Just nu i M3-nätverket
Gå till innehåll

ebla

Medlem
  • Antal inlägg

    86
  • Gick med

  • Senaste besök

Om ebla

  • Medlemstitel
    Användare

Profil

  • Ort
    Östersund
  1. Tack för all information och hjälp! Här är aswMBR-loggen: aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-11-09 14:04:48 ----------------------------- 14:04:48.031 OS Version: Windows 6.1.7600 14:04:48.031 Number of processors: 2 586 0xF06 14:04:48.031 ComputerName: DATIS UserName: ebla 14:04:51.791 Initialize success 14:08:29.514 AVAST engine defs: 11110900 14:10:07.279 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000005d 14:10:07.279 Disk 0 Vendor: HDT72252 V44O Size: 238475MB BusType: 3 14:10:07.279 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000005e 14:10:07.279 Disk 1 Vendor: Maxtor_6 BANC Size: 194481MB BusType: 3 14:10:07.295 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000005f 14:10:07.295 Disk 2 Vendor: Maxtor_6 BANC Size: 194481MB BusType: 3 14:10:09.307 Disk 1 MBR read successfully 14:10:09.307 Disk 1 MBR scan 14:10:09.307 Disk 1 unknown MBR code 14:10:09.323 Disk 1 scanning sectors +398283480 14:10:09.370 Disk 1 scanning C:\Windows\system32\drivers 14:10:16.561 Service scanning 14:10:18.090 Modules scanning 14:10:22.240 Disk 1 trace - called modules: 14:10:22.271 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys 14:10:22.286 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85872030] 14:10:22.286 3 CLASSPNP.SYS[88bdc59e] -> nt!IofCallDriver -> [0x851b91c8] 14:10:22.286 5 ACPI.sys[8868b3b2] -> nt!IofCallDriver -> \Device\0000005e[0x85561470] 14:10:23.129 AVAST engine scan C:\Windows 14:10:24.439 AVAST engine scan C:\Windows\system32 14:11:56.386 AVAST engine scan C:\Windows\system32\drivers 14:12:04.716 AVAST engine scan C:\Users\ebla 14:12:48.443 AVAST engine scan C:\ProgramData 14:12:56.321 Scan finished successfully 14:13:18.816 Disk 1 MBR has been saved successfully to "C:\Users\ebla\Desktop\MBR.dat" 14:13:18.832 The log file has been saved successfully to "C:\Users\ebla\Desktop\aswMBR.txt"
  2. Hej igen! Det fick bli ominstallation. Jag kör nu Windows 7 Ultimate. Vill du titta på den här DDS-loggen och se om allt ser okej ut? . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 Run by ebla at 9:19:34 on 2011-11-09 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.2047.1229 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe C:\Windows\system32\sppsvc.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\PostgreSQL\8.4\bin\postgres.exe C:\Windows\system32\conhost.exe C:\Program Files\PostgreSQL\8.4\bin\postgres.exe C:\Program Files\PostgreSQL\8.4\bin\postgres.exe C:\Program Files\PostgreSQL\8.4\bin\postgres.exe C:\Program Files\PostgreSQL\8.4\bin\postgres.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\AVG\AVG2012\avgtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\rundll32.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Users\ebla\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ebla\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ebla\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ebla\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\ebla\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll uRun: [Google Update] "c:\users\ebla\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2A775DA1-D396-4102-AE48-D54981DFDF92} : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] . =============== Created Last 30 ================ . 2011-11-09 04:03:41 -------- d-----w- c:\windows\Panther 2011-11-09 03:54:53 -------- d-----w- C:\Windows.old.000 2011-11-09 00:34:28 -------- d-----w- C:\Windows.old 2011-11-08 22:15:17 -------- d-----w- c:\program files\TableNinja 2011-11-08 22:13:44 -------- d-----w- c:\users\ebla\appdata\local\In The Money 2011-11-08 22:13:44 -------- d-----w- C:\HMArchive 2011-11-08 22:13:13 -------- d-----w- c:\programdata\XHEO INC 2011-11-08 22:08:26 -------- d-----w- c:\users\ebla\appdata\local\IsolatedStorage 2011-11-08 22:08:25 -------- d-----w- c:\users\ebla\appdata\roaming\HEM Data 2011-11-08 22:05:28 -------- d-----w- c:\program files\PostgreSQL 2011-11-08 22:02:58 -------- d-----w- c:\program files\RVG Software 2011-11-08 22:02:00 -------- d-----w- c:\program files\PSQLINSTALL 2011-11-08 21:40:34 -------- d-----w- c:\users\ebla\appdata\roaming\AVG2012 2011-11-08 21:38:53 -------- d-----w- c:\windows\system32\drivers\AVG 2011-11-08 21:38:53 -------- d-----w- c:\programdata\AVG2012 2011-11-08 21:38:05 -------- d-----w- c:\program files\AVG 2011-11-08 21:16:20 -------- d--h--w- c:\programdata\Common Files 2011-11-08 21:12:27 -------- d-----w- c:\program files\ATI Technologies 2011-11-08 21:12:22 -------- d-----w- c:\program files\ATI 2011-11-08 21:11:22 -------- d-----w- C:\ATI 2011-11-08 21:04:59 -------- d-----w- c:\programdata\MFAData 2011-11-08 21:04:54 -------- d-----w- c:\users\ebla\appdata\local\Google 2011-11-08 21:04:32 -------- d-----w- c:\users\ebla\appdata\local\Deployment 2011-11-08 21:04:32 -------- d-----w- c:\users\ebla\appdata\local\Apps 2011-11-08 20:50:55 -------- d-----r- c:\program files\Skype 2011-11-08 20:50:52 -------- d-sh--w- c:\windows\Installer 2011-11-08 20:43:25 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{034a055c-bcec-4258-bdb5-c836c9609d2b}\mpengine.dll 2011-11-08 20:43:24 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-08 20:30:54 172032 ----a-w- c:\windows\system32\wintrust.dll 2011-11-08 20:30:53 132608 ----a-w- c:\windows\system32\cabview.dll 2011-11-08 20:29:03 -------- d-----w- c:\windows\system32\wbem\Performance 2011-11-08 20:22:56 -------- d-sh--w- C:\Recovery 2011-11-08 19:07:34 0 ----a-w- c:\windows\ativpsrm.bin . ==================== Find3M ==================== . 2011-10-07 05:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-10-04 05:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . ============= FINISH: 9:19:58,23 =============== Bifogar attach.txt. Tar tacksamt emot tips på gratis virusprogram och liknande samt tips på hur ofta man ska köra scanningar i framtiden för att slippa sånt här. Attach.txt
  3. Jag körde MBRCheck och fick bluescreen och nu går datorn inte att starta utan kör fast innan windows startats. Skärmen är svart med en blinkande vit markör. Sitter på flickvännens laptop nu..
  4. Hänger inte med riktigt nu, ska jag läsa posterna på forumen du länkat till? Jag har inte tillgång till det första. Ska jag följa instruktionerna i post #28 på den andra länken du skickade? Eller ska jag bara bortse från länkarna och köra MBRCheck enligt instruktionerna du skickade?
  5. 1. Det finns ingen skiva i E:? 2. Fixat. 3. Fick inte upp nån varning om rootkit så gjorde scannen. Den tog dock bara nån minut innan den var klar, gör jag något fel? Logg: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-07 09:55:28 Windows 5.1.2600 Service Pack 3 Running: ksq0dc9f.exe; Driver: C:\DOCUME~1\Ebla\LOKALA~1\Temp\kwtdapod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9DEB4F3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9DEB4FE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9DEB5080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9DEB511C] ---- Kernel code sections - GMER 1.0.15 ---- .sfrelocÿÿÿÿsfsync03unknown last section [0xBA0E5000, 0xA20, 0x40000040] C:\windows\system32\drivers\sfsync03.sys unknown last section [0xBA0E5000, 0xA20, 0x40000040] .text C:\windows\system32\DRIVERS\ati2mtag.sys section is writeable [0xB85A6000, 0x1C5D58, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\prodrv06 \Device\ProDrv06 E22D6008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\nvata \Device\00000080 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\prohlp02 \Device\ProHlp02 E188DCC0 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\nvata \Device\NvAta0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\nvata \Device\NvAta1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\nvata \Device\0000007c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\nvata \Device\0000007d prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4C 0xE6 0x8C 0xD6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0xBF 0xE4 0x8C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x19 0xEC 0xB1 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x55 0xDF 0x6F 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xE8 0x25 0x26 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x92 0xBF 0xB3 0x85 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4C 0xE6 0x8C 0xD6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0xBF 0xE4 0x8C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE3 0xEA 0x25 0xFA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x55 0xDF 0x6F 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xE8 0x25 0x26 0x75 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x92 0xBF 0xB3 0x85 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4C 0xE6 0x8C 0xD6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0xBF 0xE4 0x8C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x19 0xEC 0xB1 0x4F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x55 0xDF 0x6F 0xB2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xE8 0x25 0x26 0x75 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x92 0xBF 0xB3 0x85 ... ---- EOF - GMER 1.0.15 ----
  6. 1. Samtliga hårddiskar är interna. E: är en DVD-RW-enhet. 2. Klart, inget felmeddelande. 3. http://www.virustotal.com/file-scan/report.html?id=5f7b98e0fd59ef5482050507e51308f409dc696660fe95af37780e28ac65762c-1320607442 4. Nej, aldrig. Möjligen kan han som ägde datorn innan mig ha gjort det.
  7. TDSSkiller-logg: 18:42:08.0656 3096 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49 18:42:08.0890 3096 ============================================================ 18:42:08.0890 3096 Current date / time: 2011/11/06 18:42:08.0890 18:42:08.0890 3096 SystemInfo: 18:42:08.0890 3096 18:42:08.0890 3096 OS Version: 5.1.2600 ServicePack: 3.0 18:42:08.0890 3096 Product type: Workstation 18:42:08.0890 3096 ComputerName: LOLISH 18:42:08.0890 3096 UserName: Ebla 18:42:08.0890 3096 Windows directory: C:\windows 18:42:08.0890 3096 System windows directory: C:\windows 18:42:08.0890 3096 Processor architecture: Intel x86 18:42:08.0890 3096 Number of processors: 2 18:42:08.0890 3096 Page size: 0x1000 18:42:08.0890 3096 Boot type: Normal boot 18:42:08.0890 3096 ============================================================ 18:42:09.0359 3096 Initialize success 18:42:21.0859 1240 ============================================================ 18:42:21.0859 1240 Scan started 18:42:21.0859 1240 Mode: Manual; 18:42:21.0859 1240 ============================================================ 18:42:22.0281 1240 Abiosdsk - ok 18:42:22.0312 1240 abp480n5 - ok 18:42:22.0390 1240 ACPI (48547e29772befe3c554ff5e4855bf51) C:\windows\system32\DRIVERS\ACPI.sys 18:42:22.0390 1240 ACPI - ok 18:42:22.0437 1240 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\windows\system32\drivers\ACPIEC.sys 18:42:22.0437 1240 ACPIEC - ok 18:42:22.0515 1240 adpu160m - ok 18:42:22.0562 1240 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys 18:42:22.0578 1240 aec - ok 18:42:22.0625 1240 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys 18:42:22.0687 1240 AFD - ok 18:42:22.0750 1240 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\windows\system32\drivers\AFS2K.sys 18:42:22.0750 1240 AFS2K - ok 18:42:22.0781 1240 Aha154x - ok 18:42:22.0812 1240 aic78u2 - ok 18:42:22.0859 1240 aic78xx - ok 18:42:22.0921 1240 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\windows\system32\drivers\ALCXSENS.SYS 18:42:22.0937 1240 ALCXSENS - ok 18:42:23.0046 1240 ALCXWDM (5ff6f7e58c798f1474c0bbffc23cb78d) C:\windows\system32\drivers\ALCXWDM.SYS 18:42:23.0062 1240 ALCXWDM - ok 18:42:23.0171 1240 AliIde - ok 18:42:23.0234 1240 AmdK8 (d7e6de8f676cf3a387f75e9ab404f7a4) C:\windows\system32\DRIVERS\AmdK8.sys 18:42:23.0234 1240 AmdK8 - ok 18:42:23.0281 1240 amsint - ok 18:42:23.0343 1240 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys 18:42:23.0343 1240 Arp1394 - ok 18:42:23.0375 1240 asc - ok 18:42:23.0406 1240 asc3350p - ok 18:42:23.0437 1240 asc3550 - ok 18:42:23.0468 1240 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys 18:42:23.0484 1240 AsyncMac - ok 18:42:23.0562 1240 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys 18:42:23.0562 1240 atapi - ok 18:42:23.0593 1240 Atdisk - ok 18:42:23.0796 1240 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\windows\system32\DRIVERS\ati2mtag.sys 18:42:23.0812 1240 ati2mtag - ok 18:42:24.0000 1240 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys 18:42:24.0000 1240 Atmarpc - ok 18:42:24.0093 1240 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys 18:42:24.0093 1240 audstub - ok 18:42:24.0187 1240 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys 18:42:24.0187 1240 AVGIDSDriver - ok 18:42:24.0234 1240 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\windows\system32\DRIVERS\AVGIDSEH.Sys 18:42:24.0234 1240 AVGIDSEH - ok 18:42:24.0281 1240 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys 18:42:24.0281 1240 AVGIDSFilter - ok 18:42:24.0328 1240 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\windows\system32\DRIVERS\AVGIDSShim.Sys 18:42:24.0328 1240 AVGIDSShim - ok 18:42:24.0390 1240 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\windows\system32\DRIVERS\avgldx86.sys 18:42:24.0390 1240 Avgldx86 - ok 18:42:24.0437 1240 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\windows\system32\DRIVERS\avgmfx86.sys 18:42:24.0437 1240 Avgmfx86 - ok 18:42:24.0500 1240 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\windows\system32\DRIVERS\avgrkx86.sys 18:42:24.0500 1240 Avgrkx86 - ok 18:42:24.0593 1240 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\windows\system32\DRIVERS\avgtdix.sys 18:42:24.0609 1240 Avgtdix - ok 18:42:24.0687 1240 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys 18:42:24.0687 1240 Beep - ok 18:42:24.0796 1240 catchme - ok 18:42:24.0859 1240 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys 18:42:24.0859 1240 cbidf2k - ok 18:42:24.0890 1240 cd20xrnt - ok 18:42:24.0937 1240 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys 18:42:24.0937 1240 Cdaudio - ok 18:42:25.0015 1240 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys 18:42:25.0031 1240 Cdfs - ok 18:42:25.0140 1240 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys 18:42:25.0140 1240 Cdrom - ok 18:42:25.0171 1240 Changer - ok 18:42:25.0218 1240 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\windows\system32\DRIVERS\cledx.sys 18:42:25.0218 1240 CLEDX - ok 18:42:25.0359 1240 CmdIde - ok 18:42:25.0468 1240 Cpqarray - ok 18:42:25.0546 1240 dac2w2k - ok 18:42:25.0578 1240 dac960nt - ok 18:42:25.0671 1240 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys 18:42:25.0671 1240 Disk - ok 18:42:25.0781 1240 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\windows\system32\drivers\dmboot.sys 18:42:25.0812 1240 dmboot - ok 18:42:25.0859 1240 dmio (41862731f82be80f0cfba5d0da36b683) C:\windows\system32\drivers\dmio.sys 18:42:25.0875 1240 dmio - ok 18:42:25.0937 1240 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys 18:42:25.0937 1240 dmload - ok 18:42:26.0046 1240 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys 18:42:26.0046 1240 DMusic - ok 18:42:26.0125 1240 dpti2o - ok 18:42:26.0171 1240 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys 18:42:26.0171 1240 drmkaud - ok 18:42:26.0250 1240 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\windows\System32\Drivers\dtscsi.sys 18:42:26.0250 1240 Suspicious file (NoAccess): C:\windows\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d 18:42:26.0250 1240 dtscsi ( LockedFile.Multi.Generic ) - warning 18:42:26.0250 1240 dtscsi - detected LockedFile.Multi.Generic (1) 18:42:26.0312 1240 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\windows\system32\DRIVERS\ENTECH.sys 18:42:26.0312 1240 ENTECH - ok 18:42:26.0375 1240 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys 18:42:26.0390 1240 Fastfat - ok 18:42:26.0437 1240 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys 18:42:26.0437 1240 Fdc - ok 18:42:26.0531 1240 FETNDISB (7c872fa5ce3147ec28daf7ae7f76ab37) C:\windows\system32\DRIVERS\dlkfet5b.sys 18:42:26.0531 1240 FETNDISB - ok 18:42:26.0687 1240 Fips (b66ddb75642f6722468707840c67a394) C:\windows\system32\drivers\Fips.sys 18:42:26.0687 1240 Fips - ok 18:42:26.0750 1240 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys 18:42:26.0750 1240 Flpydisk - ok 18:42:26.0812 1240 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys 18:42:26.0828 1240 FltMgr - ok 18:42:26.0875 1240 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys 18:42:26.0875 1240 Fs_Rec - ok 18:42:26.0937 1240 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\windows\system32\DRIVERS\ftdisk.sys 18:42:26.0937 1240 Ftdisk - ok 18:42:26.0937 1240 GMSIPCI - ok 18:42:26.0984 1240 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys 18:42:26.0984 1240 Gpc - ok 18:42:27.0046 1240 hamachi (7929a161f9951d173ca9900fe7067391) C:\windows\system32\DRIVERS\hamachi.sys 18:42:27.0062 1240 hamachi - ok 18:42:27.0187 1240 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys 18:42:27.0187 1240 HDAudBus - ok 18:42:27.0250 1240 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys 18:42:27.0250 1240 HidUsb - ok 18:42:27.0296 1240 hpn - ok 18:42:27.0359 1240 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys 18:42:27.0375 1240 HTTP - ok 18:42:27.0421 1240 i2omgmt - ok 18:42:27.0453 1240 i2omp - ok 18:42:27.0484 1240 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\windows\system32\DRIVERS\i8042prt.sys 18:42:27.0500 1240 i8042prt - ok 18:42:27.0531 1240 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys 18:42:27.0531 1240 Imapi - ok 18:42:27.0562 1240 ini910u - ok 18:42:27.0796 1240 IntcAzAudAddService (001aaca6ed0e6b00fc5b8faf74977e81) C:\windows\system32\drivers\RtkHDAud.sys 18:42:27.0828 1240 IntcAzAudAddService - ok 18:42:27.0937 1240 IntelIde - ok 18:42:28.0000 1240 intelppm (02431778e84a525d29929d14bab71d53) C:\windows\system32\DRIVERS\intelppm.sys 18:42:28.0000 1240 intelppm - ok 18:42:28.0062 1240 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys 18:42:28.0062 1240 Ip6Fw - ok 18:42:28.0234 1240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys 18:42:28.0234 1240 IpFilterDriver - ok 18:42:28.0390 1240 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys 18:42:28.0390 1240 IpInIp - ok 18:42:28.0593 1240 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys 18:42:28.0609 1240 IpNat - ok 18:42:28.0703 1240 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys 18:42:28.0703 1240 IPSec - ok 18:42:28.0828 1240 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys 18:42:28.0828 1240 IRENUM - ok 18:42:28.0906 1240 isapnp (48f97c77daf8811598cfae21368eacb6) C:\windows\system32\DRIVERS\isapnp.sys 18:42:28.0906 1240 isapnp - ok 18:42:29.0031 1240 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\windows\system32\DRIVERS\k750bus.sys 18:42:29.0031 1240 k750bus - ok 18:42:29.0140 1240 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\windows\system32\DRIVERS\k750mdfl.sys 18:42:29.0140 1240 k750mdfl - ok 18:42:29.0187 1240 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\windows\system32\DRIVERS\k750mdm.sys 18:42:29.0187 1240 k750mdm - ok 18:42:29.0265 1240 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\windows\system32\DRIVERS\k750mgmt.sys 18:42:29.0265 1240 k750mgmt - ok 18:42:29.0359 1240 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\windows\system32\DRIVERS\k750obex.sys 18:42:29.0359 1240 k750obex - ok 18:42:29.0421 1240 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\windows\system32\DRIVERS\kbdclass.sys 18:42:29.0421 1240 Kbdclass - ok 18:42:29.0515 1240 kbdhid (e1e28876fe7602b0a1d040354de35c06) C:\windows\system32\DRIVERS\kbdhid.sys 18:42:29.0531 1240 kbdhid - ok 18:42:29.0578 1240 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys 18:42:29.0593 1240 kmixer - ok 18:42:29.0687 1240 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys 18:42:29.0687 1240 KSecDD - ok 18:42:29.0718 1240 lbrtfdc - ok 18:42:29.0781 1240 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys 18:42:29.0781 1240 mnmdd - ok 18:42:29.0890 1240 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\windows\system32\drivers\Modem.sys 18:42:29.0890 1240 Modem - ok 18:42:29.0937 1240 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\windows\system32\DRIVERS\mouclass.sys 18:42:29.0937 1240 Mouclass - ok 18:42:30.0015 1240 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\windows\system32\DRIVERS\mouhid.sys 18:42:30.0015 1240 mouhid - ok 18:42:30.0062 1240 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys 18:42:30.0062 1240 MountMgr - ok 18:42:30.0125 1240 mraid35x - ok 18:42:30.0203 1240 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys 18:42:30.0203 1240 MRxDAV - ok 18:42:30.0265 1240 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys 18:42:30.0281 1240 MRxSmb - ok 18:42:30.0312 1240 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys 18:42:30.0328 1240 Msfs - ok 18:42:30.0328 1240 MSICPL - ok 18:42:30.0375 1240 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys 18:42:30.0375 1240 MSKSSRV - ok 18:42:30.0437 1240 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys 18:42:30.0437 1240 MSPCLOCK - ok 18:42:30.0500 1240 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys 18:42:30.0500 1240 MSPQM - ok 18:42:30.0562 1240 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys 18:42:30.0562 1240 mssmbios - ok 18:42:30.0687 1240 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys 18:42:30.0687 1240 Mup - ok 18:42:30.0781 1240 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys 18:42:30.0781 1240 NDIS - ok 18:42:30.0859 1240 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys 18:42:30.0859 1240 NdisTapi - ok 18:42:30.0906 1240 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys 18:42:30.0906 1240 Ndisuio - ok 18:42:30.0968 1240 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys 18:42:30.0968 1240 NdisWan - ok 18:42:31.0015 1240 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys 18:42:31.0015 1240 NDProxy - ok 18:42:31.0125 1240 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys 18:42:31.0125 1240 NetBIOS - ok 18:42:31.0187 1240 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys 18:42:31.0187 1240 NetBT - ok 18:42:31.0296 1240 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys 18:42:31.0296 1240 NIC1394 - ok 18:42:31.0328 1240 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys 18:42:31.0343 1240 Npfs - ok 18:42:31.0343 1240 NTACCESS - ok 18:42:31.0390 1240 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys 18:42:31.0421 1240 Ntfs - ok 18:42:31.0468 1240 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys 18:42:31.0468 1240 Null - ok 18:42:31.0593 1240 nv (be10db9ad60d5814aeff31d976b99448) C:\windows\system32\DRIVERS\nv4_mini.sys 18:42:31.0703 1240 nv - ok 18:42:31.0812 1240 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\windows\system32\DRIVERS\nvata.sys 18:42:31.0812 1240 nvata - ok 18:42:31.0875 1240 nvatabus (46deed4c6c5fa765f9a2c723be60348d) C:\windows\system32\DRIVERS\nvatabus.sys 18:42:31.0875 1240 nvatabus - ok 18:42:31.0937 1240 NVENETFD (69033cef4b268858e96197aa93c73bd8) C:\windows\system32\DRIVERS\NVENETFD.sys 18:42:31.0937 1240 NVENETFD - ok 18:42:31.0984 1240 nvnetbus (06c4f3194c5da021563d3017fed3164b) C:\windows\system32\DRIVERS\nvnetbus.sys 18:42:31.0984 1240 nvnetbus - ok 18:42:32.0015 1240 nv_agp (c0fcd544a1c4eea6d11a0ae6a07dac9d) C:\windows\system32\DRIVERS\nv_agp.sys 18:42:32.0015 1240 nv_agp - ok 18:42:32.0078 1240 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys 18:42:32.0078 1240 NwlnkFlt - ok 18:42:32.0171 1240 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys 18:42:32.0171 1240 NwlnkFwd - ok 18:42:32.0281 1240 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys 18:42:32.0281 1240 ohci1394 - ok 18:42:32.0359 1240 Parport (19e28ed86e7244d76fda792c2810188e) C:\windows\system32\DRIVERS\parport.sys 18:42:32.0359 1240 Parport - ok 18:42:32.0390 1240 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys 18:42:32.0390 1240 PartMgr - ok 18:42:32.0453 1240 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\windows\system32\drivers\ParVdm.sys 18:42:32.0453 1240 ParVdm - ok 18:42:32.0484 1240 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\windows\system32\DRIVERS\pci.sys 18:42:32.0484 1240 PCI - ok 18:42:32.0515 1240 PCIDump - ok 18:42:32.0609 1240 PCIIde (239de4275ee40fdf9912761467025244) C:\windows\system32\DRIVERS\pciide.sys 18:42:32.0609 1240 PCIIde - ok 18:42:32.0718 1240 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\windows\system32\drivers\Pcmcia.sys 18:42:32.0718 1240 Pcmcia - ok 18:42:32.0828 1240 PDCOMP - ok 18:42:32.0875 1240 PDFRAME - ok 18:42:32.0906 1240 PDRELI - ok 18:42:32.0937 1240 PDRFRAME - ok 18:42:33.0000 1240 perc2 - ok 18:42:33.0031 1240 perc2hib - ok 18:42:33.0125 1240 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys 18:42:33.0125 1240 PptpMiniport - ok 18:42:33.0156 1240 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\windows\system32\DRIVERS\processr.sys 18:42:33.0156 1240 Processor - ok 18:42:33.0234 1240 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\windows\System32\drivers\prodrv06.sys 18:42:33.0234 1240 prodrv06 - ok 18:42:33.0281 1240 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\windows\system32\drivers\prohlp02.sys 18:42:33.0281 1240 prohlp02 - ok 18:42:33.0328 1240 prosync1 (960bce3ed38761b446aabac06c76badf) C:\windows\system32\drivers\prosync1.sys 18:42:33.0328 1240 prosync1 - ok 18:42:33.0375 1240 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys 18:42:33.0375 1240 PSched - ok 18:42:33.0421 1240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys 18:42:33.0421 1240 Ptilink - ok 18:42:33.0500 1240 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\windows\system32\Drivers\PxHelp20.sys 18:42:33.0500 1240 PxHelp20 - ok 18:42:33.0531 1240 ql1080 - ok 18:42:33.0562 1240 Ql10wnt - ok 18:42:33.0593 1240 ql12160 - ok 18:42:33.0640 1240 ql1240 - ok 18:42:33.0703 1240 ql1280 - ok 18:42:33.0750 1240 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys 18:42:33.0750 1240 RasAcd - ok 18:42:33.0843 1240 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys 18:42:33.0843 1240 Rasl2tp - ok 18:42:33.0921 1240 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys 18:42:33.0921 1240 RasPppoe - ok 18:42:34.0000 1240 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys 18:42:34.0000 1240 Raspti - ok 18:42:34.0062 1240 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys 18:42:34.0062 1240 Rdbss - ok 18:42:34.0156 1240 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys 18:42:34.0156 1240 RDPCDD - ok 18:42:34.0203 1240 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys 18:42:34.0218 1240 rdpdr - ok 18:42:34.0265 1240 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\windows\system32\drivers\RDPWD.sys 18:42:34.0281 1240 RDPWD - ok 18:42:34.0359 1240 redbook (97130d37842819fa39fd5f1e90a5d676) C:\windows\system32\DRIVERS\redbook.sys 18:42:34.0359 1240 redbook - ok 18:42:34.0453 1240 s1029bus (69013a123a00b3042c260b0056df0152) C:\windows\system32\DRIVERS\s1029bus.sys 18:42:34.0453 1240 s1029bus - ok 18:42:34.0546 1240 s1029mdfl (1565fc31f872963fe8af471123d8424c) C:\windows\system32\DRIVERS\s1029mdfl.sys 18:42:34.0546 1240 s1029mdfl - ok 18:42:34.0609 1240 s1029mdm (d67a8042ecf6c983ac0e308b36603677) C:\windows\system32\DRIVERS\s1029mdm.sys 18:42:34.0609 1240 s1029mdm - ok 18:42:34.0718 1240 s1029mgmt (9ac56f06c1e13a963c82ebd067fdf274) C:\windows\system32\DRIVERS\s1029mgmt.sys 18:42:34.0718 1240 s1029mgmt - ok 18:42:34.0796 1240 s1029nd5 (00c66c6baafb2747f15f94f15888c94a) C:\windows\system32\DRIVERS\s1029nd5.sys 18:42:34.0812 1240 s1029nd5 - ok 18:42:34.0890 1240 s1029obex (6fc093aba554e45755dc2f3896b6c8d7) C:\windows\system32\DRIVERS\s1029obex.sys 18:42:34.0890 1240 s1029obex - ok 18:42:34.0984 1240 s1029unic (9979b0e68815394665b2109b03d15fa1) C:\windows\system32\DRIVERS\s1029unic.sys 18:42:34.0984 1240 s1029unic - ok 18:42:35.0078 1240 s1039bus (d259d085f215b57b7170dc2d0b646b2a) C:\windows\system32\DRIVERS\s1039bus.sys 18:42:35.0078 1240 s1039bus - ok 18:42:35.0156 1240 s1039mdfl (4d2b6621b5913e8b1cbb650a6037b8a2) C:\windows\system32\DRIVERS\s1039mdfl.sys 18:42:35.0156 1240 s1039mdfl - ok 18:42:35.0250 1240 s1039mdm (8149799844ab2e91ea92e9cad4224254) C:\windows\system32\DRIVERS\s1039mdm.sys 18:42:35.0250 1240 s1039mdm - ok 18:42:35.0328 1240 s1039mgmt (5e91068b3f5e003b83d8a99dc0c76e2c) C:\windows\system32\DRIVERS\s1039mgmt.sys 18:42:35.0343 1240 s1039mgmt - ok 18:42:35.0390 1240 s1039nd5 (df54dbf1c4105d2074d07929f6ba91aa) C:\windows\system32\DRIVERS\s1039nd5.sys 18:42:35.0390 1240 s1039nd5 - ok 18:42:35.0468 1240 s1039obex (1bc084b0708d42e29e2222346149e52f) C:\windows\system32\DRIVERS\s1039obex.sys 18:42:35.0468 1240 s1039obex - ok 18:42:35.0531 1240 s1039unic (2e8ccb7bf5b1eb34bcf4ebf880b3e11c) C:\windows\system32\DRIVERS\s1039unic.sys 18:42:35.0546 1240 s1039unic - ok 18:42:35.0609 1240 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys 18:42:35.0609 1240 Secdrv - ok 18:42:35.0765 1240 seehcri (e5b56569a9f79b70314fede6c953641e) C:\windows\system32\DRIVERS\seehcri.sys 18:42:35.0765 1240 seehcri - ok 18:42:35.0843 1240 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys 18:42:35.0843 1240 serenum - ok 18:42:35.0921 1240 Serial (f7d35464062edc08909e568bcd8ae77d) C:\windows\system32\DRIVERS\serial.sys 18:42:35.0937 1240 Serial - ok 18:42:35.0937 1240 SetupNTGLM7X - ok 18:42:36.0000 1240 seu3bus - ok 18:42:36.0031 1240 seu3card - ok 18:42:36.0046 1240 seu3mdfl - ok 18:42:36.0140 1240 seu3mdfl2 - ok 18:42:36.0187 1240 seu3mdm - ok 18:42:36.0218 1240 seu3mdm2 - ok 18:42:36.0250 1240 seu3nd5 - ok 18:42:36.0281 1240 seu3unic - ok 18:42:36.0343 1240 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\windows\system32\drivers\sfdrv01.sys 18:42:36.0359 1240 sfdrv01 - ok 18:42:36.0421 1240 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\windows\system32\drivers\sfhlp01.sys 18:42:36.0421 1240 sfhlp01 - ok 18:42:36.0484 1240 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\windows\system32\drivers\sfhlp02.sys 18:42:36.0484 1240 sfhlp02 - ok 18:42:36.0546 1240 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys 18:42:36.0562 1240 Sfloppy - ok 18:42:36.0625 1240 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\windows\system32\drivers\sfsync02.sys 18:42:36.0625 1240 sfsync02 - ok 18:42:36.0750 1240 sfsync03 (b27f70092a84b2a381d1fcdbbb82f876) C:\windows\system32\drivers\sfsync03.sys 18:42:36.0750 1240 sfsync03 - ok 18:42:36.0812 1240 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\windows\system32\drivers\sfvfs02.sys 18:42:36.0812 1240 sfvfs02 - ok 18:42:36.0859 1240 Simbad - ok 18:42:36.0890 1240 Sony_EricssonWWSC - ok 18:42:36.0921 1240 Sparrow - ok 18:42:36.0984 1240 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys 18:42:36.0984 1240 splitter - ok 18:42:37.0125 1240 sptd (fd306fa416324e55c86f4f997998e6f4) C:\windows\system32\Drivers\sptd.sys 18:42:37.0125 1240 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: fd306fa416324e55c86f4f997998e6f4 18:42:37.0125 1240 sptd ( LockedFile.Multi.Generic ) - warning 18:42:37.0125 1240 sptd - detected LockedFile.Multi.Generic (1) 18:42:37.0203 1240 sr (1193ef00869f6367367e6e7cb96be325) C:\windows\system32\DRIVERS\sr.sys 18:42:37.0218 1240 sr - ok 18:42:37.0265 1240 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys 18:42:37.0281 1240 Srv - ok 18:42:37.0328 1240 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys 18:42:37.0328 1240 swenum - ok 18:42:37.0390 1240 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys 18:42:37.0390 1240 swmidi - ok 18:42:37.0453 1240 symc810 - ok 18:42:37.0484 1240 symc8xx - ok 18:42:37.0515 1240 sym_hi - ok 18:42:37.0562 1240 sym_u3 - ok 18:42:37.0593 1240 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys 18:42:37.0593 1240 sysaudio - ok 18:42:37.0687 1240 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\windows\system32\DRIVERS\tapvpn.sys 18:42:37.0687 1240 tapvpn - ok 18:42:37.0765 1240 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys 18:42:37.0796 1240 Tcpip - ok 18:42:37.0875 1240 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys 18:42:37.0875 1240 TDPIPE - ok 18:42:37.0968 1240 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys 18:42:37.0968 1240 TDTCP - ok 18:42:38.0015 1240 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys 18:42:38.0015 1240 TermDD - ok 18:42:38.0140 1240 TosIde - ok 18:42:38.0218 1240 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys 18:42:38.0218 1240 Udfs - ok 18:42:38.0265 1240 ultra - ok 18:42:38.0343 1240 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys 18:42:38.0375 1240 Update - ok 18:42:38.0453 1240 USBAAPL - ok 18:42:38.0515 1240 usbaudio (e919708db44ed8543a7c017953148330) C:\windows\system32\drivers\usbaudio.sys 18:42:38.0515 1240 usbaudio - ok 18:42:38.0562 1240 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys 18:42:38.0562 1240 usbccgp - ok 18:42:38.0609 1240 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys 18:42:38.0609 1240 usbehci - ok 18:42:38.0718 1240 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys 18:42:38.0718 1240 usbhub - ok 18:42:38.0812 1240 usbohci (0daecce65366ea32b162f85f07c6753b) C:\windows\system32\DRIVERS\usbohci.sys 18:42:38.0812 1240 usbohci - ok 18:42:38.0859 1240 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys 18:42:38.0859 1240 usbscan - ok 18:42:38.0984 1240 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS 18:42:38.0984 1240 USBSTOR - ok 18:42:39.0046 1240 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys 18:42:39.0046 1240 VgaSave - ok 18:42:39.0125 1240 ViaIde - ok 18:42:39.0171 1240 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\windows\system32\drivers\VolSnap.sys 18:42:39.0171 1240 VolSnap - ok 18:42:39.0218 1240 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys 18:42:39.0234 1240 Wanarp - ok 18:42:39.0296 1240 WDICA - ok 18:42:39.0359 1240 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys 18:42:39.0359 1240 wdmaud - ok 18:42:39.0500 1240 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\windows\system32\Drivers\wpdusb.sys 18:42:39.0500 1240 WpdUsb - ok 18:42:39.0562 1240 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys 18:42:39.0562 1240 WS2IFSL - ok 18:42:39.0640 1240 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys 18:42:39.0640 1240 WudfPf - ok 18:42:39.0734 1240 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys 18:42:39.0734 1240 WudfRd - ok 18:42:39.0781 1240 zlportio - ok 18:42:39.0796 1240 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 18:42:39.0796 1240 \Device\Harddisk0\DR0 - ok 18:42:39.0796 1240 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 18:42:39.0812 1240 \Device\Harddisk1\DR1 - ok 18:42:39.0828 1240 MBR (0x1B8) (c8919ae61419c5625f9ef0aef12523a8) \Device\Harddisk2\DR2 18:42:39.0875 1240 \Device\Harddisk2\DR2 - ok 18:42:39.0890 1240 Boot (0x1200) (c42dc8d93ccc11195cf264e9cda712d9) \Device\Harddisk0\DR0\Partition0 18:42:39.0890 1240 \Device\Harddisk0\DR0\Partition0 - ok 18:42:39.0890 1240 Boot (0x1200) (eb9a19e7f39b5468f97b63bfd0feba89) \Device\Harddisk1\DR1\Partition0 18:42:39.0890 1240 \Device\Harddisk1\DR1\Partition0 - ok 18:42:39.0890 1240 Boot (0x1200) (08658d220e3d9bea7d42bba75e4063ab) \Device\Harddisk2\DR2\Partition0 18:42:39.0890 1240 \Device\Harddisk2\DR2\Partition0 - ok 18:42:39.0890 1240 ============================================================ 18:42:39.0890 1240 Scan finished 18:42:39.0890 1240 ============================================================ 18:42:39.0906 4360 Detected object count: 2 18:42:39.0906 4360 Actual detected object count: 2 18:43:20.0093 4360 dtscsi ( LockedFile.Multi.Generic ) - skipped by user 18:43:20.0093 4360 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip 18:43:20.0093 4360 sptd ( LockedFile.Multi.Generic ) - skipped by user 18:43:20.0093 4360 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  8. Första scannen klar, här är loggen: aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-11-06 17:40:24 ----------------------------- 17:40:24.718 OS Version: Windows 5.1.2600 Service Pack 3 17:40:24.718 Number of processors: 2 586 0xF06 17:40:24.718 ComputerName: LOLISH UserName: Ebla 17:40:41.062 Initialize success 17:44:29.890 AVAST engine defs: 11110601 17:45:20.343 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000007e 17:45:20.343 Disk 0 Vendor: HDT722525DLA380 V44OA9BA Size: 238475MB BusType: 3 17:45:20.343 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007f 17:45:20.343 Disk 1 Vendor: Maxtor_6B200M0 BANC1980 Size: 194481MB BusType: 3 17:45:20.343 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\00000082 17:45:20.343 Disk 2 Vendor: Maxtor_6B200M0 BANC1980 Size: 194481MB BusType: 3 17:45:20.343 Device \Driver\nvata -> MajorFunction 8a84f4d0 17:45:22.359 Disk 2 MBR read successfully 17:45:22.359 Disk 2 MBR scan 17:45:22.390 Disk 2 Windows XP default MBR code 17:45:22.390 Disk 2 scanning sectors +398267415 17:45:22.515 Disk 2 scanning C:\windows\system32\drivers 17:45:36.203 Service scanning 17:45:36.562 Service dtscsi C:\windows\System32\Drivers\dtscsi.sys **LOCKED** 32 17:45:36.609 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21 17:45:36.796 Service MSICPL E:\install4\MSICPL.sys **LOCKED** 21 17:45:36.828 Service NTACCESS E:\NTACCESS.sys **LOCKED** 21 17:45:36.890 Service SetupNTGLM7X E:\NTGLM7X.sys **LOCKED** 21 17:45:36.921 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32 17:45:37.468 Modules scanning 17:45:53.515 Disk 2 trace - called modules: 17:45:53.531 ntkrnlpa.exe >>UNKNOWN [0x8a84e0e8]<< 17:45:53.531 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8a80cab8] 17:45:53.531 \Driver\Disk[0x8a789e18] -> IRP_MJ_CREATE -> 0x8a84e0e8 17:45:54.109 AVAST engine scan C:\windows 17:46:24.843 AVAST engine scan C:\windows\system32 17:48:25.734 AVAST engine scan C:\windows\system32\drivers 17:48:42.343 AVAST engine scan C:\Documents and Settings\Ebla 18:17:47.937 AVAST engine scan C:\Documents and Settings\All Users 18:30:23.375 Scan finished successfully 18:33:43.734 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Ebla\Skrivbord\MBR.dat" 18:33:43.734 The log file has been saved successfully to "C:\Documents and Settings\Ebla\Skrivbord\aswMBR.txt" Startar om och kör TDSSKiller.
  9. "Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja." När jag svarade ja på den frågan fick jag upp meddelandet "Boot-partitionen kunde inte utläsas korrekt". Tänkte bara påpeka det, kan ju vara relevant.
  10. Här kommer ComboFix-loggen: ComboFix 11-11-06.01 - Ebla 2011-11-06 14:01:48.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1020 [GMT 1:00] Körs från: c:\documents and settings\Ebla\Skrivbord\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (WINDOWS RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !! . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\hpeCC.dll c:\documents and settings\Ebla\Application Data\ErrorSmart c:\documents and settings\Ebla\Application Data\ErrorSmart\Log\2008 Aug 12 - 03_50_22 AM_963.log c:\documents and settings\Ebla\Application Data\ErrorSmart\Log\2008 Aug 12 - 03_51_59 AM_995.log c:\documents and settings\Ebla\Application Data\ErrorSmart\Registry Backups\2008-08-12_03-53-03.reg c:\documents and settings\Ebla\Application Data\Roaming c:\documents and settings\Ebla\Application Data\Roaming\HoldemManager\config\FTPRushTables.xml c:\documents and settings\Ebla\Application Data\ShoppingReport c:\documents and settings\Ebla\Application Data\ShoppingReport\cs\Config.xml c:\documents and settings\Ebla\Application Data\ShoppingReport\cs\db\Aliases.dbs c:\documents and settings\Ebla\Application Data\ShoppingReport\cs\db\Sites.dbs c:\documents and settings\Ebla\Application Data\ShoppingReport\cs\dwld\WhiteList.xip c:\documents and settings\Ebla\Application Data\ShoppingReport\cs\report\aggr_storage.xml c:\documents and settings\Ebla\Application Data\ShoppingReport\cs\report\send_storage.xml c:\documents and settings\Ebla\Application Data\ShoppingReport\cs\res1\WhiteList.dbs c:\documents and settings\Ebla\Start-meny\Program\Videos.url c:\documents and settings\Ebla\WINDOWS c:\program\ShoppingReport c:\windows\dasetup.log c:\windows\iun6002.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\struct~.ini . . (((((((((((((((((((((((( Filer skapade från 2011-10-06 till 2011-11-06 )))))))))))))))))))))))))))))) . . 2011-11-03 19:21 . 2011-11-03 19:21 388096 ----a-r- c:\documents and settings\Ebla\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-03 19:21 . 2011-11-03 19:21 -------- d-----w- c:\program\Trend Micro 2011-11-02 16:22 . 2011-11-06 08:39 -------- d-----w- c:\documents and settings\Ebla\Lokala inställningar\Application Data\Akamai 2011-10-12 16:04 . 2011-10-12 16:04 -------- d-----w- c:\documents and settings\Ebla\Application Data\AVG2012 2011-10-12 16:03 . 2011-10-12 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-07 05:23 . 2010-09-07 02:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-10-04 05:21 . 2010-08-19 19:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-10-03 03:06 . 2010-05-20 07:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 00:37 . 2008-02-12 10:14 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-26 09:41 . 2008-07-29 17:59 612352 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2001-09-28 14:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2001-09-28 14:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-13 04:30 . 2010-09-07 02:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-09-09 09:12 . 2004-08-03 23:33 602112 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 14:09 . 2004-08-03 23:20 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:40 . 2004-08-03 23:34 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:40 . 2004-08-03 23:34 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 23:40 . 2004-08-03 23:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 11:58 . 2004-08-03 23:13 385024 ----a-w- c:\windows\system32\html.iec 2011-08-17 13:49 . 2004-08-03 21:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F.lux"="c:\documents and settings\Ebla\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656] "swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-02 39408] "Xvid"="c:\program\Xvid\CheckUpdate.exe" [2011-01-17 8192] "Akamai NetSession Interface"="c:\documents and settings\Ebla\Lokala inställningar\Application Data\Akamai\netsession_win.exe" [2011-11-04 3293784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360] "nwiz"="nwiz.exe" [2005-12-10 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016] "Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464] "GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "H2O"="c:\program\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024] "Telia"="c:\program\Telia\Supportassistenten\bin\sprtcmd.exe" [2010-05-10 206120] "StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] "Adobe Acrobat Speed Launcher"="c:\program\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376] "Acrobat Assistant 8.0"="c:\program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "AVG_TRAY"="c:\program\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456] "Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program\QuickTime\qttask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Magnify"="Magnify.exe" [2008-04-14 73216] . c:\documents and settings\Ebla\Start-meny\Program\Autostart\ TimeLeft.lnk - c:\program\TimeLeft3\TimeLeft.exe [2011-10-6 2051880] . c:\documents and settings\All Users\Start-meny\Program\Autostart\ BankID säkerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2010-5-4 939920] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\program\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program\\Java\\jre1.5.0_06\\bin\\javaw.exe"= "c:\\Program\\uTorrent\\utorrent.exe"= "c:\\Program\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\Spotify\\spotify.exe"= "c:\\Program\\Bonjour\\mDNSResponder.exe"= "c:\\Program\\RVG Software\\Holdem Manager\\HMHud.exe"= "c:\\Program\\RVG Software\\Holdem Manager\\HoldemManager.exe"= "c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program\\Sony\\Media Go\\MediaGo.exe"= "c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Ebla\\Lokala inställningar\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16771:TCP"= 16771:TCP:BitComet 16771 TCP "16771:UDP"= 16771:UDP:BitComet 16771 UDP . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-09-13 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-09-07 32592] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-07-10 643072] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-09-07 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-09 295248] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336] R2 AVGIDSAgent;AVGIDSAgent;c:\program\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\program\PostgreSQL\8.3\data\" --> c:\program\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?] R2 sprtsvc_teliada;SupportSoft Sprocket Service (teliada);c:\program\Telia\Supportassistenten\bin\sprtsvc.exe [2010-07-08 206120] R2 tgsrvc_teliada;SupportSoft Repair Service (teliada);c:\program\Telia\Supportassistenten\bin\tgsrvc.exe [2010-07-08 185640] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-08-19 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-08-19 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-08-19 16720] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-09-05 33792] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-08-10 27632] S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2011-04-02 136176] S2 OMSI download service;Sony Ericsson OMSI download service;c:\program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010-09-29 90112] S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [2011-04-02 136176] S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2010-09-29 90280] S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2010-09-29 15016] S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2010-09-29 122280] S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2010-09-29 115880] S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2010-09-29 26024] S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2010-09-29 111912] S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2010-09-29 116904] S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-05-15 98672] S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-05-15 14960] S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-05-15 124016] S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-05-15 117872] S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-05-15 25456] S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-05-15 113904] S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-05-15 123504] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 seu3bus;Sony Ericsson MD400g Mobile Broadband Composite Device driver (WDM);c:\windows\system32\DRIVERS\seu3bus.sys --> c:\windows\system32\DRIVERS\seu3bus.sys [?] S3 seu3card;Sony Ericsson MD400g Device Mgmt;c:\windows\system32\DRIVERS\seu3card.sys --> c:\windows\system32\DRIVERS\seu3card.sys [?] S3 seu3mdfl;Sony Ericsson MD400g Mobile Broadband Modem Filter;c:\windows\system32\DRIVERS\seu3mdfl.sys --> c:\windows\system32\DRIVERS\seu3mdfl.sys [?] S3 seu3mdfl2;Sony Ericsson MD400g Mobile Broadband Data Modem Filter;c:\windows\system32\DRIVERS\seu3mdfl2.sys --> c:\windows\system32\DRIVERS\seu3mdfl2.sys [?] S3 seu3mdm;Sony Ericsson MD400g Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\seu3mdm.sys --> c:\windows\system32\DRIVERS\seu3mdm.sys [?] S3 seu3mdm2;Sony Ericsson MD400g Mobile Broadband Data Modem Driver;c:\windows\system32\DRIVERS\seu3mdm2.sys --> c:\windows\system32\DRIVERS\seu3mdm2.sys [?] S3 seu3nd5;Sony Ericsson MD400g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\DRIVERS\seu3nd5.sys --> c:\windows\system32\DRIVERS\seu3nd5.sys [?] S3 seu3unic;Sony Ericsson MD400g Mobile Broadband Network Adapter (WDM);c:\windows\system32\DRIVERS\seu3unic.sys --> c:\windows\system32\DRIVERS\seu3unic.sys [?] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-05-15 152064] S3 Sony_EricssonWWSC;Sony Ericsson PC SC Port;c:\windows\system32\DRIVERS\seu3scard.sys --> c:\windows\system32\DRIVERS\seu3scard.sys [?] S3 zlportio;zlportio; [x] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Innehåll i mappen 'Schemalagda aktiviteter': . 2011-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program\Google\Update\GoogleUpdate.exe [2011-04-02 15:51] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program\Google\Update\GoogleUpdate.exe [2011-04-02 15:51] . 2011-11-06 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 20:18] . . ------- Extra genomsökning ------- . uStart Page = about:blank uInternet Settings,ProxyServer = 169.229.50.10:3127 uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xportera till Microsoft Excel - c:\program\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Ebla\Application Data\Mozilla\Firefox\Profiles\ycu6cph5.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\Java\jre6\lib\deploy\jqs\ff . . ------- Filassociationer ------- . . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net Rootkit scan 2011-11-06 14:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Maxtor_6B200M0 rev.BANC1980 -> Harddisk2\DR2 -> \Device\0000007e . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program\delade filer\akamai/netsession_win_d71b4a3.dll" . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_USERS\S-1-5-21-1645522239-1580818891-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1645522239-1580818891-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:54,4a,15,8a,87,43,bb,8a,da,6d,de,71,54,bb,fb,0a,d8,37,41,5c,5b,5e,ae, 39,4c,4d,fb,c0,b9,e7,7e,4a,8a,ce,e3,24,ec,21,72,7b,f4,f4,81,6f,93,5b,5f,b8,\ "??"=hex:f0,e0,b3,05,a5,33,ab,87,19,22,39,10,2c,23,c9,e4 . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . [HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a0,91,fa,ad,d5,ac,1e,53,77,31,bf,c2,ff,38,d8,d6,76,33,69,cb,64,5d,37, d3,4d,39,6f,89,14,2c,ea,0d,a1,08,a0,4c,a0,2d,0b,5a,2c,94,e1,11,1b,65,68,15,\ "??"=hex:b4,bc,5d,3a,94,25,48,4d,20,72,c8,d1,c4,31,c9,55 . --------------------- DLL'er som "laddats" under processer som körs --------------------- . - - - - - - - > 'winlogon.exe'(1200) c:\windows\system32\Ati2evxx.dll . Sluttid: 2011-11-06 14:21:28 ComboFix-quarantined-files.txt 2011-11-06 13:21 . Före genomsökningen: 92 632 723 456 byte ledigt Efter genomsökningen: 95 270 404 096 byte ledigt . - - End Of File - - 1D43E2D8891F23741E407FBD0CBCDA1D
  11. DDS verkar inte skapa nån fil med namnet attach.txt, gör jag något fel? Edit: Hittade den och bifogar attach.txt
  12. Hej Cecilia! Datorn startade återigen om sig själv det första som hände när jag satte på den idag. Jag upplever också att den går väldigt mycket trögare än vad den brukar. Här är DDS-loggen: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Ebla at 8:43:26 on 2011-11-04 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1040 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost -k DcomLaunch svchost.exe C:\windows\System32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\spoolsv.exe C:\windows\system32\WgaTray.exe C:\windows\Explorer.EXE C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\windows\RTHDCPL.EXE C:\Program\Microsoft Office\Office12\GrooveMonitor.exe C:\Program\SyncroSoft\Pos\H2O\cledx.exe C:\Program\Telia\Supportassistenten\bin\sprtcmd.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program\Delade filer\Java\Java Update\jusched.exe C:\windows\system32\ctfmon.exe C:\Documents and Settings\Ebla\Local Settings\Apps\F.lux\flux.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Ebla\Lokala inställningar\Application Data\Akamai\netsession_win.exe C:\Program\Personal\bin\Personal.exe C:\Program\TimeLeft3\TimeLeft.exe svchost.exe C:\windows\System32\svchost.exe -k Akamai C:\Documents and Settings\Ebla\Lokala inställningar\Application Data\Akamai\netsession_win.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Telia\Supportassistenten\bin\sprtsvc.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program\Telia\Supportassistenten\bin\tgsrvc.exe C:\WINDOWS\system32\UAService7.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\windows\system32\wuauclt.exe C:\windows\system32\msiexec.exe C:\Program\AVG\AVG2012\avgwdsvc.exe C:\Program\AVG\AVG2012\avgnsx.exe C:\Program\AVG\AVG2012\avgrsx.exe C:\Program\AVG\AVG2012\avgcsrvx.exe C:\Program\AVG\AVG2012\avgtray.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uInternet Settings,ProxyServer = 169.229.50.10:3127 uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File BHO: ShoppingReport: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program\shoppingreport\bin\2.5.0\ShoppingReport.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg2012\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program\shoppingreport\bin\2.5.0\ShoppingReport.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [F.lux] "c:\documents and settings\ebla\local settings\apps\f.lux\flux.exe" /noshow uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Xvid] c:\program\xvid\CheckUpdate.exe uRun: [Akamai NetSession Interface] c:\documents and settings\ebla\lokala inställningar\application data\akamai\netsession_win.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.anotheryousalon.se/" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe Photo Downloader] "c:\program\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe" mRun: [skyTel] SkyTel.EXE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [GrooveMonitor] "c:\program\microsoft office\office12\GrooveMonitor.exe" mRun: [H2O] c:\program\syncrosoft\pos\h2o\cledx.exe mRun: [Telia] "c:\program\telia\supportassistenten\bin\sprtcmd.exe" /P TeliaDA mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe Acrobat Speed Launcher] "c:\program\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [AVG_TRAY] "c:\program\avg\avg2012\avgtray.exe" mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [Magnify] Magnify.exe StartupFolder: c:\docume~1\ebla\start-~1\program\autost~1\timeleft.lnk - c:\program\timeleft3\TimeLeft.exe StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe IE: Append Link Target to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xportera till Microsoft Excel - c:\program\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program\pokerstars\PokerStarsUpdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {21196042-830F-419f-A594-F9D456A6C29A} - {21196042-830F-419f-A594-F9D456A6C29A} c:\program\timeleft3\tlintergie.html - c:\program\timeleft3\tlintergie.html\inprocserver32 does not exist! IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office12\REFIEBAR.DLL IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program\shoppingreport\bin\2.5.0\ShoppingReport.dll IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program\shoppingreport\bin\2.5.0\ShoppingReport.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://plusevpoker.webex.com/client/T27LB/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6427926E-159A-463B-A008-6311AF3354E2} : DhcpNameServer = 83.255.245.10 83.255.249.10 TCP: Interfaces\{E6B23768-12A6-4CCF-98DF-38037CEA2F5F} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll Notify: Antiwpa - antiwpa.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\ebla\application data\mozilla\firefox\profiles\ycu6cph5.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program\avg\avg10\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\ebla\application data\mozilla\firefox\profiles\ycu6cph5.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\ebla\application data\mozilla\firefox\profiles\ycu6cph5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll FF - plugin: c:\program\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program\microsoft\office live\npOLW.dll FF - plugin: c:\program\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program\nos\bin\np_gp.dll FF - plugin: c:\program\personal\bin\np_prsnl.dll FF - plugin: c:\program\sony\media go\npmediago.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 295248] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336] R2 avgwd;AVG WatchDog;c:\program\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-9-29 90112] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program\postgresql\8.3\bin\pg_ctl.exe runservice -w -n "pgsql-8.3" -d "c:\program\postgresql\8.3\data\" --> c:\program\postgresql\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?] R2 sprtsvc_teliada;SupportSoft Sprocket Service (teliada);c:\program\telia\supportassistenten\bin\sprtsvc.exe [2010-7-8 206120] R2 tgsrvc_teliada;SupportSoft Repair Service (teliada);c:\program\telia\supportassistenten\bin\tgsrvc.exe [2010-7-8 185640] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-9-5 33792] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-8-10 27632] S2 AVGIDSAgent;AVGIDSAgent;c:\program\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2011-4-2 136176] S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2011-4-2 136176] S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2010-9-29 90280] S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2010-9-29 15016] S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2010-9-29 122280] S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2010-9-29 115880] S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2010-9-29 26024] S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2010-9-29 111912] S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2010-9-29 116904] S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-5-15 98672] S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-5-15 14960] S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-5-15 124016] S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-5-15 117872] S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-5-15 25456] S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-5-15 113904] S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-5-15 123504] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 seu3bus;Sony Ericsson MD400g Mobile Broadband Composite Device driver (WDM);c:\windows\system32\drivers\seu3bus.sys --> c:\windows\system32\drivers\seu3bus.sys [?] S3 seu3card;Sony Ericsson MD400g Device Mgmt;c:\windows\system32\drivers\seu3card.sys --> c:\windows\system32\drivers\seu3card.sys [?] S3 seu3mdfl;Sony Ericsson MD400g Mobile Broadband Modem Filter;c:\windows\system32\drivers\seu3mdfl.sys --> c:\windows\system32\drivers\seu3mdfl.sys [?] S3 seu3mdfl2;Sony Ericsson MD400g Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\seu3mdfl2.sys --> c:\windows\system32\drivers\seu3mdfl2.sys [?] S3 seu3mdm;Sony Ericsson MD400g Mobile Broadband Modem Driver;c:\windows\system32\drivers\seu3mdm.sys --> c:\windows\system32\drivers\seu3mdm.sys [?] S3 seu3mdm2;Sony Ericsson MD400g Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\seu3mdm2.sys --> c:\windows\system32\drivers\seu3mdm2.sys [?] S3 seu3nd5;Sony Ericsson MD400g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\seu3nd5.sys --> c:\windows\system32\drivers\seu3nd5.sys [?] S3 seu3unic;Sony Ericsson MD400g Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\seu3unic.sys --> c:\windows\system32\drivers\seu3unic.sys [?] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-15 152064] S3 Sony_EricssonWWSC;Sony Ericsson PC SC Port;c:\windows\system32\drivers\seu3scard.sys --> c:\windows\system32\drivers\seu3scard.sys [?] S3 zlportio;zlportio; [x] . =============== Created Last 30 ================ . 2011-11-03 19:21:03 388096 ----a-r- c:\documents and settings\ebla\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-11-03 19:21:02 -------- d-----w- c:\program\Trend Micro 2011-10-13 08:43:19 -------- d-----w- c:\program\SHOPPINGREPORT 2011-10-12 16:04:28 -------- d-----w- c:\documents and settings\ebla\application data\AVG2012 2011-10-12 16:03:18 -------- d-----w- c:\documents and settings\all users\application data\AVG2012 2011-10-06 08:37:03 -------- d-----w- c:\program\TimeLeft3 2011-10-06 08:37:03 -------- d-----w- c:\documents and settings\ebla\application data\NesterSoft . ==================== Find3M ==================== . 2011-10-07 05:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-10-04 05:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-10-03 03:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 00:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-26 09:41:40 612352 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41:40 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-13 04:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-09-09 09:12:07 602112 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 14:09:57 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:40:15 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:40:14 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:40:14 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:58:29 385024 ----a-w- c:\windows\system32\html.iec 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Maxtor_6B200M0 rev.BANC1980 -> Harddisk2\DR2 -> \Device\0000007e . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe >>UNKNOWN [0x8A88F450]<< _asm { MOV EAX, 0x8a88f370; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a892684; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk2\DR2[0x8A7FFAB8] \Driver\Disk[0x8A7BECF8] -> IRP_MJ_CREATE -> 0x8A88F450 kernel: MBR read successfully _asm { ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; } detected disk devices: detected hooks: \Driver\Disk -> 0x8a88f450 user != kernel MBR !!! Warning: possible MBR rootkit infection ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 8:45:58,82 ===============
  13. Hej, Min dator har börjat bete sig lite konstigt och startade nyss om sig själv helt på egen hand. Jag vet inte om det kan ha att göra men jag fick nån typ av felmeddelande angående netsession_win igår. Eller är det nåt jobbigt virus? Jag skickar med hijackthis-logg. Påpeka gärna allt som kan tänkas dra en massa onödig processorkraft, jag har inte hållit efter särskilt bra. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:21:27, on 2011-11-03 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\Program\AVG\AVG2012\avgrsx.exe C:\Program\AVG\AVG2012\avgcsrvx.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\spoolsv.exe C:\windows\system32\WgaTray.exe C:\windows\Explorer.EXE C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\windows\RTHDCPL.EXE C:\Program\Microsoft Office\Office12\GrooveMonitor.exe C:\Program\SyncroSoft\Pos\H2O\cledx.exe C:\Program\Telia\Supportassistenten\bin\sprtcmd.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program\AVG\AVG2012\avgtray.exe C:\Program\Delade filer\Java\Java Update\jusched.exe C:\windows\system32\ctfmon.exe C:\Documents and Settings\Ebla\Local Settings\Apps\F.lux\flux.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Ebla\Lokala inställningar\Application Data\Akamai\netsession_win.exe C:\Program\Personal\bin\Personal.exe C:\Program\TimeLeft3\TimeLeft.exe C:\windows\System32\svchost.exe C:\Program\AVG\AVG2012\avgwdsvc.exe C:\Documents and Settings\Ebla\Lokala inställningar\Application Data\Akamai\netsession_win.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\AVG\AVG2012\avgnsx.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program\Telia\Supportassistenten\bin\sprtsvc.exe C:\windows\system32\svchost.exe C:\Program\Telia\Supportassistenten\bin\tgsrvc.exe C:\WINDOWS\system32\UAService7.exe C:\Program\AVG\AVG2012\AVGIDSAgent.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program\Google\Chrome\Application\chrome.exe C:\windows\system32\wuauclt.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\Program\Google\Chrome\Application\chrome.exe C:\windows\system32\msiexec.exe C:\Program\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.229.50.10:3127 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG2012\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistenten\bin\sprtcmd.exe" /P TeliaDA O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Ebla\Local Settings\Apps\F.lux\flux.exe" /noshow O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Xvid] C:\Program\Xvid\CheckUpdate.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Ebla\Lokala inställningar\Application Data\Akamai\netsession_win.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.anotheryousalon.se/" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1645522239-1580818891-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user') O4 - Startup: TimeLeft.lnk = C:\Program\TimeLeft3\TimeLeft.exe O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program\TimeLeft3\TLIntergIE.html O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program\TimeLeft3\TLIntergIE.html O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra button: 5050 Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\5050pokerMPP\MPPoker.exe (HKCU) O9 - Extra button: 5050 Poker - {409DDC75-EDE9-4972-9F96-5E75914C2829} - C:\Microgaming\Poker\5050pokerMPP\MPPoker.exe (HKCU) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://plusevpoker.webex.com/client/T27LB/webex/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG2012\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG2012\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe O23 - Service: SupportSoft Sprocket Service (teliada) (sprtsvc_teliada) - SupportSoft, Inc. - C:\Program\Telia\Supportassistenten\bin\sprtsvc.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - (no file) O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe O23 - Service: SupportSoft Repair Service (teliada) (tgsrvc_teliada) - SupportSoft, Inc. - C:\Program\Telia\Supportassistenten\bin\tgsrvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 15588 bytes
×
×
  • Skapa nytt...