Xmlmap97

10 mars, 2010

Klistra in en ny DDS-logg så får jag se vad som finns kvar.

10 mars, 2010

Klistra in en ny DDS-logg så får jag se vad som finns kvar.

Här är den nya DSS-loggen:

DDS (Ver_09-12-01.01) - NTFSx86

Run by DavidAnna at 15:37:27,42 on 2010-03-10

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.991.417 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 100310-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\DavidAnna\Application Data\mdply3d\mdply3d.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\DavidAnna\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.se/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program\epson\epson web-to-page\EPSON Web-To-Page.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [xmlmap97] rundll32.exe "c:\documents and settings\davidanna\lokala inställningar\application data\xmlmap97\xmlmap97.dll", DllInit

uRun: [mdply3d] c:\documents and settings\davidanna\application data\mdply3d\mdply3d.exe

uRun: [comodbc3D] rundll32.exe "c:\documents and settings\davidanna\lokala inställningar\application data\comodbc3d\comodbc3D.dll", DllInit

uRun: [jkhihhdrv] rundll32.exe "ljgeee.dll",s

mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ATICCC] "c:\program\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [EPSON Stylus DX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"

mRun: [avast!] c:\program\alwils~1\avast4\ashDisp.exe

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [mlijhfsys] rundll32.exe "ljkjgd.dll",DllRegisterServer

mRun: [byvvurdrv] rundll32.exe "ljgeee.dll",s

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [yaabbxsys] rundll32.exe "ljkjgd.dll",DllRegisterServer

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

uPolicies-explorer: NoSMMyPictures = 0 (0x0)

uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)

uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)

uPolicies-explorer: NoInstrumentation = 0 (0x0)

mPolicies-explorer: NoSMMyPictures = 0 (0x0)

mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)

mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)

mPolicies-explorer: NoInstrumentation = 0 (0x0)

mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.14/uploader2.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://62.181.87.189/activex/AxisCamControl.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 ljkjgd.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-10 64288]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-29 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-29 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast4\ashServ.exe [2009-9-29 138680]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-21 12672]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program\alwil software\avast4\ashMaiSv.exe [2009-9-29 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program\alwil software\avast4\ashWebSv.exe [2009-9-29 352920]

S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2009-7-31 171264]

=============== Created Last 30 ================

2010-03-10 07:58:18 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-10 07:24:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-10 07:17:23 0 d-----w- c:\program\Lavasoft

2010-03-10 07:01:32 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-10 06:22:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-10 06:22:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 06:22:01 0 d-----w- c:\program\Malwarebytes' Anti-Malware

2010-03-10 06:19:24 0 d-----w- c:\docume~1\davida~1\applic~1\Malwarebytes

2010-03-10 06:19:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-10 05:42:12 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-09 20:41:44 89600 ---ha-w- c:\windows\system32\ljkjgd.dll

2010-03-07 18:04:11 93696 ---ha-w- c:\windows\system32\ljgeee.dll

2010-03-06 16:24:53 0 d-----w- c:\windows\Applian Director

2010-03-06 16:24:53 0 d-----w- c:\program\Applian Director

2010-03-06 16:24:34 0 d-----w- c:\windows\Replay Music

2010-03-06 16:24:34 0 d-----w- c:\program\Replay Music 3

2010-03-06 16:23:40 2 ----a-w- c:\documents and settings\davidanna\tenmy.ini

2010-03-06 16:23:40 0 d-----w- c:\docume~1\davida~1\applic~1\mdply3d

2010-03-06 16:23:38 373553 ----a-w- c:\documents and settings\davidanna\mdply3d.exe

2010-03-05 15:24:27 218 ----a-w- c:\documents and settings\davidanna\.recently-used.xbel

2010-03-05 06:22:10 0 d-----w- c:\docume~1\davida~1\applic~1\griffith

2010-03-05 06:21:36 0 d-----w- c:\program\Griffith

2010-03-04 18:11:36 0 d-----w- c:\program\Personal

2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-12 18:36:14 0 d-----w- C:\DVDVOLUME

2010-02-12 17:45:28 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-02-12 17:45:28 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-02-12 17:45:20 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax

2010-02-12 17:45:20 20992 ----a-w- c:\windows\system32\dshowext.ax

2010-02-10 08:28:48 8958040 ----a-w- c:\documents and settings\davidanna\RMSetup.exe

==================== Find3M ====================

2010-03-10 07:24:03 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-12-22 18:39:20 922112 ------w- c:\windows\system32\imapi2fs.dll

2009-12-22 18:39:20 426496 ------w- c:\windows\system32\imapi2.dll

2009-12-21 19:09:46 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 07:42:44 343552 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-05-06 08:44:31 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-05-06 08:44:31 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012009041320090420\index.dat

2009-05-06 08:44:31 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012009050620090507\index.dat

============= FINISH: 15:37:51,26 ===============

Bifogar även Attach.txt

Attach2.txt

10 mars, 2010

Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

10 mars, 2010

Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Jag kör bredbandet via "vanligt" modem genom nätverkskabel. Några problem med det?

Annars förstår jag nog rätt när alla program som körs ska stängas av nu. Jag tror jag har Windows inbygda brandvägg men är osäker (kan jag kolla det på ngt bra sätt). Kör annars med Avast antivirus.

Ursäkta min okunnighet.

10 mars, 2010

Då går det alldeles utmärkt att köra ComboFix. Låt Windows-brandväggen fortsätta vara på.

10 mars, 2010

Då går det alldeles utmärkt att köra ComboFix. Låt Windows-brandväggen fortsätta vara på.

Nu är jag igång igen och här kommer loggen:

ComboFix 10-03-09.08 - DavidAnna 2010-03-10 17:05:27.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.991.523 [GMT 1:00]

Körs från: c:\documents and settings\DavidAnna\Skrivbord\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100310-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\DavidAnna\Application Data\inst.exe

.

(((((((((((((((((((((((( Filer Skapade från 2010-02-10 till 2010-03-10 ))))))))))))))))))))))))))))))

.

2010-03-10 07:58 . 2010-03-10 07:24 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-10 07:24 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-10 07:24 . 2010-03-10 07:24 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-03-10 07:24 . 2010-03-10 07:24 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll

2010-03-10 07:24 . 2010-03-10 07:24 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-03-10 07:24 . 2010-03-10 07:24 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2010-03-10 07:24 . 2010-03-10 07:24 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-03-10 07:24 . 2010-03-10 07:24 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-03-10 07:24 . 2010-03-10 07:24 211064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-03-10 07:17 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-03-10 07:17 . 2010-03-10 07:17 -------- d-----w- c:\program\Lavasoft

2010-03-10 07:01 . 2010-03-10 07:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-10 06:22 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-10 06:22 . 2010-03-10 10:53 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-03-10 06:22 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 06:19 . 2010-03-10 06:19 -------- d-----w- c:\documents and settings\DavidAnna\Application Data\Malwarebytes

2010-03-10 06:19 . 2010-03-10 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-10 05:42 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-09 20:41 . 2010-03-09 20:41 89600 ---ha-w- c:\windows\system32\ljkjgd.dll

2010-03-07 18:04 . 2010-03-07 18:04 93696 ---ha-w- c:\windows\system32\ljgeee.dll

2010-03-06 16:24 . 2010-03-10 09:16 -------- d-----w- c:\program\Applian Director

2010-03-06 16:24 . 2010-03-06 16:24 -------- d-----w- c:\windows\Applian Director

2010-03-06 16:24 . 2010-03-10 09:17 -------- d-----w- c:\program\Replay Music 3

2010-03-06 16:24 . 2010-03-06 16:24 -------- d-----w- c:\windows\Replay Music

2010-03-06 16:23 . 2010-03-06 16:23 373553 ----a-w- c:\documents and settings\DavidAnna\Application Data\mdply3d\mdply3d.exe

2010-03-06 16:23 . 2010-03-06 16:23 -------- d-----w- c:\documents and settings\DavidAnna\Application Data\mdply3d

2010-03-06 16:23 . 2010-03-06 16:23 373553 ----a-w- c:\documents and settings\DavidAnna\mdply3d.exe

2010-03-05 06:22 . 2010-03-05 14:02 -------- d-----w- c:\documents and settings\DavidAnna\Application Data\griffith

2010-03-05 06:21 . 2010-03-05 06:21 -------- d-----w- c:\program\Griffith

2010-03-04 18:11 . 2010-03-04 18:11 -------- d-----w- c:\program\Personal

2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-12 18:36 . 2010-02-12 18:46 -------- d-----w- C:\DVDVOLUME

2010-02-12 17:45 . 2008-04-13 19:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-02-12 17:45 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-02-10 08:28 . 2010-02-10 08:28 8958040 ----a-w- c:\documents and settings\DavidAnna\RMSetup.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-10 07:24 . 2009-10-30 10:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-10 07:17 . 2009-09-02 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-03-10 06:37 . 2010-01-19 07:07 -------- d-----w- c:\program\DivX

2010-03-09 22:15 . 2009-05-03 11:52 -------- d-----w- c:\documents and settings\DavidAnna\Application Data\uTorrent

2010-03-09 09:29 . 2009-06-09 16:15 -------- d-----w- c:\documents and settings\DavidAnna\Application Data\Spotify

2010-03-08 18:42 . 2010-02-06 18:13 -------- d-----w- c:\documents and settings\DavidAnna\Application Data\Skype

2010-03-08 18:22 . 2010-02-06 18:16 -------- d-----w- c:\documents and settings\DavidAnna\Application Data\skypePM

2010-03-05 13:09 . 2009-05-08 14:33 -------- d-----w- c:\documents and settings\DavidAnna\Application Data\dvdcss

2010-03-02 19:19 . 2009-05-02 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink

2010-02-06 18:16 . 2010-02-06 18:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-02-06 18:12 . 2010-02-06 18:12 -------- d-----r- c:\program\Skype

2010-02-06 18:12 . 2010-02-06 18:12 -------- d-----w- c:\program\Delade filer\Skype

2010-02-06 18:12 . 2010-02-06 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-02-05 13:52 . 2010-02-05 13:52 -------- d-----w- c:\program\YouTube Downloader

2010-01-21 06:00 . 2009-12-30 20:50 -------- d-----w- c:\program\Microsoft Silverlight

2010-01-15 15:03 . 2009-04-19 21:37 -------- d-----w- c:\program\Delade filer\Adobe

2010-01-11 07:39 . 2010-01-11 07:39 -------- d-----w- c:\documents and settings\DavidAnna\Application Data\Apple Computer

2010-01-10 23:09 . 2010-01-10 23:09 -------- d-----w- c:\program\QuickTime

2010-01-10 23:09 . 2010-01-10 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-01-10 23:08 . 2010-01-10 23:08 -------- d-----w- c:\program\Delade filer\Apple

2010-01-10 23:08 . 2010-01-10 23:08 -------- d-----w- c:\program\Apple Software Update

2010-01-10 23:08 . 2010-01-10 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll

2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll

2009-12-21 19:09 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 07:42 . 2009-04-19 17:01 343552 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:10 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mdply3d"="c:\documents and settings\DavidAnna\Application Data\mdply3d\mdply3d.exe" [2010-03-06 373553]

"comodbc3D"="c:\documents and settings\DavidAnna\Lokala inställningar\Application Data\comodbc3D\comodbc3D.dll" [2010-03-09 77824]

"jkhihhdrv"="ljgeee.dll" [2010-03-07 93696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]

"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120]

"ATICCC"="c:\program\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]

"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]

"avast!"="c:\program\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"mlijhfsys"="ljkjgd.dll" [2010-03-09 89600]

"byvvurdrv"="ljgeee.dll" [2010-03-07 93696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"yaabbxsys"="ljkjgd.dll" [2010-03-09 89600]

"geecbcdrv"="ljgeee.dll" [2010-03-07 93696]

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2010-3-4 939920]

Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 ljkjgd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 00:57 35760 ----a-w- c:\program\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 16:05 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-25 03:23 149280 ----a-w- c:\program\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Java\\jre6\\bin\\java.exe"=

"c:\\Program\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-03-10 64288]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-09-29 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-09-29 20560]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-21 12672]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1229232]

S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2009-07-31 171264]

--- Övriga tjänster/drivrutiner i minnet ---

*Deregistered* - MBAMSwissArmy

.

Innehållet i mappen 'Schemalagda aktiviteter':

2010-03-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 07:23]

2010-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.14/uploader2.cab

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKCU-Run-xmlmap97 - c:\documents and settings\DavidAnna\Lokala inställningar\Application Data\xmlmap97\xmlmap97.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-10 17:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(568)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\ljgeee.dll

- - - - - - - > 'lsass.exe'(648)

c:\windows\system32\ljkjgd.dll

.

Sluttid: 2010-03-10 17:11:17

ComboFix-quarantined-files.txt 2010-03-10 16:11

Före genomsökningen: 68 025 982 976 byte ledigt

Efter genomsökningen: 68 045 627 392 byte ledigt

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9B0EDA015532C26561528A8ECEE5051C

10 mars, 2010

Har du avinstallerat programmen? I så fall kan du ju ta bort deras mappar:

2010-03-06 16:24 . 2010-03-10 09:16 -------- d-----w- c:\program\Applian Director

2010-03-06 16:24 . 2010-03-06 16:24 -------- d-----w- c:\windows\Applian Director

2010-03-06 16:24 . 2010-03-10 09:17 -------- d-----w- c:\program\Replay Music 3

2010-03-06 16:24 . 2010-03-06 16:24 -------- d-----w- c:\windows\Replay Music

Kopiera alla rader i rutan:

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mdply3d"=-
"comodbc3D"=-
"jkhihhdrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mlijhfsys"=-
"byvvurdrv"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"yaabbxsys"=-
"geecbcdrv"=-

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

10 mars, 2010

Har du avinstallerat programmen? I så fall kan du ju ta bort deras mappar:

2010-03-06 16:24 . 2010-03-10 09:16 -------- d-----w- c:\program\Applian Director

2010-03-06 16:24 . 2010-03-06 16:24 -------- d-----w- c:\windows\Applian Director

2010-03-06 16:24 . 2010-03-10 09:17 -------- d-----w- c:\program\Replay Music 3

2010-03-06 16:24 . 2010-03-06 16:24 -------- d-----w- c:\windows\Replay Music

Kopiera alla rader i rutan:
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mdply3d"=-
"comodbc3D"=-
"jkhihhdrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mlijhfsys"=-
"byvvurdrv"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"yaabbxsys"=-
"geecbcdrv"=-
och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Mapparna ovan är borttagna.

Här kommer nu loggen:

ComboFix 10-03-09.08 - DavidAnna 2010-03-10 18:14:20.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.991.512 [GMT 1:00]

Körs från: c:\documents and settings\DavidAnna\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\DavidAnna\Skrivbord\CFScript.txt

AV: avast! antivirus 4.8.1368 [VPS 100310-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}