Just nu i M3-nätverket
Jump to content

CPU är konstant på 100%


MooSedick

Recommended Posts

Som rubriken lyder så har min dator(bärbar) plötsligt en cpu på 100% där explorer.exe står för 95-100%. Samtidigt har jag fått problem när jag ska öppna mappar och program där det enbart kommer upp ett tomt "Utforskaren" fönster, detta gäller dock inte de program jag har liggande på skrivbordet som funkar som de ska..

 

Fick nån länk skickad till mig via Facebook som tydligen innehöll något virus eller dylikt men vet inte om min dator blev infekterad.

 

Har noll koll när det gäller sånt här så vore tacksam för hjälp. Har kört viruskontroll med AVG och Spybot Search and destroy men de har inte hittat nåt.

 

DDS log följer:

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by hemdatorn at 22:17:36,46 on 2010-03-21

Internet Explorer: 8.0.6001.18882

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2037.986 [GMT 1:00]

 

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\WINDOWS\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\hemdatorn\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.aftonbladet.se/

uSearch Bar = Preserve

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=Presario&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=Presario&pf=laptop

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: avgrsstx.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\hemdat~1\appdata\roaming\mozilla\firefox\profiles\irk38roj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.aftonbladet.se/

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\users\hemdatorn\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-27 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-27 29512]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-27 242696]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-3 1153368]

S2 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-19 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-19 8320]

 

=============== Created Last 30 ================

 

2010-03-21 13:45:55 0 d-----w- C:\Poker

2010-03-14 10:46:00 0 d-----w- C:\MicroGaming

2010-03-13 08:57:31 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-03-12 08:11:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-11 21:59:29 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-11 21:59:28 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-11 21:59:27 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-28 15:11:38 0 d-----w- c:\users\hemdat~1\appdata\roaming\Facebook

 

==================== Find3M ====================

 

2010-03-12 08:11:12 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-12 08:10:35 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-01 18:15:58 87394 ----a-w- c:\windows\system32\perfc00B.dat

2010-03-01 18:15:58 83882 ----a-w- c:\windows\system32\perfc006.dat

2010-03-01 18:15:58 83172 ----a-w- c:\windows\system32\perfc014.dat

2010-03-01 18:15:58 614488 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-01 18:15:58 471494 ----a-w- c:\windows\system32\perfh006.dat

2010-03-01 18:15:58 460484 ----a-w- c:\windows\system32\perfh014.dat

2010-03-01 18:15:58 443770 ----a-w- c:\windows\system32\perfh00B.dat

2010-03-01 18:15:58 124198 ----a-w- c:\windows\system32\perfc01D.dat

2010-02-26 17:02:01 51200 ----a-w- c:\windows\inf\infpub.dat

2010-02-26 17:02:01 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll

2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-20 20:13:18 1010 ----a-w- c:\users\hemdat~1\appdata\roaming\wklnhst.dat

2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-24 08:20:12 56 ---ha-w- c:\programdata\ezsidmv.dat

2009-12-03 15:58:54 86016 ----a-w- c:\windows\inf\infstor.dat

2009-10-30 21:50:19 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-05-09 11:38:57 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2008-05-09 11:38:57 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2008-05-09 11:38:57 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2008-05-09 11:38:57 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2008-05-09 11:31:44 35166 ----a-w- c:\windows\inf\perflib\0414\perfd.dat

2008-05-09 11:31:44 35166 ----a-w- c:\windows\inf\perflib\0414\perfc.dat

2008-05-09 11:31:44 294254 ----a-w- c:\windows\inf\perflib\0414\perfi.dat

2008-05-09 11:31:44 294254 ----a-w- c:\windows\inf\perflib\0414\perfh.dat

2008-05-09 11:24:45 36790 ----a-w- c:\windows\inf\perflib\040b\perfd.dat

2008-05-09 11:24:45 36790 ----a-w- c:\windows\inf\perflib\040b\perfc.dat

2008-05-09 11:24:45 274158 ----a-w- c:\windows\inf\perflib\040b\perfi.dat

2008-05-09 11:24:45 274158 ----a-w- c:\windows\inf\perflib\040b\perfh.dat

2008-05-09 11:18:08 36364 ----a-w- c:\windows\inf\perflib\0406\perfd.dat

2008-05-09 11:18:08 36364 ----a-w- c:\windows\inf\perflib\0406\perfc.dat

2008-05-09 11:18:08 300302 ----a-w- c:\windows\inf\perflib\0406\perfi.dat

2008-05-09 11:18:08 300302 ----a-w- c:\windows\inf\perflib\0406\perfh.dat

2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-10-20 16:11:14 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

 

============= FINISH: 22:18:29,33 ===============

Link to comment
Share on other sites

Ladda ner Malwarebytes Anti-Malware (MBAM) från:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

Tillägg: Har du kvar länken du fick? Det kan ju vara bra att veta för då kan man ju försöka göra något åt webbsidan och skicka informationen till antivirusföretagen så att de kan uppdatera sina program.

Link to comment
Share on other sites

Sådär.... blink.gif

 

Har tyvärr inte kvar länken, raderade den fort som helvete när skiten startade.. Men kan kolla upp om den jag fick den ifrån har kvar länken

 

Malwarebytes' Anti-Malware 1.44

Databasversion: 3896

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

 

2010-03-21 23:50:06

mbam-log-2010-03-21 (23-50-06).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 106825

Förfluten tid: 5 minute(s), 42 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

Link to comment
Share on other sites

Starta om datorn och kolla om datorn blev något bättre av det eller om vi behöver kolla djupare i datorn?

 

Har du kvar länken du fick? Det kan ju vara bra att veta för då kan man ju försöka göra något åt webbsidan och skicka informationen till antivirusföretagen så att de kan uppdatera sina program.

 

Den här mappen skapades i dag:

2010-03-21 13:45:55 0 d-----w- C:\Poker

Vilket program/webbplats hör den ihop med?

Link to comment
Share on other sites

Pokermappen skapades nog av en nedladdning av Expektklienten som gjordes tidigare idag.. Har avinstallerat den eftersom pokern fortfarande var lika tråkig som när jag slutade med den..laugh.gif

Link to comment
Share on other sites

Såg du mitt förra inlägg?

 

Starta om datorn och kolla med MBAM en gång till och klistra in nya DDS-loggar för säkerhets skull.

Link to comment
Share on other sites

missade tyvärr ditt förra inlägg men gör om allt nu.. blush.gif

 

Jag var nog för snabb för nu ballar den ur igen angry.gif

 

Malwarebytes' Anti-Malware 1.44

Databasversion: 3896

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

 

2010-03-22 00:14:02

mbam-log-2010-03-22 (00-14-02).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 106544

Förfluten tid: 5 minute(s), 29 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

 

 

 

DDS:

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by hemdatorn at 0:15:02,98 on 2010-03-22

Internet Explorer: 8.0.6001.18882

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2037.1019 [GMT 1:00]

 

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\hemdatorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFGICP09\dds[1].scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.aftonbladet.se/

uSearch Bar = Preserve

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=Presario&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=Presario&pf=laptop

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: avgrsstx.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\hemdat~1\appdata\roaming\mozilla\firefox\profiles\irk38roj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.aftonbladet.se/

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\users\hemdatorn\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-27 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-27 29512]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-27 242696]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-3 1153368]

S2 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-19 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-19 8320]

 

=============== Created Last 30 ================

 

2010-03-21 22:43:16 0 d-----w- c:\users\hemdat~1\appdata\roaming\Malwarebytes

2010-03-21 22:43:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-21 22:43:11 0 d-----w- c:\programdata\Malwarebytes

2010-03-21 22:43:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-21 22:43:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-21 13:45:55 0 d-----w- C:\Poker

2010-03-14 10:46:00 0 d-----w- C:\MicroGaming

2010-03-13 08:57:31 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-03-12 08:11:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-11 21:59:29 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-11 21:59:28 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-11 21:59:27 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-28 15:11:38 0 d-----w- c:\users\hemdat~1\appdata\roaming\Facebook

 

==================== Find3M ====================

 

2010-03-12 08:11:12 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-12 08:10:35 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-01 18:15:58 87394 ----a-w- c:\windows\system32\perfc00B.dat

2010-03-01 18:15:58 83882 ----a-w- c:\windows\system32\perfc006.dat

2010-03-01 18:15:58 83172 ----a-w- c:\windows\system32\perfc014.dat

2010-03-01 18:15:58 614488 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-01 18:15:58 471494 ----a-w- c:\windows\system32\perfh006.dat

2010-03-01 18:15:58 460484 ----a-w- c:\windows\system32\perfh014.dat

2010-03-01 18:15:58 443770 ----a-w- c:\windows\system32\perfh00B.dat

2010-03-01 18:15:58 124198 ----a-w- c:\windows\system32\perfc01D.dat

2010-02-26 17:02:01 51200 ----a-w- c:\windows\inf\infpub.dat

2010-02-26 17:02:01 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll

2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-20 20:13:18 1010 ----a-w- c:\users\hemdat~1\appdata\roaming\wklnhst.dat

2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-24 08:20:12 56 ---ha-w- c:\programdata\ezsidmv.dat

2009-12-03 15:58:54 86016 ----a-w- c:\windows\inf\infstor.dat

2009-10-30 21:50:19 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-05-09 11:38:57 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2008-05-09 11:38:57 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2008-05-09 11:38:57 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2008-05-09 11:38:57 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2008-05-09 11:31:44 35166 ----a-w- c:\windows\inf\perflib\0414\perfd.dat

2008-05-09 11:31:44 35166 ----a-w- c:\windows\inf\perflib\0414\perfc.dat

2008-05-09 11:31:44 294254 ----a-w- c:\windows\inf\perflib\0414\perfi.dat

2008-05-09 11:31:44 294254 ----a-w- c:\windows\inf\perflib\0414\perfh.dat

2008-05-09 11:24:45 36790 ----a-w- c:\windows\inf\perflib\040b\perfd.dat

2008-05-09 11:24:45 36790 ----a-w- c:\windows\inf\perflib\040b\perfc.dat

2008-05-09 11:24:45 274158 ----a-w- c:\windows\inf\perflib\040b\perfi.dat

2008-05-09 11:24:45 274158 ----a-w- c:\windows\inf\perflib\040b\perfh.dat

2008-05-09 11:18:08 36364 ----a-w- c:\windows\inf\perflib\0406\perfd.dat

2008-05-09 11:18:08 36364 ----a-w- c:\windows\inf\perflib\0406\perfc.dat

2008-05-09 11:18:08 300302 ----a-w- c:\windows\inf\perflib\0406\perfi.dat

2008-05-09 11:18:08 300302 ----a-w- c:\windows\inf\perflib\0406\perfh.dat

2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-10-20 16:11:14 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

 

============= FINISH: 0:16:23,63 ===============

 

 

 

 

Link to comment
Share on other sites

Då kollar vi lite mer. Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Link to comment
Share on other sites

ok.. here we go...

 

ComboFix 10-03-21.01 - hemdatorn 2010-03-22 1:21.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2037.1081 [GMT 1:00]

Körs från: c:\users\hemdatorn\Desktop\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-3190865405-3985469839-3877802256-500

c:\$recycle.bin\S-1-5-21-881949851-144430654-665022913-500

c:\windows\system32\Connect.dll

c:\windows\system32\KBL.LOG

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-02-22 till 2010-03-22 ))))))))))))))))))))))))))))))

.

 

2010-03-22 00:29 . 2010-03-22 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-03-21 22:43 . 2010-03-21 22:43 -------- d-----w- c:\users\hemdatorn\AppData\Roaming\Malwarebytes

2010-03-21 22:43 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-21 22:43 . 2010-03-21 22:43 -------- d-----w- c:\programdata\Malwarebytes

2010-03-21 22:43 . 2010-03-21 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-21 22:43 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-21 20:09 . 2010-03-21 20:09 -------- d-----w- c:\users\hemdatorn\AppData\Local\Mozilla

2010-03-13 08:57 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-03-12 08:11 . 2010-03-12 08:11 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys

2010-03-12 08:11 . 2010-03-12 08:11 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys

2010-03-12 08:11 . 2010-03-12 08:11 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys

2010-03-12 08:11 . 2010-03-12 08:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-11 21:59 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-11 21:59 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-11 21:59 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-28 15:11 . 2010-02-28 15:11 50354 ----a-w- c:\users\hemdatorn\AppData\Roaming\Facebook\uninstall.exe

2010-02-28 15:11 . 2010-02-28 15:11 -------- d-----w- c:\users\hemdatorn\AppData\Roaming\Facebook

2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\users\hemdatorn\AppData\Roaming\Facebook\axfbootloader.dll

2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\users\hemdatorn\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-21 21:14 . 2009-08-01 10:53 -------- d-----w- c:\users\hemdatorn\AppData\Roaming\vlc

2010-03-21 19:41 . 2010-02-03 18:14 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-03-21 18:01 . 2009-08-01 10:31 -------- d-----w- c:\users\hemdatorn\AppData\Roaming\Azureus

2010-03-14 17:39 . 2009-08-13 16:48 -------- d-----w- c:\users\hemdatorn\AppData\Roaming\Microgaming

2010-03-13 06:53 . 2009-08-01 11:22 -------- d-----w- c:\users\hemdatorn\AppData\Roaming\dvdcss

2010-03-12 08:11 . 2009-07-27 13:54 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-12 08:11 . 2009-07-27 13:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-12 08:10 . 2009-07-27 13:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-11 22:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-03-01 18:15 . 2008-05-09 11:40 614488 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-01 18:15 . 2008-05-09 11:40 124198 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-01 18:15 . 2008-05-09 11:32 83172 ----a-w- c:\windows\system32\perfc014.dat

2010-03-01 18:15 . 2008-05-09 11:32 460484 ----a-w- c:\windows\system32\perfh014.dat

2010-03-01 18:15 . 2008-05-09 11:25 87394 ----a-w- c:\windows\system32\perfc00B.dat

2010-03-01 18:15 . 2008-05-09 11:25 443770 ----a-w- c:\windows\system32\perfh00B.dat

2010-03-01 18:15 . 2008-05-09 11:18 83882 ----a-w- c:\windows\system32\perfc006.dat

2010-03-01 18:15 . 2008-05-09 11:18 471494 ----a-w- c:\windows\system32\perfh006.dat

2010-02-25 06:25 . 2009-07-27 13:29 73176 ----a-w- c:\users\hemdatorn\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-16 19:49 . 2010-02-16 19:49 378632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-02-14 05:58 . 2008-05-09 13:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-13 08:59 . 2009-08-06 11:11 -------- d-----w- c:\programdata\Birdstep Technology

2010-02-03 18:41 . 2010-02-03 18:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-02-03 05:19 . 2010-02-03 05:19 -------- d-----w- c:\program files\Common Files\Knowledge Adventure

2010-02-03 05:19 . 2010-02-03 05:19 -------- d-----w- c:\programdata\Knowledge Adventure

2010-02-02 02:51 . 2009-08-01 10:31 -------- d-----w- c:\program files\Vuze

2010-01-26 11:03 . 2009-12-24 08:18 -------- d-----w- c:\users\hemdatorn\AppData\Roaming\Skype

2010-01-26 11:02 . 2009-12-24 08:20 -------- d-----w- c:\users\hemdatorn\AppData\Roaming\skypePM

2010-01-25 12:00 . 2010-02-24 04:03 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-25 12:00 . 2010-02-24 04:03 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-25 12:00 . 2010-02-24 04:03 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-25 12:00 . 2010-02-24 04:03 471552 ----a-w- c:\windows\system32\secproc.dll

2010-01-25 11:58 . 2010-02-24 04:03 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-01-25 08:21 . 2010-02-24 04:03 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-25 08:21 . 2010-02-24 04:03 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-25 08:21 . 2010-02-24 04:03 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-25 08:21 . 2010-02-24 04:03 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-23 09:26 . 2010-02-24 04:03 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-23 07:23 . 2010-01-23 07:23 -------- d-----w- c:\users\hemdatorn\AppData\Roaming\AnvSoft

2010-01-22 17:44 . 2009-07-27 13:21 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-21 04:03 . 2009-09-18 11:45 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-20 20:13 . 2009-07-28 11:26 1010 ----a-w- c:\users\hemdatorn\AppData\Roaming\wklnhst.dat

2010-01-14 10:12 . 2009-10-02 22:34 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-06 15:39 . 2010-02-24 04:03 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-01-06 15:38 . 2010-02-24 04:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-01-06 15:38 . 2010-02-24 04:03 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll

2010-01-06 15:38 . 2010-02-24 04:03 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll

2010-01-06 15:38 . 2010-02-24 04:03 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll

2010-01-06 15:38 . 2010-02-24 04:03 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll

2010-01-06 13:30 . 2010-02-24 04:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-01-02 06:38 . 2010-01-22 08:40 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-22 08:40 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-01-22 08:40 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-01-22 08:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-24 08:20 . 2009-12-24 08:20 56 ---ha-w- c:\programdata\ezsidmv.dat

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID s„kerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2010-1-1 939920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):71,67,e1,9b,5a,38,ca,01

 

R2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2009-01-29 102400]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-12 242696]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-12 916760]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.aftonbladet.se/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=Presario&pf=laptop

DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - c:\users\hemdatorn\AppData\Roaming\Mozilla\Firefox\Profiles\irk38roj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.aftonbladet.se/

FF - plugin: c:\program files\Personal\bin\np_prsnl.dll

FF - plugin: c:\users\hemdatorn\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-22 01:29

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Sluttid: 2010-03-22 01:31:35

ComboFix-quarantined-files.txt 2010-03-22 00:31

 

Före genomsökningen: 136 210 984 960 byte ledigt

Efter genomsökningen: 140 575 551 488 byte ledigt

 

- - End Of File - - 8C16B3B074E74D528CFA76420DC78A07

 

 

 

Link to comment
Share on other sites

Blir inte av med den?

 

Malwarebytes' Anti-Malware 1.44

Databasversion: 3896

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

 

2010-03-22 01:50:37

mbam-log-2010-03-22 (01-50-37).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 107528

Förfluten tid: 4 minute(s), 29 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

 

 

 

Link to comment
Share on other sites

2010-02-28 15:11 . 2010-02-28 15:11 50354 ----a-w- c:\users\hemdatorn\AppData\Roaming\Facebook\uninstall.exe

2010-02-28 15:11 . 2010-02-28 15:11 -------- d-----w- c:\users\hemdatorn\AppData\Roaming\Facebook

2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\users\hemdatorn\AppData\Roaming\Facebook\axfbootloader.dll

2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\users\hemdatorn\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\hemdatorn\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

Ovanstående verkar höra ihop med någon plugin till Facebook som troligen heter Mighty. Jag hittar en uppgift om att datorn verkade bli infekterad samtidigt som denna plugin installerades. Har du någon plugin (tillägg/insticksmodul) till Facebook och/eller Firefox? Vilka?

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här.

c:\Qoobox\Quarantine\C\windows\system32\Connect.dll.vir

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> Quarantined and deleted successfully.

Det är ett fel i MBAM om du uppdaterar MBAM så ska det vara fixat nu.

http://forums.malwarebytes.org/index.php?showtopic=44113

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...