Flera virus, bl.a. desctop security 2010

[Demonen]

Hej

Har giganteproblem med virus just nu. Bland annat så har ett program vid namn desktop security 2010 instalerat sig, utan att jag har godkänt, och hittar inga uninstallprogram för detta.

Använder mig av Avira Antivir Personal som virusprogram och zonealarm som brandvägg.

Avira hittar fåtal varningar men inget stort medan detta nya program säger att det hittar en hel hög med dom, trojaner maskar osv.

Kör systemscan ungefär en gång i veckan, och alltid på med både brandvägg och antivirus.

 

Vad skall jag göra? för jag börjar bli lätt irriterad över att få erbjudande om att köpa programet som har helt plötsligt instalerat sig på min dator.

 

Med tacksamma hällsningar Erik

[Cecilia]

Du har alltså fått in det falska antivirusprogrammet Desktop security 2010, som hittar på saker bara för att locka dig att köpa programmet. Det kan var lite besvärligt att bli av med det.

 

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

[Demonen]

DDS (Ver_10-03-17.01) - NTFSx86

Run by StE at 1:30:28,37 on 2010-05-07

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2559.1969 [GMT 2:00]

 

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program\agi\common\agservice.exe

C:\Program\Avira\AntiVir Desktop\avguard.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Avira\AntiVir Desktop\avshadow.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Kiwee Toolbar2\2.6.156\kwtbaim.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\ALCMTR.EXE

C:\ADVANC~1\wh_exec.exe

C:\Program\Winamp\winampa.exe

C:\Program\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\StE\Lokala inställningar\Temp\m.253.tmp.exe

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\securitycenter.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\StE\Mina dokument\Hämtade filer\dds(2).scr

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://search.live.com

uInternet Connection Wizard,ShellNext = iexplore

mSearchAssistant = hxxp://search.live.com/sphome.aspx

uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program\agi\common\_agcutils.pyd

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program\kiwee toolbar2\2.6.156\KiweeIEToolbar.dll

BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program\torrentman\tbTor0.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program\zonealarmsb\bar\1.bin\SPYBLOCK.DLL

TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program\torrentman\tbTor0.dll

TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program\zonealarmsb\bar\1.bin\SPYBLOCK.DLL

TB: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program\kiwee toolbar2\2.6.156\KiweeIEToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\program\windows live\messenger\MsnMsgr.Exe" /background

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [updateMyDrivers] c:\program\smarttweak software\updatemydrivers\UpdateMyDrivers.exe -t

uRun: [94qho1usvef7] c:\documents and settings\ste\lokala inställningar\temp\m.253.tmp.exe

uRun: [Desktop Security 2010] "c:\documents and settings\ste\application data\desktop security 2010\Desktop Security 2010.exe" /STARTUP

uRun: [securityCenter] c:\documents and settings\ste\application data\desktop security 2010\securitycenter.exe

mRun: [ATIPTA] "c:\program\ati technologies\ati control panel\atiptaxx.exe"

mRun: [type32] "c:\program\microsoft intellitype pro\type32.exe"

mRun: [intelliPoint] "c:\program\microsoft intellipoint\point32.exe"

mRun: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [ZoneAlarm Client] "c:\program\zone labs\zonealarm\zlclient.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [KiweeHook] "c:\program\kiwee toolbar2\2.6.156\kwtbaim.exe"

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [WheelMouse] c:\advanc~1\wh_exec.exe

mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [WinampAgent] c:\program\winamp\winampa.exe

mRun: [avgnt] "c:\program\avira\antivir desktop\avgnt.exe" /min

mRun: [ReportingDWIntl20] c:\program\delade filer\microsoft shared\dw\1051\errormicrosoft.exe

mRun: [uTYf] c:\docume~1\ste\lokala~1\temp\UTYf.exe

mRun: [PluginAdobe] c:\program\adobe\reader 8.0\reader\amt\pluginupdater.exe

mRun: [WAB32WAB32res] c:\program\delade filer\system\wab32wab32res.exe

mRun: [systemOperating] c:\program\delade filer\microsoft shared\speech\sapi5operating.exe

mRunServices: [ReportingError] c:\program\delade filer\microsoft shared\dw\1051\errormicrosoft.exe

mRunServices: [uTYf] c:\docume~1\ste\lokala~1\temp\UTYf.exe

mRunServices: [WindowsWindows] c:\program\delade filer\system\wab32wab32res.exe

mRunServices: [PluginPlugin] c:\program\adobe\reader 8.0\reader\amt\pluginupdater.exe

mRunServices: [WindowsTMSAPISVR5] c:\program\delade filer\microsoft shared\speech\sapi5operating.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\ste\applic~1\mozilla\firefox\profiles\tsovax1b.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.billingensklatterklubb.se/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\documents and settings\ste\application data\mozilla\firefox\profiles\tsovax1b.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: c:\program\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program\mozilla firefox\plugins\NPZoneSB.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-6-8 24941]

R1 avgio;avgio;c:\program\avira\antivir desktop\avgio.sys [2010-4-29 11608]

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-3-30 148496]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-6-23 353672]

R2 AGWinService;AG Windows Service;c:\program\agi\common\agservice.exe [2008-6-30 21504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program\avira\antivir desktop\sched.exe [2010-4-29 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program\avira\antivir desktop\avguard.exe [2010-4-29 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-29 60936]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-17 54752]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-6-8 162176]

R3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\system32\drivers\whmice2k.sys [2010-4-19 6885]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-5 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-5 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-5 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-5 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-5 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-5 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-5 110120]

 

=============== Created Last 30 ================

 

2010-05-06 20:59:36 0 d-----w- c:\docume~1\ste\applic~1\Desktop Security 2010

2010-05-06 19:46:05 0 d-----w- c:\docume~1\ste\applic~1\Avira

2010-04-29 13:39:32 0 d-----w- c:\windows\system32\NtmsData

2010-04-29 13:34:57 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-04-29 13:34:52 0 d-----w- c:\program\Avira

2010-04-29 13:34:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-04-29 13:14:48 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-27 21:01:12 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-04-27 21:01:10 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2010-04-27 21:01:02 0 d-----w- c:\windows\Logs

2010-04-26 12:24:44 7611 ----a-w- c:\documents and settings\ste\.recently-used.xbel

2010-04-19 17:00:53 0 d-----w- C:\AMD

2010-04-19 16:42:51 7296 ----a-w- c:\windows\system32\drivers\osaio.sys

2010-04-19 16:42:45 36484 ----a-w- c:\windows\system32\drivers\SMBios.sys

2010-04-19 16:25:38 73728 ----a-w- c:\windows\system32\waitwnd.exe

2010-04-19 16:25:38 6584 ----a-w- c:\windows\system32\InstFunc.dll

2010-04-19 16:25:38 180224 ----a-w- c:\windows\system32\setuplib.dll

2010-04-19 16:25:35 0 d-----w- c:\documents and settings\ste\WINDOWS

2010-04-19 16:23:36 0 d-----w- c:\windows\Drivers

2010-04-19 16:21:42 0 d-----w- C:\ATI

2010-04-19 16:21:00 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys

2010-04-19 16:21:00 45056 ----a-w- c:\windows\system32\vusetup.dll

2010-04-19 16:21:00 11392 ----a-w- c:\windows\system32\drivers\vulfntr.sys

2010-04-19 16:17:05 307200 ----a-w- c:\windows\IsUn041d.exe

2010-04-19 16:15:21 24576 ----a-w- c:\windows\system32\AsIO.dll

2010-04-19 16:15:21 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys

2010-04-19 16:15:19 0 d-----w- c:\program\ASUS

2010-04-19 16:15:08 1746 ----a-w- c:\windows\Language_trs.ini

2010-04-19 16:10:07 0 d-----w- C:\Advanced Wheel Mouse

2010-04-19 16:09:54 6885 ----a-w- c:\windows\system32\drivers\whmice2k.sys

2010-04-19 16:08:16 0 d-----w- C:\DRIVERS

2010-04-19 16:07:46 0 d-----w- C:\Ibmtools

2010-04-19 16:07:24 53248 ----a-w- c:\windows\system32\CSVer.dll

2010-04-19 16:06:46 0 d-----w- C:\Intel

2010-04-19 15:42:55 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{F39C5C5D-1C7F-42D5-907F-30D501B70856}

2010-04-19 15:42:41 0 d-----w- c:\program\SmartTweak Software

2010-04-19 15:38:24 0 d-----w- c:\docume~1\ste\applic~1\Blitware

2010-04-19 15:38:20 0 d-----w- c:\program\Driver Robot

2010-04-12 21:33:57 293376 ------w- c:\windows\system32\browserchoice.exe

2010-04-11 14:55:00 1089883 -c----w- c:\windows\system32\dllcache\ntprint.cat

2010-04-10 10:31:42 0 d-----w- c:\windows\system32\XPSViewer

2010-04-10 10:31:00 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-04-10 10:31:00 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-04-10 10:31:00 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-04-10 10:31:00 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-04-10 10:31:00 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-04-10 10:31:00 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-04-10 10:31:00 117760 ------w- c:\windows\system32\prntvpt.dll

2010-04-10 08:33:54 0 d-----w- c:\program\Microsoft

2010-04-10 08:26:37 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-04-10 08:23:53 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-04-10 08:23:53 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-04-10 08:23:36 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-04-10 08:23:29 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-04-10 08:23:22 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx

2010-04-10 08:22:47 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

 

==================== Find3M ====================

 

2010-05-06 23:30:39 671804704 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-05-06 23:26:26 9001016 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-05-02 07:56:03 53112 ----a-r- c:\windows\fonts\Runbrev.ttf

2010-04-11 18:08:36 79082 ----a-w- c:\windows\system32\perfc01D.dat

2010-04-11 18:08:36 434860 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-09 11:11:42 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-02-26 05:44:05 667648 ----a-w- c:\windows\system32\wininet.dll

2010-02-26 05:44:02 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-02-16 19:09:26 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:09:26 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:35:03 100864 ----a-w- c:\windows\system32\6to4svc.dll

 

============= FINISH: 1:31:15,37 ===============

[Cecilia]

Ladda ner Malwarebytes Anti-Malware (MBAM) från:

http://www.malwarebytes.org/mbam.php

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny DDS-logg.

[Demonen]

Tack så jättemycket för dom snabba svaren.

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4074

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

 

2010-05-07 16:06:09

mbam-log-2010-05-07 (16-06-09).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 117165

Förfluten tid: 9 minut(er), 29 sekund(er)

 

Infekterade minnesprocesser: 2

Infekterade minnesmoduler: 3

Infekterade registernycklar: 2

Infekterade registervärden: 3

Infekterade registerdataposter: 0

Infekterade mappar: 2

Infekterade filer: 17

 

Infekterade minnesprocesser:

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\securitycenter.exe (Rogue.DesktopSecurity2010) -> Unloaded process successfully.

C:\Documents and Settings\StE\Lokala inställningar\Temp\m.253.tmp.exe (Trojan.Downloader) -> Unloaded process successfully.

 

Infekterade minnesmoduler:

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_CURRENT_USER\Software\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94qho1usvef7 (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

C:\Documents and Settings\StE\Start-meny\Program\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Delete on reboot.

 

Infekterade filer:

C:\Documents and Settings\StE\Start-meny\Program\Desktop Security 2010\Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Start-meny\Program\Desktop Security 2010\Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Start-meny\Program\Desktop Security 2010\Help Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Start-meny\Program\Desktop Security 2010\How to Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Delete on reboot.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\securitycenter.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\securityhelper.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Application Data\Desktop Security 2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Start-meny\Program\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Lokala inställningar\Temp\wrfwe_di.exe (Trojan.Downloader) -> Delete on reboot.

C:\Documents and Settings\StE\Lokala inställningar\Temp\test.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\StE\Lokala inställningar\Temp\m.253.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by StE at 16:11:54,29 on 2010-05-07

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2559.1926 [GMT 2:00]

 

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program\agi\common\agservice.exe

C:\Program\Avira\AntiVir Desktop\avguard.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Avira\AntiVir Desktop\avshadow.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Kiwee Toolbar2\2.6.156\kwtbaim.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\ALCMTR.EXE

C:\ADVANC~1\wh_exec.exe

C:\Program\Winamp\winampa.exe

C:\Program\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Windows Live\Contacts\wlcomm.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\StE\Mina dokument\Hämtade filer\dds(3).scr

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://search.live.com

uInternet Connection Wizard,ShellNext = iexplore

mSearchAssistant = hxxp://search.live.com/sphome.aspx

uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program\agi\common\_agcutils.pyd

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program\kiwee toolbar2\2.6.156\KiweeIEToolbar.dll

BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program\torrentman\tbTor0.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program\zonealarmsb\bar\1.bin\SPYBLOCK.DLL

TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program\torrentman\tbTor0.dll

TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program\zonealarmsb\bar\1.bin\SPYBLOCK.DLL

TB: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program\kiwee toolbar2\2.6.156\KiweeIEToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\program\windows live\messenger\MsnMsgr.Exe" /background

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [updateMyDrivers] c:\program\smarttweak software\updatemydrivers\UpdateMyDrivers.exe -t

mRun: [ATIPTA] "c:\program\ati technologies\ati control panel\atiptaxx.exe"

mRun: [type32] "c:\program\microsoft intellitype pro\type32.exe"

mRun: [intelliPoint] "c:\program\microsoft intellipoint\point32.exe"

mRun: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [ZoneAlarm Client] "c:\program\zone labs\zonealarm\zlclient.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [KiweeHook] "c:\program\kiwee toolbar2\2.6.156\kwtbaim.exe"

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [WheelMouse] c:\advanc~1\wh_exec.exe

mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [WinampAgent] c:\program\winamp\winampa.exe

mRun: [avgnt] "c:\program\avira\antivir desktop\avgnt.exe" /min

mRun: [ReportingDWIntl20] c:\program\delade filer\microsoft shared\dw\1051\errormicrosoft.exe

mRun: [uTYf] c:\docume~1\ste\lokala~1\temp\UTYf.exe

mRun: [PluginAdobe] c:\program\adobe\reader 8.0\reader\amt\pluginupdater.exe

mRun: [WAB32WAB32res] c:\program\delade filer\system\wab32wab32res.exe

mRun: [systemOperating] c:\program\delade filer\microsoft shared\speech\sapi5operating.exe

mRunServices: [ReportingError] c:\program\delade filer\microsoft shared\dw\1051\errormicrosoft.exe

mRunServices: [uTYf] c:\docume~1\ste\lokala~1\temp\UTYf.exe

mRunServices: [WindowsWindows] c:\program\delade filer\system\wab32wab32res.exe

mRunServices: [PluginPlugin] c:\program\adobe\reader 8.0\reader\amt\pluginupdater.exe

mRunServices: [WindowsTMSAPISVR5] c:\program\delade filer\microsoft shared\speech\sapi5operating.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\ste\applic~1\mozilla\firefox\profiles\tsovax1b.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.billingensklatterklubb.se/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\documents and settings\ste\application data\mozilla\firefox\profiles\tsovax1b.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: c:\program\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program\mozilla firefox\plugins\NPZoneSB.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-6-8 24941]

R1 avgio;avgio;c:\program\avira\antivir desktop\avgio.sys [2010-4-29 11608]

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-3-30 148496]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-6-23 353672]

R2 AGWinService;AG Windows Service;c:\program\agi\common\agservice.exe [2008-6-30 21504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program\avira\antivir desktop\sched.exe [2010-4-29 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program\avira\antivir desktop\avguard.exe [2010-4-29 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-29 60936]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-17 54752]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-6-8 162176]

R3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\system32\drivers\whmice2k.sys [2010-4-19 6885]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-5 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-5 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-5 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-5 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-5 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-5 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-5 110120]

 

=============== Created Last 30 ================

 

2010-05-07 13:52:01 0 d-----w- c:\docume~1\ste\applic~1\Malwarebytes

2010-05-07 13:51:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-07 13:51:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-07 13:51:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-07 13:51:50 0 d-----w- c:\program\Malwarebytes' Anti-Malware

2010-05-06 19:46:05 0 d-----w- c:\docume~1\ste\applic~1\Avira

2010-04-29 13:39:32 0 d-----w- c:\windows\system32\NtmsData

2010-04-29 13:34:57 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-04-29 13:34:52 0 d-----w- c:\program\Avira

2010-04-29 13:34:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-04-29 13:14:48 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-27 21:01:12 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-04-27 21:01:10 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2010-04-27 21:01:02 0 d-----w- c:\windows\Logs

2010-04-26 12:24:44 7611 ----a-w- c:\documents and settings\ste\.recently-used.xbel

2010-04-19 17:00:53 0 d-----w- C:\AMD

2010-04-19 16:42:51 7296 ----a-w- c:\windows\system32\drivers\osaio.sys

2010-04-19 16:42:45 36484 ----a-w- c:\windows\system32\drivers\SMBios.sys

2010-04-19 16:25:38 73728 ----a-w- c:\windows\system32\waitwnd.exe

2010-04-19 16:25:38 6584 ----a-w- c:\windows\system32\InstFunc.dll

2010-04-19 16:25:38 180224 ----a-w- c:\windows\system32\setuplib.dll

2010-04-19 16:25:35 0 d-----w- c:\documents and settings\ste\WINDOWS

2010-04-19 16:23:36 0 d-----w- c:\windows\Drivers

2010-04-19 16:21:42 0 d-----w- C:\ATI

2010-04-19 16:21:00 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys

2010-04-19 16:21:00 45056 ----a-w- c:\windows\system32\vusetup.dll

2010-04-19 16:21:00 11392 ----a-w- c:\windows\system32\drivers\vulfntr.sys

2010-04-19 16:17:05 307200 ----a-w- c:\windows\IsUn041d.exe

2010-04-19 16:15:21 24576 ----a-w- c:\windows\system32\AsIO.dll

2010-04-19 16:15:21 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys

2010-04-19 16:15:19 0 d-----w- c:\program\ASUS

2010-04-19 16:15:08 1746 ----a-w- c:\windows\Language_trs.ini

2010-04-19 16:10:07 0 d-----w- C:\Advanced Wheel Mouse

2010-04-19 16:09:54 6885 ----a-w- c:\windows\system32\drivers\whmice2k.sys

2010-04-19 16:08:16 0 d-----w- C:\DRIVERS

2010-04-19 16:07:46 0 d-----w- C:\Ibmtools

2010-04-19 16:07:24 53248 ----a-w- c:\windows\system32\CSVer.dll

2010-04-19 16:06:46 0 d-----w- C:\Intel

2010-04-19 15:42:55 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{F39C5C5D-1C7F-42D5-907F-30D501B70856}

2010-04-19 15:42:41 0 d-----w- c:\program\SmartTweak Software

2010-04-19 15:38:24 0 d-----w- c:\docume~1\ste\applic~1\Blitware

2010-04-19 15:38:20 0 d-----w- c:\program\Driver Robot

2010-04-12 21:33:57 293376 ------w- c:\windows\system32\browserchoice.exe

2010-04-11 14:55:00 1089883 -c----w- c:\windows\system32\dllcache\ntprint.cat

2010-04-10 10:31:42 0 d-----w- c:\windows\system32\XPSViewer

2010-04-10 10:31:00 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-04-10 10:31:00 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-04-10 10:31:00 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-04-10 10:31:00 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-04-10 10:31:00 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-04-10 10:31:00 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-04-10 10:31:00 117760 ------w- c:\windows\system32\prntvpt.dll

2010-04-10 08:33:54 0 d-----w- c:\program\Microsoft

2010-04-10 08:26:37 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-04-10 08:23:53 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-04-10 08:23:53 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-04-10 08:23:36 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-04-10 08:23:29 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-04-10 08:23:22 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx

2010-04-10 08:22:47 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

 

==================== Find3M ====================

 

2010-05-07 14:11:54 672290336 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-05-07 14:06:56 9008000 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-05-02 07:56:03 53112 ----a-r- c:\windows\fonts\Runbrev.ttf

2010-04-11 18:08:36 79082 ----a-w- c:\windows\system32\perfc01D.dat

2010-04-11 18:08:36 434860 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-09 11:11:42 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-02-26 05:44:05 667648 ----a-w- c:\windows\system32\wininet.dll

2010-02-26 05:44:02 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-02-16 19:09:26 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:09:26 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:35:03 100864 ----a-w- c:\windows\system32\6to4svc.dll

 

============= FINISH: 16:12:44,06 ===============

[Demonen]

vad är det i dessa loggar man letar efter?

[Cecilia]

vad är det i dessa loggar man letar efter?

Sånt man inte känner igen och det får man ta reda på mer om.

 

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

Om det stämmer som det står att du har två antivirusprogram så är det inte bra utan kan leda till konstiga problem.

 

Kan du bifoga eller klistra in Attach-loggen från DDS-programmet medan jag går igenom loggen.

[Cecilia]

Avinstallera:

Kiwee Toolbar

TorrentMan Toolbar

ZoneAlarm Spy Blocker

Dessa utför lite lätt spioneri. Var försiktig när du installerar program och se till att avbocka toolrbars/verktygslister som kommer med.

 

2010-04-19 15:38:24 0 d-----w- c:\docume~1\ste\applic~1\Blitware

2010-04-19 15:38:20 0 d-----w- c:\program\Driver Robot

Hittar mycket negativ information om dem på internet. Avinstallera.

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här. Upprepa med nästa filnamn.

c:\program\adobe\reader 8.0\reader\amt\pluginupdater.exe

c:\program\delade filer\system\wab32wab32res.exe

c:\program\delade filer\microsoft shared\speech\sapi5operating.exe

c:\program\delade filer\microsoft shared\dw\1051\errormicrosoft.exe

c:\documents and settings\ste\.recently-used.xbel

c:\docume~1\ste\lokala~1\temp\UTYf.exe

[Demonen]

Okay, skall försöka göra detta.

här kommer även den önskade logfilen

Attach.txt

[Cecilia]

Avinstallera:

Java™ 6 Update 4

Java™ 6 Update 7

Det är gamla versioner med säkerhetshål och det innebär att din dator är ett lätt mål att infektera för en skadlig eller hackad webbsida.