Hur tar jag bort ett virus

[rotciv]

Hej, detta är första gången jag tar mig an ett dator-virus, tidigare har formaterat om datorn direkt.

 

Jag är medveten om att jag har ett virus, helt plötsligt blev datorn otroligt seg och speciellt internet slöade ner.

Jag laddade ner ett antal graits program för att söka efter viruset, Panda antivirus och något som hette spyboot.

 

Dem neutraliserade ett antal virus var, har tyvärr inte kvar loggarna från dessa. Men datorn var fortsatt väldigt seg, ingen förbättring. Efteråt kollade jag i aktivitetshanteraren och såg att en fil använde mellan 30-40 procent av cpun, jag avslutade den och efteråt flyter datorn på nästan lika bra som förut. Dock så aktiverars filen så fort datorn startas.

 

Viruset kom 9/7-10/7 tror jag.

 

Nu är frågan hur jag skall få bort detta virus.

 

Här kommer loggen från dds

 

DDS (Ver_10-03-17.01) - NTFSX64

Run by Auem at 13:24:52,82 on 2010-07-12

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4061.2170 [GMT 2:00]

 

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

c:\PROGRA~2\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Net iD\iid.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Auem\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~2\office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~2\mcafee\viruss~1\scriptsn.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast access\FAIESSO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~2\office14\URLREDIR.DLL

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\panda security\panda security toolbar\PandaSecurityDx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\panda security\panda security toolbar\PandaSecurityDx.dll

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun

uRun: [steam] "c:\program files (x86)\steam\Steam.exe" -silent

uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [gjrvmlnf] c:\users\auem\appdata\local\nxmoxtvro\mwfsjrstssd.exe

uRun: [doajuus] c:\users\auem\doajuus.exe

uRun: [hfjpgdxm] c:\users\auem\appdata\local\dmxevfxlc\pqpwgoetssd.exe

uRun: [spybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe

uRun: [hayib] c:\users\auem\hayib.exe

uRun: [pjveow] c:\users\auem\pjveow.exe

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m

mRun: [FATrayAlert] c:\program files (x86)\sensible vision\fast access\FATrayMon.exe

mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [FAStartup]

mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey

mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [switchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [Net iD] "c:\program files (x86)\net id\iid.exe"

mRun: [PSUNMain] "c:\program files (x86)\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe

mRunOnce: [sTToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe

StartupFolder: c:\users\auem\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files (x86)\personal\bin\Personal.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptbehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptbehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~2\office14\GROOVEEX.DLL

LSA: Notification Packages = scecli FAPassSync

{27B4851A-3207-45A2-B947-BE8AFE6163AB}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun-x64: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun-x64: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

 

============= SERVICES / DRIVERS ===============

 

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-4-16 55280]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-16 308296]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 149512]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-26 203264]

R2 FAService;FAService;c:\program files (x86)\sensible vision\fast access\FAService.exe [2009-6-24 2368776]

R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\McProxy.exe [2010-5-1 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-5-1 155456]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\panda security\panda cloud antivirus\PSANHost.exe [2010-4-30 136448]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 158280]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 114696]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 121864]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 126024]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-7-9 1153368]

R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-4-16 658656]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-4-16 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-4-16 172704]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-25 238848]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-2-26 60416]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2010-2-26 317480]

R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-5-1 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-16 102472]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-4-16 49480]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-1 136176]

S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-5-16 114560]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-16 41032]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-4-16 40904]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 51445112]

S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-6-29 50176]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

 

=============== Created Last 30 ================

 

2010-07-12 10:27:09 408 ----a-w- c:\users\auem\dmik.exe.nanflmrkxtns

2010-07-11 15:13:00 408 ----a-w- c:\users\auem\jeuhil.exe.nanflmrkxtns

2010-07-10 14:28:31 54272 --sh--r- c:\users\auem\pjveow.exe

2010-07-10 14:28:15 228941 ----a-w- c:\users\auem\poapak.exe

2010-07-10 14:27:24 408 ----a-w- c:\users\auem\b.exe.nanflmrkxtns

2010-07-10 14:27:10 228941 ----a-w- c:\users\auem\muirw.exe

2010-07-09 18:11:42 408 ----a-w- c:\users\auem\2.exe.nanflmrkxtns

2010-07-09 16:53:36 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-07-09 16:53:36 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy

2010-07-09 14:05:02 0 d-----w- c:\users\auem\appdata\roaming\EMCO

2010-07-09 14:04:08 0 d-----w- c:\program files\EMCO

2010-07-09 11:45:53 0 d-----w- c:\users\auem\appdata\roaming\Panda Security

2010-07-09 11:45:38 0 d-----w- c:\users\auem\appdata\roaming\SurfSecret Privacy Suite

2010-07-09 11:44:46 276 ----a-w- c:\windows\system32\PSUNCpl.dat

2010-07-09 11:44:17 0 d-----w- c:\programdata\Panda Security

2010-07-09 11:44:17 0 d-----w- c:\program files (x86)\Panda Security

2010-06-29 18:34:21 0 d-----w- c:\program files\DIFX

2010-06-29 18:34:20 50176 ----a-w- c:\windows\system32\drivers\shbecr.sys

2010-06-28 05:30:52 0 d-----w- c:\users\auem\appdata\roaming\Red Kawa

2010-06-24 11:42:59 0 d-----w- c:\program files (x86)\Net iD

2010-06-24 11:42:44 0 d-----w- c:\users\auem\appdata\roaming\iid

2010-06-23 23:27:32 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll

2010-06-23 23:27:32 49472 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-06-23 23:27:32 48960 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-23 23:27:32 444752 ----a-w- c:\windows\system32\mscoree.dll

2010-06-23 23:27:32 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-23 23:27:32 297808 ----a-w- c:\windows\syswow64\mscoree.dll

2010-06-23 23:27:32 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe

2010-06-23 23:27:32 1942856 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 23:27:32 1130824 ----a-w- c:\windows\syswow64\dfshim.dll

2010-06-23 23:27:32 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-23 20:19:39 1736608 ----a-w- c:\windows\system32\ntdll.dll

2010-06-23 20:19:39 1289528 ----a-w- c:\windows\syswow64\ntdll.dll

2010-06-23 20:19:34 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-06-23 20:19:34 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-06-23 20:19:33 552960 ----a-w- c:\windows\system32\msdri.dll

2010-06-23 20:19:33 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-06-23 20:19:33 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2010-06-23 20:19:33 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-06-23 20:19:33 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax

2010-06-21 20:46:45 0 d-----w- c:\users\auem\appdata\roaming\PhotoScape

2010-06-21 20:45:38 0 d-----w- c:\program files (x86)\PhotoScape

2010-06-21 19:30:08 0 d-----w- c:\program files\iPod

2010-06-21 19:30:07 0 d-----w- c:\program files\iTunes

2010-06-21 19:28:13 0 d-----w- c:\program files\Bonjour

2010-06-21 19:28:13 0 d-----w- c:\program files (x86)\Bonjour

 

==================== Find3M ====================

 

2010-07-10 14:17:15 617470 ----a-w- c:\windows\system32\perfh01D.dat

2010-07-10 14:17:15 120802 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-27 16:39:38 158280 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-18 14:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 14:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-18 14:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-05-18 14:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2010-05-16 10:54:20 71262 ----a-w- c:\windows\Huawei ModemsUninstall.exe

2010-05-11 15:27:13 111928 ----a-w- c:\windows\syswow64\PnkBstrB.exe

2010-05-11 15:27:02 794408 ----a-w- c:\windows\syswow64\pbsvc.exe

2010-05-11 15:27:02 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-19 18:47:42 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-16 16:03:28 455680 ----a-w- c:\windows\system32\deploytk.dll

2010-04-16 16:03:28 432128 ----a-w- c:\windows\system32\jucheck.exe

2010-04-16 16:03:28 41984 ----a-w- c:\windows\system32\jureg.exe

2010-04-16 16:03:28 172032 ----a-w- c:\windows\system32\jusched.exe

2010-04-16 16:02:47 55072 ----a-w- c:\windows\syswow64\jureg.exe

2009-07-14 07:43:11 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2009-07-14 07:43:11 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2009-07-14 07:43:11 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2009-07-14 07:43:11 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

 

============= FINISH: 13:26:01,43 ===============

 

 

 

 

 

 

 

Tack på förhand!

[Cecilia]

Flera skadliga filer där. Vi får se hur mycket som är kvar efter en körning med MBAM. Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwarebytes.org/mbam-download.php

http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=b4a0904e0f02b40bf2ae9ce030ef5c99&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11375988&mfgId=6290020&merId=6290020&pguid=XI3P-goPjFwAACI-g4wAAAA4&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3Db4a0904e0f02b40bf2ae9ce030ef5c99

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med nya DDS-loggar, inkl. attach.txt.

[rotciv]

Flera skadliga filer där. Vi får se hur mycket som är kvar efter en körning med MBAM. Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwareby...am-download.php

http://majorgeeks.co...fd909666f809b26

http://dw.com.com/re...2ae9ce030ef5c99

http://fileforum.bet...re/1186760019/1

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med nya DDS-loggar, inkl. attach.txt.

 

 

 

DDS (Ver_10-03-17.01) - NTFSX64

Run by Auem at 18:11:12,25 on 2010-07-12

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4061.2272 [GMT 2:00]

 

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

c:\PROGRA~2\mcafee.com\agent\mcagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Windows\System32\vds.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Net iD\iid.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Auem\Desktop\dds.scr

C:\Windows\system32\conhost.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~2\office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~2\mcafee\viruss~1\scriptsn.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast access\FAIESSO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~2\office14\URLREDIR.DLL

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\panda security\panda security toolbar\PandaSecurityDx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\panda security\panda security toolbar\PandaSecurityDx.dll

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun

uRun: [steam] "c:\program files (x86)\steam\Steam.exe" -silent

uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [doajuus] c:\users\auem\doajuus.exe

uRun: [spybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe

uRun: [hayib] c:\users\auem\hayib.exe

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m

mRun: [FATrayAlert] c:\program files (x86)\sensible vision\fast access\FATrayMon.exe

mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [FAStartup]

mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey

mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [switchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [Net iD] "c:\program files (x86)\net id\iid.exe"

mRun: [PSUNMain] "c:\program files (x86)\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe

mRunOnce: [sTToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe

StartupFolder: c:\users\auem\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files (x86)\personal\bin\Personal.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~2\office14\GROOVEEX.DLL

LSA: Notification Packages = scecli FAPassSync

{27B4851A-3207-45A2-B947-BE8AFE6163AB}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun-x64: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun-x64: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

 

============= SERVICES / DRIVERS ===============

 

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-4-16 55280]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-16 308296]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 149512]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-26 203264]

R2 FAService;FAService;c:\program files (x86)\sensible vision\fast access\FAService.exe [2009-6-24 2368776]

R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\McProxy.exe [2010-5-1 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-5-1 155456]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\panda security\panda cloud antivirus\PSANHost.exe [2010-4-30 136448]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 158280]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 114696]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 121864]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 126024]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-7-9 1153368]

R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-4-16 658656]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-4-16 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-4-16 172704]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-25 238848]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-2-26 60416]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2010-2-26 317480]

R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-5-1 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-16 102472]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-4-16 49480]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-1 136176]

S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-5-16 114560]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-16 41032]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-4-16 40904]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 51445112]

S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 SwitchBoard;SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-6-29 50176]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-2 1255736]

 

=============== Created Last 30 ================

 

2010-07-12 15:41:50 0 d-----w- c:\users\auem\appdata\roaming\Malwarebytes

2010-07-12 15:41:30 0 d-----w- c:\programdata\Malwarebytes

2010-07-12 15:41:27 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-12 15:41:27 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-07-12 13:01:25 0 ----a-w- c:\users\auem\cauzaj.exe

2010-07-12 13:01:07 408 ----a-w- c:\users\auem\xuenin.exe.nanflmrkxtns

2010-07-12 10:27:09 408 ----a-w- c:\users\auem\dmik.exe.nanflmrkxtns

2010-07-11 15:13:00 408 ----a-w- c:\users\auem\jeuhil.exe.nanflmrkxtns

2010-07-10 14:27:24 408 ----a-w- c:\users\auem\b.exe.nanflmrkxtns

2010-07-09 18:11:42 408 ----a-w- c:\users\auem\2.exe.nanflmrkxtns

2010-07-09 16:53:36 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-07-09 16:53:36 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy

2010-07-09 14:05:02 0 d-----w- c:\users\auem\appdata\roaming\EMCO

2010-07-09 14:04:08 0 d-----w- c:\program files\EMCO

2010-07-09 11:45:53 0 d-----w- c:\users\auem\appdata\roaming\Panda Security

2010-07-09 11:45:38 0 d-----w- c:\users\auem\appdata\roaming\SurfSecret Privacy Suite

2010-07-09 11:44:46 276 ----a-w- c:\windows\system32\PSUNCpl.dat

2010-07-09 11:44:17 0 d-----w- c:\programdata\Panda Security

2010-07-09 11:44:17 0 d-----w- c:\program files (x86)\Panda Security

2010-06-29 18:34:21 0 d-----w- c:\program files\DIFX

2010-06-29 18:34:20 50176 ----a-w- c:\windows\system32\drivers\shbecr.sys

2010-06-28 05:30:52 0 d-----w- c:\users\auem\appdata\roaming\Red Kawa

2010-06-24 11:42:59 0 d-----w- c:\program files (x86)\Net iD

2010-06-24 11:42:44 0 d-----w- c:\users\auem\appdata\roaming\iid

2010-06-23 23:27:32 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll

2010-06-23 23:27:32 49472 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-06-23 23:27:32 48960 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-23 23:27:32 444752 ----a-w- c:\windows\system32\mscoree.dll

2010-06-23 23:27:32 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-23 23:27:32 297808 ----a-w- c:\windows\syswow64\mscoree.dll

2010-06-23 23:27:32 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe

2010-06-23 23:27:32 1942856 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 23:27:32 1130824 ----a-w- c:\windows\syswow64\dfshim.dll

2010-06-23 23:27:32 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-23 20:19:39 1736608 ----a-w- c:\windows\system32\ntdll.dll

2010-06-23 20:19:39 1289528 ----a-w- c:\windows\syswow64\ntdll.dll

2010-06-23 20:19:34 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-06-23 20:19:34 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-06-23 20:19:33 552960 ----a-w- c:\windows\system32\msdri.dll

2010-06-23 20:19:33 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-06-23 20:19:33 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2010-06-23 20:19:33 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-06-23 20:19:33 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax

2010-06-21 20:46:45 0 d-----w- c:\users\auem\appdata\roaming\PhotoScape

2010-06-21 20:45:38 0 d-----w- c:\program files (x86)\PhotoScape

2010-06-21 19:30:08 0 d-----w- c:\program files\iPod

2010-06-21 19:30:07 0 d-----w- c:\program files\iTunes

2010-06-21 19:28:13 0 d-----w- c:\program files\Bonjour

2010-06-21 19:28:13 0 d-----w- c:\program files (x86)\Bonjour

 

==================== Find3M ====================

 

2010-07-12 13:02:44 617470 ----a-w- c:\windows\system32\perfh01D.dat

2010-07-12 13:02:44 120802 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-27 16:39:38 158280 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-18 14:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 14:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-18 14:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-05-18 14:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2010-05-16 10:54:20 71262 ----a-w- c:\windows\Huawei ModemsUninstall.exe

2010-05-11 15:27:13 111928 ----a-w- c:\windows\syswow64\PnkBstrB.exe

2010-05-11 15:27:02 794408 ----a-w- c:\windows\syswow64\pbsvc.exe

2010-05-11 15:27:02 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-19 18:47:42 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-16 16:03:28 455680 ----a-w- c:\windows\system32\deploytk.dll

2010-04-16 16:03:28 432128 ----a-w- c:\windows\system32\jucheck.exe

2010-04-16 16:03:28 41984 ----a-w- c:\windows\system32\jureg.exe

2010-04-16 16:03:28 172032 ----a-w- c:\windows\system32\jusched.exe

2010-04-16 16:02:47 55072 ----a-w- c:\windows\syswow64\jureg.exe

2009-07-14 07:43:11 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2009-07-14 07:43:11 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2009-07-14 07:43:11 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2009-07-14 07:43:11 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

 

============= FINISH: 18:12:08,78 ===============

 

Detta är den nya loggen, från dds.

Nedan kommer loggen från malware

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4305

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

2010-07-12 17:59:20

mbam-log-2010-07-12 (17-59-20).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 134040

Förfluten tid: 15 minut(er), 19 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 2

Infekterade registervärden: 4

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 5

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pjveow (Worm.VBNA.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zsmut (Worm.VBNA.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gjrvmlnf (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hfjpgdxm (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Users\Auem\pjveow.exe (Worm.VBNA.Gen) -> Quarantined and deleted successfully.

C:\Users\Auem\zsmut.exe (Worm.VBNA.Gen) -> Quarantined and deleted successfully.

C:\Users\Auem\AppData\Local\Temp\lyigobc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Auem\muirw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Auem\poapak.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

Mvh

rotvic

 

 

 

 

Attach1.txt

[Cecilia]

TeaTimer-funktionen i Spybot S&D är väldigt bra, men just nu så kan den störa de nödvändiga förändringarna i registret så du behöver stänga av den. Kom ihåg att sätta på den när datorn är ren men inte förrän dess. Om det då kommer upp frågor om ändringar ska tillåtas så välj att tillåta dem.

 

Högerklicka på TeaTimer-ikonen, ett Windows-fönster med hänglås, vid klockan och välj "Reset lists".

 

Starta Spybot S&D

Välj Advanced i Mode-menyn

Till vänster välj Tools - Resident

Ta bort bocken för TeaTimer

Avsluta programmet.

 

Avinstallera:

Ask Toolbar

Java™ 6 Update 18 (webbläsare avstängd)

 

Är det meningen att Panda eller McAfee ska vara avinstallerad? För det är väldigt mycket Panda och McAfee i loggen. Det är olämpligt att ha två antivirusprogram igång i datorn för det ger upphov till konstiga problem.

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

c:\users\auem\doajuus.exe

c:\users\auem\hayib.exe

c:\users\auem\cauzaj.exe

c:\users\auem\xuenin.exe.nanflmrkxtns

[rotciv]

TeaTimer-funktionen i Spybot S&D är väldigt bra, men just nu så kan den störa de nödvändiga förändringarna i registret så du behöver stänga av den. Kom ihåg att sätta på den när datorn är ren men inte förrän dess. Om det då kommer upp frågor om ändringar ska tillåtas så välj att tillåta dem.

 

Högerklicka på TeaTimer-ikonen, ett Windows-fönster med hänglås, vid klockan och välj "Reset lists".

 

Starta Spybot S&D

Välj Advanced i Mode-menyn

Till vänster välj Tools - Resident

Ta bort bocken för TeaTimer

Avsluta programmet.

 

Avinstallera:

Ask Toolbar

Java™ 6 Update 18 (webbläsare avstängd)

 

Är det meningen att Panda eller McAfee ska vara avinstallerad? För det är väldigt mycket Panda och McAfee i loggen. Det är olämpligt att ha två antivirusprogram igång i datorn för det ger upphov till konstiga problem.

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

c:\users\auem\doajuus.exe

c:\users\auem\hayib.exe

c:\users\auem\cauzaj.exe

c:\users\auem\xuenin.exe.nanflmrkxtns

 

Här kommer resultaten av min sökning.

Jag har avinstallerat ask toolbar och även avinstallerat mc affe,

behåller Panda.

 

Jag har stängt av teatimer.exe i aktivitetshanteraren fann ingen reset lists som alternativ i ikon-menyn.

 

Tackar igen för dem snabba svaren!

 

http://www.virustotal.com/vt/sv/recepcion?d69cfad47fbf5236618851792a378686

http://www.virustotal.com/sv/analisis/52ff78808acb1b7e33037ac95d0296501d4cfd431348ff9981553bc0c35a60f8-1278964134

 

http://www.virustotal.com/sv/analisis/9ff8f965ad5619034baa56457bae746413f41244f0d7ef6f91467d2e5a3dc9f7-1278964300

 

http://www.virustotal.com/sv/analisis/b8a69bb5da754bd3e673b0e91e1398a92936313428bacb51347de44723158bed-1278964413

 

http://www.virustotal.com/sv/analisis/d887e3802a0f10e8fe1567f76d5fcd21ba572ab7112fcd915060b65587e26fe4-1278964529

 

http://www.virustotal.com/sv/analisis/2ef92f72d5fb9276bb1e135d3fae4d7215d3718835992942f54434b46eb709e9-1278964599

[Cecilia]

Stäng av TeaTimer inifrån Spybot S&D så att den är avstängd även efter att datorn startas om.

 

Betyder det att du inte hittade 3 av de 4 filer jag listade eftersom du har kollat upp andra? Då är det nog bäst att jag får aktuella loggar så jag verkligen vet hur det ser ut i datorn. Gör en snabbskanning med MBAM och klistra in loggen från den körningen. Starta sedan om datorn och klistra in en ny DDS-logg (attach behövs inte).

[rotciv]

Stäng av TeaTimer inifrån Spybot S&D så att den är avstängd även efter att datorn startas om.

 

Betyder det att du inte hittade 3 av de 4 filer jag listade eftersom du har kollat upp andra? Då är det nog bäst att jag får aktuella loggar så jag verkligen vet hur det ser ut i datorn. Gör en snabbskanning med MBAM och klistra in loggen från den körningen. Starta sedan om datorn och klistra in en ny DDS-logg (attach behövs inte).

 

Hej igen, det stämmer att jag inte hittade dem andra tre filerna, den enda som funkade var denna http://www.virustotal.com/sv/analisis/52ff78808acb1b7e33037ac95d0296501d4cfd431348ff9981553bc0c35a60f8-1278964134

 

Här kommer MBAM loggen

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4305

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

2010-07-13 10:47:20

mbam-log-2010-07-13 (10-47-20).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 132332

Förfluten tid: 3 minut(er), 29 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

 

 

 

Och här kommer dds loggen

 

DDS (Ver_10-03-17.01) - NTFSX64

Run by Auem at 10:49:45,43 on 2010-07-13

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4061.2703 [GMT 2:00]

 

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Windows\System32\vds.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\Net iD\iid.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Auem\Desktop\dds.scr

C:\Windows\system32\conhost.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~2\office14\GROOVEEX.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast access\FAIESSO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~2\office14\URLREDIR.DLL

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\panda security\panda security toolbar\PandaSecurityDx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\panda security\panda security toolbar\PandaSecurityDx.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun

uRun: [steam] "c:\program files (x86)\steam\Steam.exe" -silent

uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [doajuus] c:\users\auem\doajuus.exe

uRun: [hayib] c:\users\auem\hayib.exe

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m

mRun: [FATrayAlert] c:\program files (x86)\sensible vision\fast access\FATrayMon.exe

mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [FAStartup]

mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [switchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [Net iD] "c:\program files (x86)\net id\iid.exe"

mRun: [PSUNMain] "c:\program files (x86)\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe

mRunOnce: [sTToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe

StartupFolder: c:\users\auem\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files (x86)\personal\bin\Personal.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~2\office14\GROOVEEX.DLL

LSA: Notification Packages = scecli FAPassSync

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun-x64: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun-x64: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

 

============= SERVICES / DRIVERS ===============

 

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-4-16 55280]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 149512]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-26 203264]

R2 FAService;FAService;c:\program files (x86)\sensible vision\fast access\FAService.exe [2009-6-24 2368776]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\panda security\panda cloud antivirus\PSANHost.exe [2010-4-30 136448]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 158280]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 114696]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 121864]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 126024]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-7-9 1153368]

R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-4-16 658656]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-4-16 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-4-16 172704]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-25 238848]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-2-26 60416]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2010-2-26 317480]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-1 136176]

S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-5-16 114560]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 51445112]

S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 SwitchBoard;SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-6-29 50176]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-2 1255736]

 

=============== Created Last 30 ================

 

2010-07-12 19:48:06 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-07-12 18:43:54 0 ----a-w- c:\users\auem\b.exe

2010-07-12 15:41:50 0 d-----w- c:\users\auem\appdata\roaming\Malwarebytes

2010-07-12 15:41:30 0 d-----w- c:\programdata\Malwarebytes

2010-07-12 15:41:27 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-12 15:41:27 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-07-12 13:01:25 0 ----a-w- c:\users\auem\cauzaj.exe

2010-07-12 13:01:07 408 ----a-w- c:\users\auem\xuenin.exe.nanflmrkxtns

2010-07-12 10:27:09 408 ----a-w- c:\users\auem\dmik.exe.nanflmrkxtns

2010-07-11 15:13:00 408 ----a-w- c:\users\auem\jeuhil.exe.nanflmrkxtns

2010-07-10 14:27:24 408 ----a-w- c:\users\auem\b.exe.nanflmrkxtns

2010-07-09 18:11:42 408 ----a-w- c:\users\auem\2.exe.nanflmrkxtns

2010-07-09 16:53:36 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-07-09 16:53:36 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy

2010-07-09 14:05:02 0 d-----w- c:\users\auem\appdata\roaming\EMCO

2010-07-09 14:04:08 0 d-----w- c:\program files\EMCO

2010-07-09 11:45:53 0 d-----w- c:\users\auem\appdata\roaming\Panda Security

2010-07-09 11:45:38 0 d-----w- c:\users\auem\appdata\roaming\SurfSecret Privacy Suite

2010-07-09 11:44:46 276 ----a-w- c:\windows\system32\PSUNCpl.dat

2010-07-09 11:44:17 0 d-----w- c:\programdata\Panda Security

2010-07-09 11:44:17 0 d-----w- c:\program files (x86)\Panda Security

2010-06-29 18:34:21 0 d-----w- c:\program files\DIFX

2010-06-29 18:34:20 50176 ----a-w- c:\windows\system32\drivers\shbecr.sys

2010-06-28 05:30:52 0 d-----w- c:\users\auem\appdata\roaming\Red Kawa

2010-06-24 11:42:59 0 d-----w- c:\program files (x86)\Net iD

2010-06-24 11:42:44 0 d-----w- c:\users\auem\appdata\roaming\iid

2010-06-23 23:27:32 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll

2010-06-23 23:27:32 49472 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-06-23 23:27:32 48960 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-23 23:27:32 444752 ----a-w- c:\windows\system32\mscoree.dll

2010-06-23 23:27:32 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-23 23:27:32 297808 ----a-w- c:\windows\syswow64\mscoree.dll

2010-06-23 23:27:32 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe

2010-06-23 23:27:32 1942856 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 23:27:32 1130824 ----a-w- c:\windows\syswow64\dfshim.dll

2010-06-23 23:27:32 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-23 20:19:39 1736608 ----a-w- c:\windows\system32\ntdll.dll

2010-06-23 20:19:39 1289528 ----a-w- c:\windows\syswow64\ntdll.dll

2010-06-23 20:19:34 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-06-23 20:19:34 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-06-23 20:19:33 552960 ----a-w- c:\windows\system32\msdri.dll

2010-06-23 20:19:33 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-06-23 20:19:33 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2010-06-23 20:19:33 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-06-23 20:19:33 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax

2010-06-21 20:46:45 0 d-----w- c:\users\auem\appdata\roaming\PhotoScape

2010-06-21 20:45:38 0 d-----w- c:\program files (x86)\PhotoScape

2010-06-21 19:30:08 0 d-----w- c:\program files\iPod

2010-06-21 19:30:07 0 d-----w- c:\program files\iTunes

2010-06-21 19:28:13 0 d-----w- c:\program files\Bonjour

2010-06-21 19:28:13 0 d-----w- c:\program files (x86)\Bonjour

 

==================== Find3M ====================

 

2010-07-12 13:02:44 617470 ----a-w- c:\windows\system32\perfh01D.dat

2010-07-12 13:02:44 120802 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-27 16:39:38 158280 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-18 14:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 14:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-18 14:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-05-18 14:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2010-05-16 10:54:20 71262 ----a-w- c:\windows\Huawei ModemsUninstall.exe

2010-05-11 15:27:13 111928 ----a-w- c:\windows\syswow64\PnkBstrB.exe

2010-05-11 15:27:02 794408 ----a-w- c:\windows\syswow64\pbsvc.exe

2010-05-11 15:27:02 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-19 18:47:42 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-16 16:03:28 455680 ----a-w- c:\windows\system32\deploytk.dll

2010-04-16 16:03:28 432128 ----a-w- c:\windows\system32\jucheck.exe

2010-04-16 16:03:28 41984 ----a-w- c:\windows\system32\jureg.exe

2010-04-16 16:03:28 172032 ----a-w- c:\windows\system32\jusched.exe

2010-04-16 16:02:47 55072 ----a-w- c:\windows\syswow64\jureg.exe

2009-07-14 07:43:11 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2009-07-14 07:43:11 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2009-07-14 07:43:11 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2009-07-14 07:43:11 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

 

============= FINISH: 10:50:23,30 ===============

 

 

Mvh

 

 

 

 

 

[Cecilia]

Det kan vara en typ av skadligt program som sprids via USB-minnen, externa hårddiskar och liknande. Har något sådant varit anslutet till datorn sedan den blev infekterad?

 

HijackThis bör kunna ta bort de registerposter som startar det skadliga programmet. Ladda ner HijackThis från en av länkarna:

http://test.trendsecure.com/portal/en-US/_download/HJTInstall.exe (bästa alternativet)

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

http://test.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in i ditt svar.

[rotciv]

Det kan vara en typ av skadligt program som sprids via USB-minnen, externa hårddiskar och liknande. Har något sådant varit anslutet till datorn sedan den blev infekterad?

 

HijackThis bör kunna ta bort de registerposter som startar det skadliga programmet. Ladda ner HijackThis från en av länkarna:

http://test.trendsec.../HJTInstall.exe (bästa alternativet)

http://www.download....4-10227353.html

http://test.trendsec.../HiJackThis.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in i ditt svar.

 

Det stämmer mkt väl, har använt mig utav både ett usb minne och en externhårdisk, började med att ett minneskort till en digital-kamera visade tecken på virus. Sedan verkar även hårdisken som nu innehåller 50gb med digitalfoton som jag gärna vill spara ha fått virus.

 

Här kommer loggen från hijack

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:37:44, on 2010-07-13

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\Net iD\iid.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe

C:\Program Files (x86)\BitTorrent\BitTorrent.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/16

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"

O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

O4 - HKLM\..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [doajuus] C:\Users\Auem\doajuus.exe

O4 - HKCU\..\Run: [hayib] C:\Users\Auem\hayib.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Lokal tjänst')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Lokal tjänst')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Nätverkstjänst')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Nätverkstjänst')

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files (x86)\Personal\bin\Personal.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skicka till Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Skicka till &Bluetooth-enhet... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: FAService - Sensible Vision - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 15485 bytes

 

 

 

 

 

[Cecilia]

Spara Flash Disinfector by sUBs på Skrivbordet:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

När det står att du ska sätta in flash-diskar så stoppar du in de minneskort, USB-minnen, hårddiskar etc som kan tänkas vara infekterade.

När allt är klart så avsluta programmet och starta om datorn.

Meddela när det är gjort.

 

Har de enheter som kan vara smittade anslutits till någon annan dator?

[rotciv]

Spara Flash Disinfector by sUBs på Skrivbordet:

http://www.techsuppo...Disinfector.exe

http://download.blee...Disinfector.exe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

När det står att du ska sätta in flash-diskar så stoppar du in de minneskort, USB-minnen, hårddiskar etc som kan tänkas vara infekterade.

När allt är klart så avsluta programmet och starta om datorn.

Meddela när det är gjort.

 

Har de enheter som kan vara smittade anslutits till någon annan dator?

 

Jag får inte igång flash disinfector, jag får upp en ruta (user account control) där datorn frågar om jag vill köra programmet, efter att jag har klickat ja, så laddar den i ett par sekunder sedan händer inget mera.

 

Ja det har varit minst andra 2 datorer kopplade till dessa enheter.

[Cecilia]

Hur går det om du högerklickar på filen och väljer Kör som administratör? Men starta om datorn först så att det inte är något kvar efter de misslyckade körningarna.

[rotciv]

Hur går det om du högerklickar på filen och väljer Kör som administratör? Men starta om datorn först så att det inte är något kvar efter de misslyckade körningarna.

 

Det startart inte iaf. Kanske för att jag kör windows 7?

[rotciv]

Det startart inte iaf. Kanske för att jag kör windows 7?

 

Panda håller förnärvarande 5 filer i karaktän, är det något som jag bör radera?

[Cecilia]

Det är onödigt att radera filer som ligger i en karantän eftersom de är oskadliggjorda. Ibland händer det att antivirusprogram flyttar filer till karantänen som är helt friska och normala. Därför ska man inte tömma karantänen förrän man är säker på att alla filerna som ligger där verkligen är skadliga.

 

Det stämmer nog med Flash Disinfector och Windows 7. Läs på om Autorun på http://blogs.msdn.com/b/e7/archive/2009/04/27/improvements-to-autoplay.aspx Där finns också en länk till hur man inaktiverar (disable) Autoplay.

 

Har du tillgång till en annan dator som inte kör Windows 7? För då kan du köra Flash Disinfector på den och desinficera alla enheter.

[rotciv]

Det är onödigt att radera filer som ligger i en karantän eftersom de är oskadliggjorda. Ibland händer det att antivirusprogram flyttar filer till karantänen som är helt friska och normala. Därför ska man inte tömma karantänen förrän man är säker på att alla filerna som ligger där verkligen är skadliga.

 

Det stämmer nog med Flash Disinfector och Windows 7. Läs på om Autorun på http://blogs.msdn.co...o-autoplay.aspx Där finns också en länk till hur man inaktiverar (disable) Autoplay.

 

Har du tillgång till en annan dator som inte kör Windows 7? För då kan du köra Flash Disinfector på den och desinficera alla enheter.

 

Så nu har jag kört disinfektions programmet från en annan dator och på samtliga externa enheter. Är det nu riskfritt att öppna dempå vilken dator som helst?

 

Hur ser min dator ut annars, verkar jag ha blivit av med de mesta?

Datorn fungerar iaf mycket bättre nu efter körningen av alla program.

[Cecilia]

Det är meningen att det nu ska gå att flytta enheterna hur som helst nu utan att datorer blir infekterade. Bra då kan vi se vad som behöver åtgärdas i datorn. Det var liksom ingen idé förut om datorn kunde bli infekterad på nytt.

 

Skanna med HijackThis och bocka för:

 

O4 - HKCU\..\Run: [doajuus] C:\Users\Auem\doajuus.exe

O4 - HKCU\..\Run: [hayib] C:\Users\Auem\hayib.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Ta bort filerna:

2010-07-12 18:43:54 0 ----a-w- c:\users\auem\b.exe

2010-07-12 13:01:25 0 ----a-w- c:\users\auem\cauzaj.exe

2010-07-12 13:01:07 408 ----a-w- c:\users\auem\xuenin.exe.nanflmrkxtns

2010-07-12 10:27:09 408 ----a-w- c:\users\auem\dmik.exe.nanflmrkxtns

2010-07-11 15:13:00 408 ----a-w- c:\users\auem\jeuhil.exe.nanflmrkxtns

2010-07-10 14:27:24 408 ----a-w- c:\users\auem\b.exe.nanflmrkxtns

2010-07-09 18:11:42 408 ----a-w- c:\users\auem\2.exe.nanflmrkxtns

 

Starta om igen och så en ny HijackThis- och DDS-logg.

[rotciv]

Det är meningen att det nu ska gå att flytta enheterna hur som helst nu utan att datorer blir infekterade. Bra då kan vi se vad som behöver åtgärdas i datorn. Det var liksom ingen idé förut om datorn kunde bli infekterad på nytt.

 

Skanna med HijackThis och bocka för:

 

O4 - HKCU\..\Run: [doajuus] C:\Users\Auem\doajuus.exe

O4 - HKCU\..\Run: [hayib] C:\Users\Auem\hayib.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Ta bort filerna:

2010-07-12 18:43:54 0 ----a-w- c:\users\auem\b.exe

2010-07-12 13:01:25 0 ----a-w- c:\users\auem\cauzaj.exe

2010-07-12 13:01:07 408 ----a-w- c:\users\auem\xuenin.exe.nanflmrkxtns

2010-07-12 10:27:09 408 ----a-w- c:\users\auem\dmik.exe.nanflmrkxtns

2010-07-11 15:13:00 408 ----a-w- c:\users\auem\jeuhil.exe.nanflmrkxtns

2010-07-10 14:27:24 408 ----a-w- c:\users\auem\b.exe.nanflmrkxtns

2010-07-09 18:11:42 408 ----a-w- c:\users\auem\2.exe.nanflmrkxtns

 

Starta om igen och så en ny HijackThis- och DDS-logg.

 

Jag måste ha administratörbehörighet för att radera dessa filer, kanske är lite korkad, men hur löser jag de?

[Cecilia]

Inte är du korkad för det, det är inte lätt att veta hur man kommer runt säkerhetsfunktionerna i Windows 7 och Vista.

 

Jag har Vista och då går det att göra så här:

Start - Program - Tillbehör

Högerklicka på Kommandotolken och välj Kör som administratör.

Då ska du kunna leta reda på filerna och ha rätt att ta bort dem hoppas jag.

[rotciv]

Inte är du korkad för det, det är inte lätt att veta hur man kommer runt säkerhetsfunktionerna i Windows 7 och Vista.

 

Jag har Vista och då går det att göra så här:

Start - Program - Tillbehör

Högerklicka på Kommandotolken och välj Kör som administratör.

Då ska du kunna leta reda på filerna och ha rätt att ta bort dem hoppas jag.

 

Hej igen lyckades inte att ta bort filerna via kommandotolken, så ja tog bort dem via Panda antivirus istället här kommer resultat från malware

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:06:02, on 2010-07-13

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Net iD\iid.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/16

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"

O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

O4 - HKLM\..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Lokal tjänst')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Lokal tjänst')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Nätverkstjänst')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Nätverkstjänst')

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files (x86)\Personal\bin\Personal.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skicka till Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Skicka till &Bluetooth-enhet... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: FAService - Sensible Vision - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 15111 bytes

 

 

Och här dds

 

 

DDS (Ver_10-03-17.01) - NTFSX64

Run by Auem at 21:08:18,62 on 2010-07-13

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4061.2643 [GMT 2:00]

 

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Windows\System32\vds.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Net iD\iid.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\jusched.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Auem\Desktop\dds.scr

C:\Windows\system32\conhost.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~2\office14\GROOVEEX.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast access\FAIESSO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~2\office14\URLREDIR.DLL

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\panda security\panda security toolbar\PandaSecurityDx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\panda security\panda security toolbar\PandaSecurityDx.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun

uRun: [steam] "c:\program files (x86)\steam\Steam.exe" -silent

uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m

mRun: [FATrayAlert] c:\program files (x86)\sensible vision\fast access\FATrayMon.exe

mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [FAStartup]

mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [switchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [Net iD] "c:\program files (x86)\net id\iid.exe"

mRun: [PSUNMain] "c:\program files (x86)\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe

mRunOnce: [sTToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe

StartupFolder: c:\users\auem\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files (x86)\personal\bin\Personal.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~2\office14\GROOVEEX.DLL

LSA: Notification Packages = scecli FAPassSync

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun-x64: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun-x64: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

 

============= SERVICES / DRIVERS ===============

 

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-4-16 55280]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 149512]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-26 203264]

R2 FAService;FAService;c:\program files (x86)\sensible vision\fast access\FAService.exe [2009-6-24 2368776]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\panda security\panda cloud antivirus\PSANHost.exe [2010-4-30 136448]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 158280]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 114696]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 121864]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 126024]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-7-9 1153368]

R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-4-16 658656]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-4-16 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-4-16 172704]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-25 238848]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-2-26 60416]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2010-2-26 317480]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-1 136176]

S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-5-16 114560]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 51445112]

S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 SwitchBoard;SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-6-29 50176]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-2 1255736]

 

=============== Created Last 30 ================

 

2010-07-13 10:37:09 0 d-----w- c:\program files (x86)\Trend Micro

2010-07-12 19:48:06 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-07-12 15:41:50 0 d-----w- c:\users\auem\appdata\roaming\Malwarebytes

2010-07-12 15:41:30 0 d-----w- c:\programdata\Malwarebytes

2010-07-12 15:41:27 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-12 15:41:27 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-07-09 16:53:36 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-07-09 16:53:36 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy

2010-07-09 14:05:02 0 d-----w- c:\users\auem\appdata\roaming\EMCO

2010-07-09 14:04:08 0 d-----w- c:\program files\EMCO

2010-07-09 11:45:53 0 d-----w- c:\users\auem\appdata\roaming\Panda Security

2010-07-09 11:45:38 0 d-----w- c:\users\auem\appdata\roaming\SurfSecret Privacy Suite

2010-07-09 11:44:46 276 ----a-w- c:\windows\system32\PSUNCpl.dat

2010-07-09 11:44:17 0 d-----w- c:\programdata\Panda Security

2010-07-09 11:44:17 0 d-----w- c:\program files (x86)\Panda Security

2010-06-29 18:34:21 0 d-----w- c:\program files\DIFX

2010-06-29 18:34:20 50176 ----a-w- c:\windows\system32\drivers\shbecr.sys

2010-06-28 05:30:52 0 d-----w- c:\users\auem\appdata\roaming\Red Kawa

2010-06-24 11:42:59 0 d-----w- c:\program files (x86)\Net iD

2010-06-24 11:42:44 0 d-----w- c:\users\auem\appdata\roaming\iid

2010-06-23 23:27:32 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll

2010-06-23 23:27:32 49472 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-06-23 23:27:32 48960 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-23 23:27:32 444752 ----a-w- c:\windows\system32\mscoree.dll

2010-06-23 23:27:32 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-23 23:27:32 297808 ----a-w- c:\windows\syswow64\mscoree.dll

2010-06-23 23:27:32 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe

2010-06-23 23:27:32 1942856 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 23:27:32 1130824 ----a-w- c:\windows\syswow64\dfshim.dll

2010-06-23 23:27:32 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-23 20:19:39 1736608 ----a-w- c:\windows\system32\ntdll.dll

2010-06-23 20:19:39 1289528 ----a-w- c:\windows\syswow64\ntdll.dll

2010-06-23 20:19:34 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-06-23 20:19:34 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-06-23 20:19:33 552960 ----a-w- c:\windows\system32\msdri.dll

2010-06-23 20:19:33 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-06-23 20:19:33 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2010-06-23 20:19:33 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-06-23 20:19:33 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax

2010-06-21 20:46:45 0 d-----w- c:\users\auem\appdata\roaming\PhotoScape

2010-06-21 20:45:38 0 d-----w- c:\program files (x86)\PhotoScape

2010-06-21 19:30:08 0 d-----w- c:\program files\iPod

2010-06-21 19:30:07 0 d-----w- c:\program files\iTunes

2010-06-21 19:28:13 0 d-----w- c:\program files\Bonjour

2010-06-21 19:28:13 0 d-----w- c:\program files (x86)\Bonjour

 

==================== Find3M ====================

 

2010-07-12 13:02:44 617470 ----a-w- c:\windows\system32\perfh01D.dat

2010-07-12 13:02:44 120802 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-27 16:39:38 158280 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-18 14:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 14:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-18 14:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-05-18 14:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2010-05-16 10:54:20 71262 ----a-w- c:\windows\Huawei ModemsUninstall.exe

2010-05-11 15:27:13 111928 ----a-w- c:\windows\syswow64\PnkBstrB.exe

2010-05-11 15:27:02 794408 ----a-w- c:\windows\syswow64\pbsvc.exe

2010-05-11 15:27:02 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-19 18:47:42 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-16 16:03:28 455680 ----a-w- c:\windows\system32\deploytk.dll

2010-04-16 16:03:28 432128 ----a-w- c:\windows\system32\jucheck.exe

2010-04-16 16:03:28 41984 ----a-w- c:\windows\system32\jureg.exe

2010-04-16 16:03:28 172032 ----a-w- c:\windows\system32\jusched.exe

2010-04-16 16:02:47 55072 ----a-w- c:\windows\syswow64\jureg.exe

2009-07-14 07:43:11 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2009-07-14 07:43:11 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2009-07-14 07:43:11 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2009-07-14 07:43:11 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

 

============= FINISH: 21:08:54,99 ===============

 

 

 

 

[Cecilia]

Alla sätt är ju bra, huvudsaken är ju att filerna är borta.

 

Jag ser inget skadligt i loggarna längre.

Verkar datorn må bra nu så att det är dags för en avslutande städomgång?

[rotciv]

Alla sätt är ju bra, huvudsaken är ju att filerna är borta.

 

Jag ser inget skadligt i loggarna längre.

Verkar datorn må bra nu så att det är dags för en avslutande städomgång?

 

Ja de låter som en bra avslutning, några tips på vad som skall rensas bort?

O vilka skydds program skall jag behålla och eller installera?

Tack än en gång för hjälpen

[Cecilia]

En sista städomgång:

 

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

XP:

Start - Program- Tillbehör - Systemverktyg - Systemåterställning

Välj att skapa en ny återställningspunkt och tryck på Nästa.

Vista och Windows 7:

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

 

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och DDS kommer att avinstalleras, liksom detta program, efter en omstart av datorn. Ta bort eventuella loggar.

Avinstallera HijackThis.

 

3. Ta bort alla tillfälliga filer genom att ladda ner ATF-Cleaner på Skrivbordet:

http://www.atribune.org/ccount/click.php?id=1

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

 

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

5. Förbättra skyddet i datorn, se mina Råd för en säkrare dator. http://sites.google.com/site/ceblstockholm/home Det verkar som där kan finnas en del program med säkerhetshål i datorn så Secunias kontroll rekommenderas verkligen.