det gjorde jag, den sa till om att det fanns en nyare version, men du menar att loggfilen är från den gamla versionen?
  5. Hej, Sen återkoppling, men här kommer loggen. AdwCleaner[S0].txt
  6. Hej, Har en gammal dator som går segt. Antar att jag har en massa skadliga program etc. Men har för dålig koll för att själva kunna avgöra det. Bifogar ngr filer från FRST. Hoppas på hjälp. Tack på förhand. Addition.txt FRST.txt
  7. Det har kommit upp som ett felmeddelande, men nu har det inte kommit upp så det kanske är borta? Bifogar loggarna Fixlog.txt
  8. winzip malwareprotector och free time formatfactory är avinstallerade. Ardunio vill jag ha kvar. Proxyservern ändrade jag när hade problem med elegitimation när jag skulle logga in på skattemydigheten, men den det kanske är fel. För problemt kvarstår fortfarande.
  9. Hej igen, Glad påsk också!! Bifogar filerna. AdwCleanerS0.txt scan.txt FRST.txt
  10. Hej, search protect gick att ta bort men inte selection tool. Gick inte att följa länken till adware, men jag hoppas jag googlade fram rätt.
  11. Hejsan, bifogar loggarna. Dessvärre gick det inte att köra DDS, programmet säger något om att det inte går att köra i compatiblity mode. FRST.txt Addition.txt
  12. hej, Mitt virusprogram varnar för denna fil Nengine.dll hur får jag bort den? Jag har säkert en massa annat skräp, kan någon hjälpa mig hur jag går vidare. Jag har Telias virusprogram. Tack på förhand!
  13. [log]. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by HP_Ägaren at 10:33:26 on 2012-05-27 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1527 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program\SUPERAntiSpyware\SASCORE.EXE C:\Program\Avira\AntiVir Desktop\avguard.exe C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program\Juniper Networks\Common Files\dsNcService.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program\Canon\CAL\CALMAIN.exe C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program\CyberLink\PowerCinema\PCMService.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\iTunes\iTunesHelper.exe C:\Program\Avira\AntiVir Desktop\avgnt.exe C:\Program\Net iD\iid.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Program\Personal\bin\Personal.exe C:\Program\WinZip\WZQKPICK.EXE C:\Program\Avira\AntiVir Desktop\avshadow.exe C:\Program\iPod\bin\iPodService.exe c:\windows\system\hpsysdrv.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.newsnow.co.uk/newsfeed/?name=Liverpool uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn\yt.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program\superantispyware\SUPERAntiSpyware.exe mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode mRun: [CTDVDDET] "c:\program\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE" mRun: [VolPanel] "c:\program\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r mRun: [AudioDrvEmulator] "c:\program\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [HPHUPD08] c:\program\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [PCMService] "c:\program\cyberlink\powercinema\PCMService.exe" mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [HP Software Update] c:\program\hp\hp software update\HPWuSchd2.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [TkBellExe] "c:\program\delade filer\real\update_ob\realsched.exe" -osboot mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Nikon Message Center 2] c:\program\nikon\nikon message center 2\NkMC2.exe -s mRun: [APSDaemon] "c:\program\delade filer\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program\avira\antivir desktop\avgnt.exe" /min mRun: [Net iD] "c:\program\net id\iid.exe" StartupFolder: c:\docume~1\hp_gar~1\start-~1\program\autost~1\monito~1.lnk - c:\program\eroom 7\ERClient7.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\hpdigi~1.lnk - c:\program\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\winzip~1.lnk - c:\program\winzip\WZQKPICK.EXE IE: E&xportera till Microsoft Excel - c:\program\micros~2\office11\EXCEL.EXE/3000 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://solid.seb.se/eRoomSetup/,DanaInfo=SEB-eRoom.sebank.se,SSL,CT=java+client.cab DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.postfoto.se/aurigma/ImageUploader4.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://83.150.146.111/activex/AxisCamControl.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.postfoto.se/upload/aurigma/ImageUploader4.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{7ECEC4FB-6BDC-4A9E-B1F8-14EEB72CAC9C} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BCEC40D1-52C3-4FC7-A317-86EA9E68A549} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program\belarc\advisor\system\BAVoilaX.dll Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-27 36000] R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program\superantispyware\SASCore.exe [2011-8-12 116608] R2 AntiVirSchedulerService;Avira Scheduler;c:\program\avira\antivir desktop\sched.exe [2012-3-27 86224] R2 AntiVirService;Avira Realtime Protection;c:\program\avira\antivir desktop\avguard.exe [2012-3-27 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-27 83392] R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [2006-10-12 17072] R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2010-7-15 1169104] R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2011-10-4 20736] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-1-1 2799488] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-1-1 468768] S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-1-5 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 257696] S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2010-1-5 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-9-26 100736] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-9 42368] S4 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\symantec\liveupdate\aluschedulersvc.exe" --> c:\program\symantec\liveupdate\ALUSchedulerSvc.exe [?] . =============== Created Last 30 ================ . 2012-05-22 15:17:40 -------- d-sha-r- C:\cmdcons 2012-05-22 15:11:24 98816 ----a-w- c:\windows\sed.exe 2012-05-22 15:11:24 518144 ----a-w- c:\windows\SWREG.exe 2012-05-03 05:13:36 -------- dc-h--w- c:\windows\ie8 . ==================== Find3M ==================== . 2012-05-08 19:26:42 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-05 18:08:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 18:08:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 13:55:27 2027520 ------w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55:17 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:55:03 2149376 ------w- c:\windows\system32\ntoskrnl.exe 2012-03-01 10:59:55 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 10:59:55 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 10:59:55 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:28 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:28 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:53 385024 ------w- c:\windows\system32\html.iec . ============= FINISH: 10:34:35.96 =============== [/log]
  14. [log]ComboFix 12-05-25.02 - HP_Ägaren 25/05/2012 17:13:02.24.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1393 [GMT 2:00] Körs från: c:\documents and settings\HP_Ägaren\Skrivbord\ComboFix.exe Kommandoväxlar som använts :: c:\documents and settings\HP_Ägaren\Skrivbord\CFScript.txt AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((( Filer skapade från 2012-04-25 till 2012-05-25 )))))))))))))))))))))))))))))) . . 2012-05-13 14:02 . 2012-05-21 20:19 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Akmi 2012-05-13 14:02 . 2012-05-13 14:02 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Xyissi 2012-05-13 14:02 . 2012-05-13 14:02 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Oxmuyc 2012-05-03 05:13 . 2012-05-03 05:15 -------- dc-h--w- c:\windows\ie8 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-08 19:26 . 2012-03-27 16:37 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-08 19:26 . 2012-03-27 16:37 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-05 18:08 . 2012-04-18 14:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 18:08 . 2011-05-23 17:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:55 . 2004-08-04 04:00 2027520 ------w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2004-08-04 04:00 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:55 . 2004-08-04 04:00 2149376 ------w- c:\windows\system32\ntoskrnl.exe 2012-03-01 10:59 . 2004-08-04 04:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 10:59 . 2004-08-04 04:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 10:59 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2004-08-04 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-04 04:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-08-04 04:00 385024 ------w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((( SnapShot@2012-05-22_15.33.03 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-25 15:23 . 2012-05-25 15:23 16384 c:\windows\temp\Perflib_Perfdata_7e8.dat . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "CTDVDDET"="c:\program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "VolPanel"="c:\program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "AudioDrvEmulator"="c:\program\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "CTHelper"="CTHELPER.EXE" [2005-08-08 16384] "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 18944] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "HPHUPD08"="c:\program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152] "PCMService"="c:\program\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 147456] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856] "HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2005-01-01 180269] "AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424] "nwiz"="c:\program\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "Nikon Message Center 2"="c:\program\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] "APSDaemon"="c:\program\Delade filer\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program\QuickTime\qttask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2011-12-08 421736] "avgnt"="c:\program\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624] "Net iD"="c:\program\Net iD\iid.exe" [2012-03-07 100160] . c:\documents and settings\Default User\Start-meny\Program\Autostart\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-1 27136] . c:\documents and settings\HP_Ägaren\Start-meny\Program\Autostart\ Monitor My eRooms (V7).lnk - c:\program\eRoom 7\ERClient7.exe [N/A] . c:\documents and settings\All Users\Start-meny\Program\Autostart\ HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Personal.lnk - c:\program\Personal\bin\Personal.exe [2010-4-27 939920] WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-11-30 608584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 11:41 294912 ----a-w- c:\program\SUPERAntiSpyware\SASWINLO.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-12-08 00:36 421736 ----a-w- c:\program\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 14:45 313472 ----a-r- c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoddlerNet Manager] 2010-07-15 12:27 638152 ----a-w- c:\program\Voddler\service\VNetManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program\\Spotify\\spotify.exe"= "c:\\Program\\RagTime 6.5\\Win32\\RagTime 6.5.exe"= "c:\\Program\\Voddler\\service\\voddler.exe"= "c:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program\\Bonjour\\mDNSResponder.exe"= "c:\\Program\\iTunes\\iTunes.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27/03/2012 18:37 36000] R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 13:53 5632] R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 32256] R2 AntiVirSchedulerService;Avira Scheduler;c:\program\Avira\AntiVir Desktop\sched.exe [27/03/2012 18:37 86224] R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [12/10/2006 18:08 17072] R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [15/07/2010 14:27 1169104] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [01/01/2005 21:20 2799488] R3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [01/01/2005 21:19 468768] S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?] S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [05/01/2010 14:52 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18/04/2012 16:28 257696] S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [05/01/2010 14:52 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [26/09/2011 17:59 100736] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [09/10/2010 13:42 42368] . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 18:08] . 2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34] . 2012-05-25 c:\windows\Tasks\Google Software Updater.job - c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 19:51] . 2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program\Google\Update\GoogleUpdate.exe [2010-01-05 12:52] . 2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program\Google\Update\GoogleUpdate.exe [2010-01-05 12:52] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.newsnow.co.uk/newsfeed/?name=Liverpool uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-25 17:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLL'er som "laddats" under processer som körs --------------------- . - - - - - - - > 'winlogon.exe'(576) c:\program\SUPERAntiSpyware\SASWINLO.dll . - - - - - - - > 'explorer.exe'(1024) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andra processer som körs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\System32\SCardSvr.exe c:\program\Avira\AntiVir Desktop\avguard.exe c:\program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program\Bonjour\mDNSResponder.exe c:\program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\windows\system32\CTsvcCDA.EXE c:\program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\program\Juniper Networks\Common Files\dsNcService.exe c:\program\Java\jre6\bin\jqs.exe c:\program\Delade filer\LightScribe\LSSrvc.exe c:\program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe c:\program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\program\Canon\CAL\CALMAIN.exe c:\windows\SYSTEM32\CTXFISPI.EXE c:\windows\system32\RUNDLL32.EXE c:\program\Avira\AntiVir Desktop\avshadow.exe c:\program\iPod\bin\iPodService.exe c:\windows\system\hpsysdrv.exe . ************************************************************************** . Sluttid: 2012-05-25 17:33:29 - datorn startades om. ComboFix-quarantined-files.txt 2012-05-25 15:33 ComboFix2.txt 2012-05-23 05:24 ComboFix3.txt 2012-05-22 18:57 ComboFix4.txt 2012-05-22 17:34 ComboFix5.txt 2012-05-25 15:11 . Före genomsökningen: 104,944,865,280 byte ledigt Efter genomsökningen: 105,075,589,120 byte ledigt . - - End Of File - - 5EF3FE9AFF7F5AA897C962CA30CB2671 [/log] ja så ser jag det. internet explorer. ny logg
  15. ok jag behövde lägga in radbrytningar för att det skulle se ut som det du visade. Så jag antar att det sabbade det hela, testar igen utan radbrytningar mitt i ett ord.
  16. [log]ComboFix 12-05-22.02 - HP_Ägaren 23/05/2012 7:05.23.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1413 [GMT 2:00] Körs från: c:\documents and settings\HP_Ägaren\Skrivbord\ComboFix.exe Kommandoväxlar som använts :: c:\documents and settings\HP_Ägaren\Skrivbord\CFScript.txt AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((( Filer skapade från 2012-04-23 till 2012-05-23 )))))))))))))))))))))))))))))) . . 2012-05-13 14:02 . 2012-05-21 20:19 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Akmi 2012-05-13 14:02 . 2012-05-13 14:02 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Xyissi 2012-05-13 14:02 . 2012-05-13 14:02 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Oxmuyc 2012-05-03 05:13 . 2012-05-03 05:15 -------- dc-h--w- c:\windows\ie8 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-08 19:26 . 2012-03-27 16:37 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-08 19:26 . 2012-03-27 16:37 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-05 18:08 . 2012-04-18 14:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 18:08 . 2011-05-23 17:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:55 . 2004-08-04 04:00 2027520 ------w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2004-08-04 04:00 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:55 . 2004-08-04 04:00 2149376 ------w- c:\windows\system32\ntoskrnl.exe 2012-03-01 10:59 . 2004-08-04 04:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 10:59 . 2004-08-04 04:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 10:59 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2004-08-04 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-04 04:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-08-04 04:00 385024 ------w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((( SnapShot@2012-05-22_15.33.03 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-23 05:17 . 2012-05-23 05:17 16384 c:\windows\temp\Perflib_Perfdata_7ec.dat . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "CTDVDDET"="c:\program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "VolPanel"="c:\program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "AudioDrvEmulator"="c:\program\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "CTHelper"="CTHELPER.EXE" [2005-08-08 16384] "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 18944] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "HPHUPD08"="c:\program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152] "PCMService"="c:\program\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 147456] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856] "HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2005-01-01 180269] "AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424] "nwiz"="c:\program\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "Nikon Message Center 2"="c:\program\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] "APSDaemon"="c:\program\Delade filer\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program\QuickTime\qttask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2011-12-08 421736] "avgnt"="c:\program\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624] "Net iD"="c:\program\Net iD\iid.exe" [2012-03-07 100160] . c:\documents and settings\Default User\Start-meny\Program\Autostart\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-1 27136] . c:\documents and settings\HP_Ägaren\Start-meny\Program\Autostart\ Monitor My eRooms (V7).lnk - c:\program\eRoom 7\ERClient7.exe [N/A] . c:\documents and settings\All Users\Start-meny\Program\Autostart\ HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Personal.lnk - c:\program\Personal\bin\Personal.exe [2010-4-27 939920] WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-11-30 608584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 11:41 294912 ----a-w- c:\program\SUPERAntiSpyware\SASWINLO.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-12-08 00:36 421736 ----a-w- c:\program\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 14:45 313472 ----a-r- c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoddlerNet Manager] 2010-07-15 12:27 638152 ----a-w- c:\program\Voddler\service\VNetManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program\\Spotify\\spotify.exe"= "c:\\Program\\RagTime 6.5\\Win32\\RagTime 6.5.exe"= "c:\\Program\\Voddler\\service\\voddler.exe"= "c:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program\\Bonjour\\mDNSResponder.exe"= "c:\\Program\\iTunes\\iTunes.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27/03/2012 18:37 36000] R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 13:53 5632] R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 32256] R2 AntiVirSchedulerService;Avira Scheduler;c:\program\Avira\AntiVir Desktop\sched.exe [27/03/2012 18:37 86224] R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [12/10/2006 18:08 17072] R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [15/07/2010 14:27 1169104] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [01/01/2005 21:20 2799488] R3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [01/01/2005 21:19 468768] S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?] S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [05/01/2010 14:52 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18/04/2012 16:28 257696] S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [05/01/2010 14:52 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [26/09/2011 17:59 100736] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [09/10/2010 13:42 42368] . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 18:08] . 2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34] . 2012-05-18 c:\windows\Tasks\Google Software Updater.job - c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 19:51] . 2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program\Google\Update\GoogleUpdate.exe [2010-01-05 12:52] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program\Google\Update\GoogleUpdate.exe [2010-01-05 12:52] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.newsnow.co.uk/newsfeed/?name=Liverpool uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-23 07:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLL'er som "laddats" under processer som körs --------------------- . - - - - - - - > 'winlogon.exe'(576) c:\program\SUPERAntiSpyware\SASWINLO.dll . - - - - - - - > 'explorer.exe'(2604) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andra processer som körs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\System32\SCardSvr.exe c:\program\Avira\AntiVir Desktop\avguard.exe c:\program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program\Bonjour\mDNSResponder.exe c:\program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\windows\system32\CTsvcCDA.EXE c:\program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\program\Juniper Networks\Common Files\dsNcService.exe c:\program\Java\jre6\bin\jqs.exe c:\program\Delade filer\LightScribe\LSSrvc.exe c:\program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe c:\program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\program\Canon\CAL\CALMAIN.exe c:\windows\SYSTEM32\CTXFISPI.EXE c:\windows\system32\RUNDLL32.EXE c:\program\Avira\AntiVir Desktop\avshadow.exe c:\program\iPod\bin\iPodService.exe c:\windows\system\hpsysdrv.exe . ************************************************************************** . Sluttid: 2012-05-23 07:24:57 - datorn startades om. ComboFix-quarantined-files.txt 2012-05-23 05:24 ComboFix2.txt 2012-05-22 18:57 ComboFix3.txt 2012-05-22 17:34 ComboFix4.txt 2012-05-22 15:36 . Före genomsökningen: 105,063,292,928 byte ledigt Efter genomsökningen: 105,153,941,504 byte ledigt . - - End Of File - - BC4ABAEE4C1C277765670DFD60F61092 [/log]ny logg
  17. Hittar inget symantecprogram [log]ComboFix 12-05-22.02 - HP_Ägaren 22/05/2012 19:15:58.21.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1477 [GMT 2:00] Körs från: c:\documents and settings\HP_Ägaren\Skrivbord\ComboFix.exe Kommandoväxlar som använts :: c:\documents and settings\HP_Ägaren\Skrivbord\CFScript.txt AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((( Filer skapade från 2012-04-22 till 2012-05-22 )))))))))))))))))))))))))))))) . . 2012-05-13 14:02 . 2012-05-21 20:19 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Akmi 2012-05-13 14:02 . 2012-05-13 14:02 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Xyissi 2012-05-13 14:02 . 2012-05-13 14:02 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Oxmuyc 2012-05-03 05:13 . 2012-05-03 05:15 -------- dc-h--w- c:\windows\ie8 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-08 19:26 . 2012-03-27 16:37 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-08 19:26 . 2012-03-27 16:37 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-05 18:08 . 2012-04-18 14:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 18:08 . 2011-05-23 17:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:55 . 2004-08-04 04:00 2027520 ------w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2004-08-04 04:00 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:55 . 2004-08-04 04:00 2149376 ------w- c:\windows\system32\ntoskrnl.exe 2012-03-01 10:59 . 2004-08-04 04:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 10:59 . 2004-08-04 04:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 10:59 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2004-08-04 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-04 04:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-08-04 04:00 385024 ------w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((( SnapShot@2012-05-22_15.33.03 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-22 17:26 . 2012-05-22 17:26 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "CTDVDDET"="c:\program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "VolPanel"="c:\program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "AudioDrvEmulator"="c:\program\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "CTHelper"="CTHELPER.EXE" [2005-08-08 16384] "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 18944] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "HPHUPD08"="c:\program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152] "PCMService"="c:\program\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 147456] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856] "HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2005-01-01 180269] "AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424] "nwiz"="c:\program\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "Nikon Message Center 2"="c:\program\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] "APSDaemon"="c:\program\Delade filer\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program\QuickTime\qttask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2011-12-08 421736] "avgnt"="c:\program\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624] "Net iD"="c:\program\Net iD\iid.exe" [2012-03-07 100160] . c:\documents and settings\Default User\Start-meny\Program\Autostart\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-1 27136] . c:\documents and settings\HP_Ägaren\Start-meny\Program\Autostart\ Monitor My eRooms (V7).lnk - c:\program\eRoom 7\ERClient7.exe [N/A] . c:\documents and settings\All Users\Start-meny\Program\Autostart\ HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Personal.lnk - c:\program\Personal\bin\Personal.exe [2010-4-27 939920] WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-11-30 608584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 11:41 294912 ----a-w- c:\program\SUPERAntiSpyware\SASWINLO.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-12-08 00:36 421736 ----a-w- c:\program\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 14:45 313472 ----a-r- c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoddlerNet Manager] 2010-07-15 12:27 638152 ----a-w- c:\program\Voddler\service\VNetManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program\\Spotify\\spotify.exe"= "c:\\Program\\RagTime 6.5\\Win32\\RagTime 6.5.exe"= "c:\\Program\\Voddler\\service\\voddler.exe"= "c:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program\\Bonjour\\mDNSResponder.exe"= "c:\\Program\\iTunes\\iTunes.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27/03/2012 18:37 36000] R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 13:53 5632] R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 32256] R2 AntiVirSchedulerService;Avira Scheduler;c:\program\Avira\AntiVir Desktop\sched.exe [27/03/2012 18:37 86224] R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [12/10/2006 18:08 17072] R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [15/07/2010 14:27 1169104] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [01/01/2005 21:20 2799488] R3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [01/01/2005 21:19 468768] S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?] S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [05/01/2010 14:52 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18/04/2012 16:28 257696] S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [05/01/2010 14:52 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [26/09/2011 17:59 100736] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [09/10/2010 13:42 42368] . --- Övriga tjänster/drivrutiner i minnet --- . *NewlyCreated* - WS2IFSL . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 18:08] . 2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34] . 2012-05-18 c:\windows\Tasks\Google Software Updater.job - c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 19:51] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program\Google\Update\GoogleUpdate.exe [2010-01-05 12:52] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program\Google\Update\GoogleUpdate.exe [2010-01-05 12:52] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.newsnow.co.uk/newsfeed/?name=Liverpool uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-22 19:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLL'er som "laddats" under processer som körs --------------------- . - - - - - - - > 'winlogon.exe'(576) c:\program\SUPERAntiSpyware\SASWINLO.dll . - - - - - - - > 'explorer.exe'(868) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andra processer som körs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\System32\SCardSvr.exe c:\program\Avira\AntiVir Desktop\avguard.exe c:\program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program\Bonjour\mDNSResponder.exe c:\program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\windows\system32\CTsvcCDA.EXE c:\program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\program\Juniper Networks\Common Files\dsNcService.exe c:\program\Java\jre6\bin\jqs.exe c:\program\Delade filer\LightScribe\LSSrvc.exe c:\program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe c:\program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\program\Canon\CAL\CALMAIN.exe c:\windows\SYSTEM32\CTXFISPI.EXE c:\windows\system32\RUNDLL32.EXE c:\program\Avira\AntiVir Desktop\avshadow.exe c:\program\iPod\bin\iPodService.exe c:\windows\system\hpsysdrv.exe . ************************************************************************** . Sluttid: 2012-05-22 19:34:01 - datorn startades om. ComboFix-quarantined-files.txt 2012-05-22 17:33 ComboFix2.txt 2012-05-22 15:36 . Före genomsökningen: 105,109,028,864 byte ledigt Efter genomsökningen: 105,099,845,632 byte ledigt . - - End Of File - - 413D15DCEFB6E016ECBD33970E904F72 [/log] [log]. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by HP_Ägaren at 19:42:57 on 2012-05-22 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1257 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program\Avira\AntiVir Desktop\avguard.exe C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program\Juniper Networks\Common Files\dsNcService.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program\Canon\CAL\CALMAIN.exe C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program\Creative\Shared Files\Module Loader\DLLML.exe C:\Program\CyberLink\PowerCinema\PCMService.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\iTunes\iTunesHelper.exe C:\Program\Avira\AntiVir Desktop\avgnt.exe C:\Program\Net iD\iid.exe C:\Program\Avira\AntiVir Desktop\avshadow.exe C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Program\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe c:\windows\system\hpsysdrv.exe C:\Program\Personal\bin\Personal.exe C:\Program\WinZip\WZQKPICK.EXE C:\WINDOWS\explorer.exe C:\Program\Safari\Safari.exe C:\Program\Delade filer\Apple\Apple Application Support\WebKit2WebProcess.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.newsnow.co.uk/newsfeed/?name=Liverpool uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn\yt.dll uRun: [sUPERAntiSpyware] c:\program\superantispyware\SUPERAntiSpyware.exe mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode mRun: [CTDVDDET] "c:\program\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE" mRun: [VolPanel] "c:\program\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r mRun: [AudioDrvEmulator] "c:\program\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [HPHUPD08] c:\program\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [PCMService] "c:\program\cyberlink\powercinema\PCMService.exe" mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [HP Software Update] c:\program\hp\hp software update\HPWuSchd2.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [TkBellExe] "c:\program\delade filer\real\update_ob\realsched.exe" -osboot mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Nikon Message Center 2] c:\program\nikon\nikon message center 2\NkMC2.exe -s mRun: [APSDaemon] "c:\program\delade filer\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program\avira\antivir desktop\avgnt.exe" /min mRun: [Net iD] "c:\program\net id\iid.exe" StartupFolder: c:\docume~1\hp_gar~1\start-~1\program\autost~1\monito~1.lnk - c:\program\eroom 7\ERClient7.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\hpdigi~1.lnk - c:\program\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\winzip~1.lnk - c:\program\winzip\WZQKPICK.EXE IE: E&xportera till Microsoft Excel - c:\program\micros~2\office11\EXCEL.EXE/3000 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://solid.seb.se/eRoomSetup/,DanaInfo=SEB-eRoom.sebank.se,SSL,CT=java+client.cab DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.postfoto.se/aurigma/ImageUploader4.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://83.150.146.111/activex/AxisCamControl.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.postfoto.se/upload/aurigma/ImageUploader4.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{7ECEC4FB-6BDC-4A9E-B1F8-14EEB72CAC9C} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BCEC40D1-52C3-4FC7-A317-86EA9E68A549} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program\belarc\advisor\system\BAVoilaX.dll Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-27 36000] R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\sasdifsv.sys [2006-10-10 5632] R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2007-2-27 32256] R2 AntiVirSchedulerService;Avira Scheduler;c:\program\avira\antivir desktop\sched.exe [2012-3-27 86224] R2 AntiVirService;Avira Realtime Protection;c:\program\avira\antivir desktop\avguard.exe [2012-3-27 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-27 83392] R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [2006-10-12 17072] R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2010-7-15 1169104] R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2011-10-4 20736] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-1-1 2799488] R3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2006-2-16 4096] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-1-1 468768] S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\symantec\liveupdate\aluschedulersvc.exe" --> c:\program\symantec\liveupdate\ALUSchedulerSvc.exe [?] S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-1-5 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 257696] S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2010-1-5 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-9-26 100736] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-9 42368] . =============== Created Last 30 ================ . 2012-05-22 15:17:40 -------- d-sha-r- C:\cmdcons 2012-05-22 15:11:24 98816 ----a-w- c:\windows\sed.exe 2012-05-22 15:11:24 518144 ----a-w- c:\windows\SWREG.exe 2012-05-13 14:02:50 -------- d-----w- c:\documents and settings\hp_ägaren\application data\Xyissi 2012-05-13 14:02:50 -------- d-----w- c:\documents and settings\hp_ägaren\application data\Oxmuyc 2012-05-13 14:02:50 -------- d-----w- c:\documents and settings\hp_ägaren\application data\Akmi 2012-05-03 05:13:36 -------- dc-h--w- c:\windows\ie8 . ==================== Find3M ==================== . 2012-05-08 19:26:42 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-05 18:08:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 18:08:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 13:55:27 2027520 ------w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55:17 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:55:03 2149376 ------w- c:\windows\system32\ntoskrnl.exe 2012-03-01 10:59:55 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 10:59:55 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 10:59:55 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:28 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:28 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:53 385024 ------w- c:\windows\system32\html.iec . ============= FINISH: 19:43:13.26 =============== [/log]
  18. här kommer loggen. [log]ComboFix 12-05-22.02 - HP_Ägaren 22/05/2012 17:23:30.20.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1532 [GMT 2:00] Körs från: c:\documents and settings\HP_Ägaren\Skrivbord\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\1472880313 c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Default User\WINDOWS c:\program\TelevisionFanaticEI c:\program\TelevisionFanaticEI\Installr\2.bin\64EIPlug.dll c:\program\TelevisionFanaticEI\Installr\2.bin\64EZSETP.dll c:\program\TelevisionFanaticEI\Installr\2.bin\NP64EISb.dll c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\SET224.tmp c:\windows\system32\SET230.tmp c:\windows\system32\SET23D.tmp . . (((((((((((((((((((((((( Filer skapade från 2012-04-22 till 2012-05-22 )))))))))))))))))))))))))))))) . . 2012-05-13 14:02 . 2012-05-21 20:19 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Akmi 2012-05-13 14:02 . 2012-05-13 14:02 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Xyissi 2012-05-13 14:02 . 2012-05-13 14:02 -------- d-----w- c:\documents and settings\HP_Ägaren\Application Data\Oxmuyc 2012-05-03 05:13 . 2012-05-03 05:15 -------- dc-h--w- c:\windows\ie8 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-08 19:26 . 2012-03-27 16:37 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-08 19:26 . 2012-03-27 16:37 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-05 18:08 . 2012-04-18 14:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 18:08 . 2011-05-23 17:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:55 . 2004-08-04 04:00 2027520 ------w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2004-08-04 04:00 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:55 . 2004-08-04 04:00 2149376 ------w- c:\windows\system32\ntoskrnl.exe 2012-03-01 10:59 . 2004-08-04 04:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 10:59 . 2004-08-04 04:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 10:59 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2004-08-04 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-04 04:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-08-04 04:00 385024 ------w- c:\windows\system32\html.iec . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912] "Ymagnaiqeh"="c:\documents and settings\HP_Ägaren\Application Data\Oxmuyc\qyapy.exe" [2012-03-08 358912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "CTDVDDET"="c:\program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "VolPanel"="c:\program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "AudioDrvEmulator"="c:\program\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "CTHelper"="CTHELPER.EXE" [2005-08-08 16384] "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 18944] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "HPHUPD08"="c:\program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152] "PCMService"="c:\program\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 147456] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856] "HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2005-01-01 180269] "AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424] "nwiz"="c:\program\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "Nikon Message Center 2"="c:\program\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] "APSDaemon"="c:\program\Delade filer\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program\QuickTime\qttask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2011-12-08 421736] "avgnt"="c:\program\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624] "Net iD"="c:\program\Net iD\iid.exe" [2012-03-07 100160] . c:\documents and settings\Default User\Start-meny\Program\Autostart\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-1 27136] . c:\documents and settings\HP_Ägaren\Start-meny\Program\Autostart\ Monitor My eRooms (V7).lnk - c:\program\eRoom 7\ERClient7.exe [N/A] . c:\documents and settings\All Users\Start-meny\Program\Autostart\ HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Personal.lnk - c:\program\Personal\bin\Personal.exe [2010-4-27 939920] WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-11-30 608584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 11:41 294912 ----a-w- c:\program\SUPERAntiSpyware\SASWINLO.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-12-08 00:36 421736 ----a-w- c:\program\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 14:45 313472 ----a-r- c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoddlerNet Manager] 2010-07-15 12:27 638152 ----a-w- c:\program\Voddler\service\VNetManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program\\Spotify\\spotify.exe"= "c:\\Program\\RagTime 6.5\\Win32\\RagTime 6.5.exe"= "c:\\Program\\Voddler\\service\\voddler.exe"= "c:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program\\Bonjour\\mDNSResponder.exe"= "c:\\Program\\iTunes\\iTunes.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27/03/2012 18:37 36000] R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 13:53 5632] R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 32256] R2 AntiVirSchedulerService;Avira Scheduler;c:\program\Avira\AntiVir Desktop\sched.exe [27/03/2012 18:37 86224] R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [12/10/2006 18:08 17072] R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [15/07/2010 14:27 1169104] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [01/01/2005 21:20 2799488] R3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [01/01/2005 21:19 468768] S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?] S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [05/01/2010 14:52 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18/04/2012 16:28 257696] S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [05/01/2010 14:52 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [26/09/2011 17:59 100736] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [09/10/2010 13:42 42368] . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 18:08] . 2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34] . 2012-05-18 c:\windows\Tasks\Google Software Updater.job - c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 19:51] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program\Google\Update\GoogleUpdate.exe [2010-01-05 12:52] . 2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program\Google\Update\GoogleUpdate.exe [2010-01-05 12:52] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.newsnow.co.uk/newsfeed/?name=Liverpool uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-22 17:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLL'er som "laddats" under processer som körs --------------------- . - - - - - - - > 'winlogon.exe'(572) c:\program\SUPERAntiSpyware\SASWINLO.dll . Sluttid: 2012-05-22 17:36:47 ComboFix-quarantined-files.txt 2012-05-22 15:36 . Före genomsökningen: 104,670,543,872 byte ledigt Efter genomsökningen: 105,112,813,568 byte ledigt . WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - AB2B8B16FB94C40F4048B895BAC94C2E [/log]
×
×
  • Skapa nytt...