Just nu i M3-nätverket
Jump to content

Virus?


Gun_H

Recommended Posts

Hej,

 

Min dator kan inte visa vissa sidor. När jag går in på t.ex. google.se så förflytt sjag vidare till en pokersite. När jag går in på yahoo eller bing så får jag upp "sidan kan inte visas". De flesta andra siter jag varit på fungerar bra, fast det händer då och då att jag flyttas vidare till fel sida. Underligt!

Jag har scannat datorn med Malwarebyte´s Antimalware, Ad-aware samt eset online scanner. Inga virus hittas. Jag har även rensat den med Ccleaner.

Vet någon vad detta kan bero p?

 

Hälsningar Gun

 

 

 

[log]

DDS (Ver_09-12-01.01) - NTFSx86

Run by Gun at 16:20:21,39 on 2010-03-13

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1023.216 [GMT 1:00]

 

AV: avast! antivirus 4.8.1368 [VPS 100313-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Yahoo!\Search Protection\SearchProtection.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Spotify\spotify.exe

C:\Program\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Gun\Lokala inställningar\Temporary Internet Files\Content.IE5\4HOTMEPN\dds[1].scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.godstart.se/

uSearch Page = ${URL_SEARCHPAGE}

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Page = ${URL_SEARCHPAGE}

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program\togglesw\tbTogg.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program\togglesw\tbTogg.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

TB: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program\togglesw\tbTogg.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

uRun: [ccleaner] "c:\program\ccleaner\CCleaner.exe" /AUTO

uRun: [search Protection] c:\program\yahoo!\search protection\SearchProtection.exe

uRun: [YSearchProtection] c:\program\yahoo!\search protection\SearchProtection.exe

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [iSUSPM Startup] "c:\program\delade filer\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start

mRun: [Ad-Watch] c:\program\lavasoft\ad-aware\AAWTray.exe

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [avast!] c:\program\alwils~1\avast4\ashDisp.exe

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [YSearchProtection] "c:\program\yahoo!\search protection\SearchProtection.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program\java\jre6\bin\jp2iexp.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office11\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program\yahoo!\common\Yinsthelper.dll

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204302115296

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.parallelgraphics.com/l2/bin/cortvrml.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

 

Note: multiple HOSTS entries found. Please refer to Attach.txt

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\gun\applic~1\mozilla\firefox\profiles\ueihzcqn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.godstart.se/index.php

FF - plugin: c:\program\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program\microsoft\office live\npOLW.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64288]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-29 114768]

R1 SASDIFSV;SASDIFSV;c:\docume~1\gun\lokala~1\temp\sas_selfextract\SASDIFSV.SYS [2010-3-12 9968]

R1 SASKUTIL;SASKUTIL;c:\docume~1\gun\lokala~1\temp\sas_selfextract\SASKUTIL.sys [2010-3-12 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-29 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast4\ashServ.exe [2009-11-29 138680]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-28 54752]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program\alwil software\avast4\ashMaiSv.exe [2009-11-29 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program\alwil software\avast4\ashWebSv.exe [2009-11-29 352920]

R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-5-27 24608]

R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [2004-1-29 350282]

S2 gupdate1ca2f18cd592ed8;Tjänsten Google Update (gupdate1ca2f18cd592ed8);c:\program\google\update\GoogleUpdate.exe [2009-9-6 133104]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 SASENUM;SASENUM;\??\c:\docume~1\gun\lokala~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\gun\lokala~1\temp\sas_selfextract\SASENUM.SYS [?]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys --> c:\windows\system32\drivers\nordecr.sys [?]

S4 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\symantec\liveupdate\aluschedulersvc.exe" --> c:\program\symantec\liveupdate\ALUSchedulerSvc.exe [?]

 

=============== Created Last 30 ================

 

2010-03-13 14:39:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

2010-03-13 09:10:06 0 d-----w- c:\program\ESET

2010-03-12 21:31:36 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-11 20:10:16 0 d-----w- c:\program\delade filer\Scanner

2010-03-11 19:50:35 0 d-----w- c:\program\Audacity

2010-03-11 18:23:49 3393 ----a-w- c:\windows\system32\wbem\Outlook_01cac147fe9f896c.mof

2010-03-11 08:18:52 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-02 10:23:24 0 d-----w- c:\program\Personal

2010-02-15 18:54:06 81920 ------w- c:\windows\system32\ieencode.dll

2010-02-15 18:52:53 19569 ----a-w- c:\windows\000001_.tmp

 

==================== Find3M ====================

 

2010-03-12 21:33:57 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-12 21:33:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-11 18:23:49 81618 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-11 18:23:49 440136 ----a-w- c:\windows\system32\perfh01D.dat

2010-02-04 15:53:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-01-24 11:43:24 72039 -c--a-w- c:\windows\War3Unin.dat

2010-01-08 21:58:26 262144 ----a-w- C:\ntuser.dat

2009-12-21 19:09:46 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 07:42:44 343552 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll

 

============= FINISH: 16:21:03,57 ===============

[/log]

Attach.txt

Link to comment
Share on other sites

Hej! Avinstallera ToggleSW Toolbar

http://www.systemlookup.com/CLSID/58315-tbTogg_dll_tbTog0_dll_tbTog1_dll.html

och kör SdFix!

 

Hämta hem SDFix:

= http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

1: Spara SDFix.exe till skrivbordet

2: Klicka på SDFix.exe

3: SDFixen packas upp här => C:\SDFix.

4: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge):

5: Navigera dig fram till => C:\SDFix => Klicka på runthis.bat => Välj Y.

6: När scanningen är klar så tryck på valfri tangent för att starta om datorn.

7: När det står finished så tryck på valfri tangent. En logg kommer automatiskt att visas, kopiera in loggan hit till din tråd.

 

Mvh Laston

Link to comment
Share on other sites

Hej,

jag skulle prova att stänga av detta program, ( C:\Program\Yahoo!\Search Protection\SearchProtection.exe), för att se om du fortsättningsvis blir omdirigerad i dina sökningar.

En ide bara!

Mvh

Mats H

Link to comment
Share on other sites

Hej,

jag skulle prova att stänga av detta program, ( C:\Program\Yahoo!\Search Protection\SearchProtection.exe), för att se om du fortsättningsvis blir omdirigerad i dina sökningar.

 

Tyvärr så beror det inte på Yahoos Search Protection utan det är värre än så.

Link to comment
Share on other sites

Hej,

 

Nu har jag följt era råd, dvs avinstallerat toogle, kört SDFix samt för säkerhets skull även tagit bort yahoo.

 

Men webbsidorna kan fortfarande inte visas.

 

Cecilia du skrev "Tyvärr så beror det inte på Yahoos Search Protection utan det är värre än så" Vad tror du att det är undrar jag?

 

// Gun

 

[log]

SDFix: Version 1.240

Run by Administrat”r on 2010-03-14 at 11:48

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-14 11:58:39

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C65F5CA-6016-5CF0-6703-EC45071739B0}]

"abdmmmjllfpdcnenipgngjcpjkgaellcce"=hex:61,61,00,00

"bbdmmmjllfpdcnenipbljkdablmdebkgbmcc"=hex:61,61,00,00

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

"C:\\Program\\World of Warcraft\\Launcher.exe"="C:\\Program\\World of Warcraft\\Launcher.exe:*:Enabled:Blizzard Launcher"

"C:\\Program\\Valve\\Steam\\SteamApps\\vibjhe616\\counter-strike\\hl.exe"="C:\\Program\\Valve\\Steam\\SteamApps\\vibjhe616\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Program\\Warcraft III\\Warcraft III.exe"="C:\\Program\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\\Program\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\\Program\\Spotify\\spotify.exe"="C:\\Program\\Spotify\\spotify.exe:*:Enabled:Spotify"

"C:\\Program\\Ventrilo\\Ventrilo.exe"="C:\\Program\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"

"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Mon 16 Nov 2009 21,504 ...H. --- "C:\Documents and Settings\Gun\Mina dokument\~WRL2739.tmp"

Mon 8 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Fri 29 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\68be7562a9b6afbc1c39f471a85ce0e9\BIT1.tmp"

Wed 16 Dec 2009 499,712 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Mallar\~WRL1721.tmp"

Wed 23 Dec 2009 514,560 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0004.tmp"

Thu 24 Dec 2009 516,096 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0005.tmp"

Fri 25 Dec 2009 517,632 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0006.tmp"

Sat 26 Dec 2009 519,168 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0007.tmp"

Sun 27 Dec 2009 520,704 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0008.tmp"

Mon 28 Dec 2009 522,240 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0009.tmp"

Mon 28 Dec 2009 524,288 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0010.tmp"

 

Finished!

 

[/log]

Link to comment
Share on other sites

HookProcess

Klicka på Start -> Kör... -> skriv cmd och tryck på OK. I den svarta rutan (kommando-prompten) ska du skriva följande på en och samma rad:

del %SystemRoot%\system32\drivers\etc\hosts |echo 127.0.0.1 localhost >%SystemRoot%\system32\drivers\etc\hosts

 

Alternativt kan du kopiera och klistra in detta i kommando-prompten. Använd inte kortkommandot CTRL+V vid inklistring, högerklicka istället i kommando-prompten och fälj Klistra in

 

Kommandot kommer ta bort en fil och skriva om den filen med standard-innehållet.

 

OBS! Detta är endast lösningen på att Google och några andra sidor inte fungerar.

Link to comment
Share on other sites

Det gick inte att köra filen i kommando-prompten. Jag fick följande svar:

 

Det går inte att hitta C:\WINDOWS\system32\drivers\etc\hosts.

Åtkomst nekad.

Link to comment
Share on other sites

HookProcess

Oh! Testa detta kommandot istället:

 

attrib +A -R -S -H %SystemRoot%\system32\drivers\etc\hosts |echo 127.0.0.1 localhost >%SystemRoot%\system32\drivers\etc\hosts

 

Link to comment
Share on other sites

HookProcess

Typiskt :( Något program som ligger och låser den filen helt enkelt.

 

Kan du göra en till DDS-logg, och klistra in den här?

OBS! Använd inte infoga kod eller infoga log

 

Bifoga även Attach.txt

Link to comment
Share on other sites

Nu har jag kört SDFix igen, men jag fattar inte om jag gjorde nåt fel den här gången, för jag fick ingen Attach-fil nu!

Jag måste kanske göra om igen?!

 

Men här kommer i alla fall loggen:

 

 

SDFix: Version 1.240

Run by Gun on 2010-03-14 at 19:04

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-14 19:14:16

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C65F5CA-6016-5CF0-6703-EC45071739B0}]

"abdmmmjllfpdcnenipgngjcpjkgaellcce"=hex:61,61,00,00

"bbdmmmjllfpdcnenipbljkdablmdebkgbmcc"=hex:61,61,00,00

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

"C:\\Program\\World of Warcraft\\Launcher.exe"="C:\\Program\\World of Warcraft\\Launcher.exe:*:Enabled:Blizzard Launcher"

"C:\\Program\\Valve\\Steam\\SteamApps\\vibjhe616\\counter-strike\\hl.exe"="C:\\Program\\Valve\\Steam\\SteamApps\\vibjhe616\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Program\\Warcraft III\\Warcraft III.exe"="C:\\Program\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\\Program\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\\Program\\Spotify\\spotify.exe"="C:\\Program\\Spotify\\spotify.exe:*:Enabled:Spotify"

"C:\\Program\\Ventrilo\\Ventrilo.exe"="C:\\Program\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"

"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Mon 16 Nov 2009 21,504 ...H. --- "C:\Documents and Settings\Gun\Mina dokument\~WRL2739.tmp"

Mon 8 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Fri 29 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\68be7562a9b6afbc1c39f471a85ce0e9\BIT1.tmp"

Wed 16 Dec 2009 499,712 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Mallar\~WRL1721.tmp"

Wed 23 Dec 2009 514,560 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0004.tmp"

Thu 24 Dec 2009 516,096 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0005.tmp"

Fri 25 Dec 2009 517,632 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0006.tmp"

Sat 26 Dec 2009 519,168 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0007.tmp"

Sun 27 Dec 2009 520,704 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0008.tmp"

Mon 28 Dec 2009 522,240 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0009.tmp"

Mon 28 Dec 2009 524,288 ...H. --- "C:\Documents and Settings\Gun\Application Data\Microsoft\Word\~WRL0010.tmp"

 

Finished!

Link to comment
Share on other sites

DDS (Ver_09-12-01.01) - NTFSx86

Run by Gun at 19:34:23,09 on 2010-03-14

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1023.414 [GMT 1:00]

 

AV: avast! antivirus 4.8.1368 [VPS 100314-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Gun\Mina dokument\Hämtade filer\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.godstart.se/

uSearch Page = ${URL_SEARCHPAGE}

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Page = ${URL_SEARCHPAGE}

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

uRun: [ccleaner] "c:\program\ccleaner\CCleaner.exe" /AUTO

uRun: [search Protection] c:\program\yahoo!\search protection\SearchProtection.exe

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [iSUSPM Startup] "c:\program\delade filer\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start

mRun: [Ad-Watch] c:\program\lavasoft\ad-aware\AAWTray.exe

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [avast!] c:\program\alwils~1\avast4\ashDisp.exe

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program\java\jre6\bin\jp2iexp.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office11\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204302115296

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.parallelgraphics.com/l2/bin/cortvrml.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

 

Note: multiple HOSTS entries found. Please refer to Attach.txt

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\gun\applic~1\mozilla\firefox\profiles\ueihzcqn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.godstart.se/index.php

FF - plugin: c:\program\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program\microsoft\office live\npOLW.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64288]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-29 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-29 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast4\ashServ.exe [2009-11-29 138680]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-28 54752]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program\alwil software\avast4\ashMaiSv.exe [2009-11-29 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program\alwil software\avast4\ashWebSv.exe [2009-11-29 352920]

R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-5-27 24608]

R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [2004-1-29 350282]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\gun\lokala~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\gun\lokala~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\gun\lokala~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\gun\lokala~1\temp\sas_selfextract\SASKUTIL.sys [?]

S2 gupdate1ca2f18cd592ed8;Tjänsten Google Update (gupdate1ca2f18cd592ed8);c:\program\google\update\GoogleUpdate.exe [2009-9-6 133104]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 SASENUM;SASENUM;\??\c:\docume~1\gun\lokala~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\gun\lokala~1\temp\sas_selfextract\SASENUM.SYS [?]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys --> c:\windows\system32\drivers\nordecr.sys [?]

S4 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\symantec\liveupdate\aluschedulersvc.exe" --> c:\program\symantec\liveupdate\ALUSchedulerSvc.exe [?]

 

=============== Created Last 30 ================

 

2010-03-14 10:17:44 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll

2010-03-14 10:10:20 0 d-----w- C:\SDFix

2010-03-13 14:39:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

2010-03-13 09:10:06 0 d-----w- c:\program\ESET

2010-03-12 21:31:36 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-11 20:10:16 0 d-----w- c:\program\delade filer\Scanner

2010-03-11 19:50:35 0 d-----w- c:\program\Audacity

2010-03-11 18:23:49 3393 ----a-w- c:\windows\system32\wbem\Outlook_01cac147fe9f896c.mof

2010-03-11 08:18:52 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-02 10:23:24 0 d-----w- c:\program\Personal

2010-02-15 18:54:06 81920 ------w- c:\windows\system32\ieencode.dll

2010-02-15 18:52:53 19569 ----a-w- c:\windows\000001_.tmp

 

==================== Find3M ====================

 

2010-03-12 21:33:57 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-12 21:33:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-11 18:23:49 81618 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-11 18:23:49 440136 ----a-w- c:\windows\system32\perfh01D.dat

2010-02-04 15:53:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-01-24 11:43:24 72039 -c--a-w- c:\windows\War3Unin.dat

2010-01-08 21:58:26 262144 ----a-w- C:\ntuser.dat

2009-12-21 19:09:46 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 07:42:44 343552 ----a-w- c:\windows\system32\mspaint.exe

 

============= FINISH: 19:34:36,53 ===============

Attach.txt

Link to comment
Share on other sites

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här.

c:\windows\000001_.tmp

 

Spara Gmer på Skrivbordet från:

http://www2.gmer.net/download.php

Den har ett slumpmässigt namn så notera vad programmet sparas som.

 

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta det nedladdade programmet.

En första snabbskanning startar.

Om det kommer upp en WARNING som nämner ROOTKIT och frågar om "fully scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

 

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:\. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.

 

I Firefox välj Verktyg - Tillägg. Har du flera rader i listan på fliken Insticksmoduler som börjar med Java?

I Kontrollpanelen - Lägg till eller ta bort program, finns det flera rader som börjar med Java där också?

Link to comment
Share on other sites

Jag börjar med virustotals resultat, resten kommer senare.

 

[log]Antivirus Version Senaste Uppdatering Resultat

a-squared 4.5.0.50 2010.03.15 -

AhnLab-V3 5.0.0.2 2010.03.15 -

AntiVir 8.2.1.180 2010.03.15 -

Antiy-AVL 2.0.3.7 2010.03.15 -

Authentium 5.2.0.5 2010.03.15 -

Avast 4.8.1351.0 2010.03.15 -

Avast5 5.0.332.0 2010.03.15 -

AVG 9.0.0.787 2010.03.15 -

BitDefender 7.2 2010.03.15 -

CAT-QuickHeal 10.00 2010.03.15 -

ClamAV 0.96.0.0-git 2010.03.15 -

Comodo 4273 2010.03.15 -

DrWeb 5.0.1.12222 2010.03.15 -

eSafe 7.0.17.0 2010.03.15 -

eTrust-Vet 35.2.7363 2010.03.15 -

F-Prot 4.5.1.85 2010.03.15 -

F-Secure 9.0.15370.0 2010.03.15 -

Fortinet 4.0.14.0 2010.03.15 -

GData 19 2010.03.15 -

Ikarus T3.1.1.80.0 2010.03.15 -

Jiangmin 13.0.900 2010.03.15 -

K7AntiVirus 7.10.998 2010.03.15 -

Kaspersky 7.0.0.125 2010.03.15 -

McAfee 5921 2010.03.15 -

McAfee+Artemis 5921 2010.03.15 -

McAfee-GW-Edition 6.8.5 2010.03.15 -

Microsoft 1.5502 2010.03.12 -

NOD32 4946 2010.03.15 -

Norman 6.04.08 2010.03.15 -

nProtect 2009.1.8.0 2010.03.15 -

Panda 10.0.2.2 2010.03.15 -

PCTools 7.0.3.5 2010.03.15 -

Prevx 3.0 2010.03.15 -

Rising 22.39.00.04 2010.03.15 -

Sophos 4.51.0 2010.03.15 -

Sunbelt 5898 2010.03.15 -

Symantec 20091.2.0.41 2010.03.15 -

TheHacker 6.5.2.0.233 2010.03.15 -

TrendMicro 9.120.0.1004 2010.03.15 -

VBA32 3.12.12.2 2010.03.14 -

ViRobot 2010.3.15.2228 2010.03.15 -

VirusBuster 5.0.27.0 2010.03.14 -[/log]

Link to comment
Share on other sites

Ja, nu har jag scannat datorn nån timme, men loggen försvann när datorn hängde sig :angry: !! Får göra om det i morgon och hoppas på bättre tur då!

Link to comment
Share on other sites

HookProcess

Ladda hem verktyget TDSSKiller från Kaspersky Lab från denna länk:

http://support.kaspe.../tdsskiller.zip

 

Packa upp filen TDSSKiller.exe till Skrivbordet.

 

Gå till Start -> Kör... -> kopiera in följande kommando:

 

"%USERPROFILE%\Skrivbord\tdsskiller.exe" -v -l rapport1-1.txt -o rapport1-2.dmp

 

Klicka på OK

Följ anvisningarna i programmet.

 

När allt är klart bifogar du de två nya filerna på Skrivbordet; rapport1-1 samt rapport1-2 i din nästa post hit ;)

Alternativt kan de heta rapport1-1.txt samt rapport1-2.dmp, beroende på hur dina inställningar ser ut

Link to comment
Share on other sites

HookProcess

Här kommer ytterligare instruktioner

 

1. Spara ner min bifogade fil fixHOSTS.zip på Skrivbordet och packa upp filen fixHOSTS.bat till Skrivbordet.

2. Dubbelklicka på fixHOSTS.bat

3. Starta om datorn

4. Enligt tidigare loggar har du Malwarebytes Anti-Malware installerat, starta det. Gå till fliken Uppdatera och klicka på Sök efter uppdateringar. När det är klart går du till fliken Skanner, markerar Utför fullständig skanning och klickar på Skanna. Om infekterade objekt hittas, klickar du på Visa resultat och sedan på Ta bort markerade. Spara loggen på skrivbordet.

5. Kör DDS igen och spara båda loggarna på skrivbordet

6. Klistra in resultatet som finns i loggarna från Malwarebytes och DDS. Attach.txt kan du bifoga istället för att klistra in.

fixHOSTS.zip

Link to comment
Share on other sites

Nu har jag försökt köra Gmer flera gånger, men varje gång slutar det med att dtorn efter ungefär fyra timmar hänger sig. Så det är nog ingen idé att försöka ännu en gång.

 

TDSSKiller har jag kört nu och skickar med filerna.

 

fixHosts kommer förhoppningsvis i morgon.

 

Nehej, det gick inte. Den där rapport.dmb-filen har jag tydligen inte tillåtelse att ladda upp....

rapport1-1.txt

Link to comment
Share on other sites

HookProcess
Min dator kan inte visa vissa sidor. När jag går in på t.ex. google.se så förflytt sjag vidare till en pokersite. När jag går in på yahoo eller bing så får jag upp "sidan kan inte visas". De flesta andra siter jag varit på fungerar bra, fast det händer då och då att jag flyttas vidare till fel sida. Underligt!

 

När började detta, vet du det?

Jag behöver inte veta vilken dag eller så, men vet du med dig att till exempel Google fungerat den senaste månaden?

Link to comment
Share on other sites

Google har inte fungerat de sista veckorna.

 

Jag hade problem med virus för ett tag sedan, och då var det bl.a så att jag kom fel. Jag fick hjälp här att fixa datorn. Efter att ha fått bort viruset installerade jag virusalert (har jag för mig att det hette) som brandvägg. Men då fungerade inte Wow (som sönerna spelar) och ej heller några söksiter. Jag avinstallerade då virusalert, wow gick att spela och söksiterna fungerade igen. Det här var bara några månader sedan.

 

Men nu har det liksom kommit smygande. Jag har hamnat fel då och då, google m.fl. har inte fungerat. Men oftast har jag kommit vidare med att uppdatera en eller ett par ggr. Men nu, de sista veckorna fungerar google (eller yahoo eller bing) inte alls.

 

Samt att datorn blivit otroligt seg!

Link to comment
Share on other sites

HookProcess

Aha!

 

I ett av mina tidigare inlägg skrev jag vad jag ville att du skulle göra, men jag ändrar de instruktionerna lite :)

Here we go...

 

1. Spara ner min bifogade fil fixHOSTS.zip på Skrivbordet och packa upp filen fixHOSTS.bat till Skrivbordet.

2. Dubbelklicka på fixHOSTS.bat

3. Starta om datorn

4. Avinstallera följande program (jag skriver lite kort varför du ska ta bort dem):

 

Ad-Aware - Vi kommer fixa ett annat skydd när vi är klara

Ad-Aware Email Scanner for Outlook - Vi kommer fixa ett annat skydd när vi är klara

avast! Antivirus - Gammal version

CA Yahoo! Anti-Spy (remove only) - I min mening värdelöst ;)

eBay Desktop - Behåll om du använder eBay Desktop, annars tar du bort det

ESET Online Scanner v3 - Behövs inte längre

Google Toolbar for Internet Explorer - Behåll om du använder, i min mening är det onödigt

Google Update Helper - Om du behåller Google Toolbar så behåll denna också

HijackThis 2.0.2 - Vi använder DDS istället

Java™ 6 Update 17 - Gammal version, ta bort. Hämta den senaste här, och installera den.

OpenOffice.org Installer 1.0 - Installationspaket för OpenOffice

PSGui 0.81 - Används till viss mån för att utföra saker på en annan dator

Skype™ 3.8 - Gammal version. Nyaste hittar du här

Uniblue RegistryBooster 2 - Värdelös typ av program, stjälper mer än hjälper

Windows Live Toolbar - Använder du den inte kan du ta bort den. Personligen avskyr jag Toolbars :)

 

Efter avinstallationerna kan du starta om datorn.

 

5. Du har CCleaner installerat, starta det och kör en Filstädning.

6. Enligt tidigare loggar har du Malwarebytes Anti-Malware installerat, starta det. Gå till fliken Uppdatera och klicka på Sök efter uppdateringar. När det är klart går du till fliken Skanner, markerar Utför fullständig skanning och klickar på Skanna. Om infekterade objekt hittas, klickar du på Visa resultat och sedan på Ta bort markerade. Spara loggen på skrivbordet.

7. Kör DDS igen och spara båda loggarna på skrivbordet

8. Klistra in resultatet som finns i loggarna från Malwarebytes och DDS. Attach.txt kan du bifoga istället för att klistra in.

 

OBS! Du har inget virusskydd på datorn om du följt mina instruktioner! Men det löser vi kvickt:

Ladda hem och installera den senaste versionen av Avast! Antivirus här:

http://files.avast.com/iavs5x/setup_av_free_swe.exe

Det är gratis, men de vill att man registrerar att man använder det innan 30 dagar. De vill väl ha lite statistik på vilka som använder det misstänker jag ;) Återigen, det kostar inget att registrera gratis-versionen.

fixHOSTS.zip

Link to comment
Share on other sites

Nu har jag gjort allt som du skrev, hoppas jag.

 

Vet inte om fixHOSTS.bat fungerade. Det kom upp och sa att "filen går inte att hitta", det var allt.

 

Här kommer loggarna:

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Gun at 19:43:13,31 on 2010-03-18

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1023.590 [GMT 1:00]

 

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Documents and Settings\Gun\Lokala inställningar\Apps\2.0\E8WD6NB6.R1E\BVMB5C3Y.KXQ\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Alwil Software\Avast5\AvastSvc.exe

C:\Program\Alwil Software\Avast5\avastUI.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Gun\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.godstart.se/

uSearch Page = ${URL_SEARCHPAGE}

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Page = ${URL_SEARCHPAGE}

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

uRun: [ccleaner] "c:\program\ccleaner\CCleaner.exe" /AUTO

uRun: [search Protection] c:\program\yahoo!\search protection\SearchProtection.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [iSUSPM Startup] "c:\program\delade filer\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [avast5] c:\program\alwils~1\avast5\avastUI.exe /nogui

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\documents and settings\gun\start-meny\program\autostart\CurseClientStartup.ccip

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office11\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204302115296

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.parallelgraphics.com/l2/bin/cortvrml.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

 

Note: multiple HOSTS entries found. Please refer to Attach.txt

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\gun\applic~1\mozilla\firefox\profiles\ueihzcqn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.godstart.se/index.php

FF - plugin: c:\program\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program\microsoft\office live\npOLW.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-18 162640]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-18 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-3-18 40384]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-28 54752]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-3-18 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-3-18 40384]

R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-5-27 24608]

R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [2004-1-29 350282]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\gun\lokala~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\gun\lokala~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\gun\lokala~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\gun\lokala~1\temp\sas_selfextract\SASKUTIL.sys [?]

S2 gupdate1ca2f18cd592ed8;Tjänsten Google Update (gupdate1ca2f18cd592ed8);c:\program\google\update\GoogleUpdate.exe [2009-9-6 133104]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 SASENUM;SASENUM;\??\c:\docume~1\gun\lokala~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\gun\lokala~1\temp\sas_selfextract\SASENUM.SYS [?]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys --> c:\windows\system32\drivers\nordecr.sys [?]

S4 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\symantec\liveupdate\aluschedulersvc.exe" --> c:\program\symantec\liveupdate\ALUSchedulerSvc.exe [?]

 

=============== Created Last 30 ================

 

2010-03-18 17:25:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-03-18 17:21:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-03-18 17:21:42 411368 ----a-w- c:\windows\system32\REN36.tmp

2010-03-14 18:54:52 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-03-14 18:54:52 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-03-14 10:17:44 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll

2010-03-14 10:10:20 0 d-----w- C:\SDFix

2010-03-13 14:39:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

2010-03-11 20:10:16 0 d-----w- c:\program\delade filer\Scanner

2010-03-11 19:50:35 0 d-----w- c:\program\Audacity

2010-03-11 18:23:49 3393 ----a-w- c:\windows\system32\wbem\Outlook_01cac147fe9f896c.mof

2010-03-11 08:18:52 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-02 10:23:24 0 d-----w- c:\program\Personal

 

==================== Find3M ====================

 

2010-03-12 21:33:57 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-11 18:23:49 81618 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-11 18:23:49 440136 ----a-w- c:\windows\system32\perfh01D.dat

2010-01-24 11:43:24 72039 -c--a-w- c:\windows\War3Unin.dat

2010-01-08 21:58:26 262144 ----a-w- C:\ntuser.dat

2009-12-21 19:09:46 916480 ----a-w- c:\windows\system32\wininet.dll

 

============= FINISH: 19:44:01,92 ===============

 

 

 

Malwarebytes' Anti-Malware 1.44

Databasversion: 3883

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-03-18 19:38:31

mbam-log-2010-03-18 (19-38-31).txt

 

Skanningstyp: Fullständig skanning (C:\|)

Antal skannade objekt: 232628

Förfluten tid: 1 hour(s), 7 minute(s), 9 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

Attach.txt

Link to comment
Share on other sites

Gmer fungerade ju inte så du skulle kunna pröva med RootRepeal. Spara denna fil på Skrivbordet:

http://rootrepeal.googlepages.com/RootRepeal.zip

Packa upp zip-filen (extrahera) så att du får en programfil.

 

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta RootRepeal (i Vista och Windows 7 som vanligt genom att högerklicka på ikonen och välja Kör som administratör).

Välj Report-fliken och tryck på Scan.

Bocka för alla sju valen och tryck sedan på Yes/Ja.

Välj C: och tryck Ok.

Det tar ett tag för RootRepeal att söka igenom C:.

När sökningen är klar så tryck på Save Report och spara den med namnet rootrepeal.log. Klistra in innehållet i rootrepeal.log i ditt svar.

Link to comment
Share on other sites

Kolla med ComboFix också. Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...