Just nu i M3-nätverket
Jump to content

problem med att musen hänger datorn


grevenojames

Recommended Posts

hej,

 

har en ny PC med microsoft 7. funkat bra hittills ,men de senaste dagarna har den börjat hänga sig en del. fick in en trojan häromdagen, men den sparkade jag ut med mal-ware.

vad som sker är att musen plötsligt fryser, och då hänger sig burken.

 

enligt norton diagnostik-raport är det ett problem med mus-enheten,microsoft ps2/2 mouse. vidare skriver rapporten att enheten inte finns, inte fungerar eller att inte alla drivrutiner finns.

 

har gått in i enhetshanteraren och försökt uppdatera alla rutiner, men fick besked att samtliga redan är av senaste variant.

 

har en vertikal mus från ahaa. haft den i snart två år och den funkade fin på min gamla pc. den nuvarande har jag haft sedan i somras, och den har funkat fint tills nu.

 

några tips?

 

mvh,

GoJ

Link to comment
Share on other sites

Hej,

vilken typ av Trojan infekterade din dator, och med vilket "Malware" fick du bort den?

Finns det loggar?

Skannat med något Antivirusprogram?

Det kan ju vara så att du inte fått bort alla problem, utan skrapat på ytan.

Om något antivirus- eller antispionprogram har hittat något skadligt så klistra in en logg där det framgår vad som har hittats och vilka filer och mappar som är inblandade.

 

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

Mvh

Mats H

Link to comment
Share on other sites

hej,

det var en Trojan.Dropper.PGen

tog bort den med malwarebytes anti-malware.

 

här kommer filen och bifogad fil enligt din instruktion. tackar stort om du har tid att kika på detta!

mvh,

GoJ

 

DDS (Ver_10-10-10.03) - NTFS_AMD64

Run by michael f at 13:55:06,24 on 2010-10-21

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.8191.5763 [GMT 2:00]

 

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\michael f\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r

mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [bCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Personal.lnk - C:\Program Files (x86)\Personal\bin\Personal.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\michael f\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - C:\Users\michael f\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - C:\Users\MICHAE~1\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\Users\michael f\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll

FF - component: C:\Users\michael f\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll

FF - component: C:\Users\michael f\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll

FF - component: C:\Users\michael f\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll

FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\michael f\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Users\michael f\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-11 55024]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2010-9-24 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2010-9-24 221232]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys [2010-10-6 954928]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2010-9-24 615040]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101020.001\IDSviA64.sys [2010-10-19 476720]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2010-9-24 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2010-9-24 451120]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-28 203264]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392]

R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-10-28 44312]

R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-10-28 240160]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-7-17 132656]

R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-9 34032]

S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 67656]

S2 gupdate1cad98a9bdda1f0;Tjänsten Google Update (gupdate1cad98a9bdda1f0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-11 133104]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-20 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2010-8-9 13352]

S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-10-16 50176]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-28 1255736]

S4 BCSWAP;BCSWAP;C:\Windows\System32\drivers\bcswap.sys [2007-1-25 101352]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

 

=============== Created Last 30 ================

 

2010-10-21 09:11:05 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2010-10-20 12:35:42 -------- d-----w- C:\Users\MICHAE~1\AppData\Roaming\Windows Live Writer

2010-10-20 12:35:42 -------- d-----w- C:\Users\MICHAE~1\AppData\Local\Windows Live Writer

2010-10-20 08:36:43 -------- d-----w- C:\Users\michael f\Tracing

2010-10-20 08:32:50 -------- d-----w- C:\Windows\sv

2010-10-20 08:31:27 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2010-10-20 08:31:08 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2010-10-20 08:31:04 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer

2010-10-20 08:31:02 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2010-10-20 08:31:02 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2010-10-20 08:31:02 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2010-10-20 08:31:02 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2010-10-20 08:17:42 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\43c8a1d01cb702f2d\InstallManager_WLE_WLE.exe

2010-10-20 08:17:28 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3c1849ce1cb702f22\MeshBetaRemover.exe

2010-10-20 08:17:13 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\326870ce1cb702f1a\DXSETUP.exe

2010-10-20 08:17:12 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\326870ce1cb702f1a\DSETUP.dll

2010-10-20 08:17:12 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\326870ce1cb702f1a\dsetup32.dll

2010-10-20 08:17:11 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31818fdc1cb702f19\DSETUP.dll

2010-10-20 08:17:11 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31818fdc1cb702f19\DXSETUP.exe

2010-10-20 08:17:11 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31818fdc1cb702f19\dsetup32.dll

2010-10-20 08:16:41 -------- d-----w- C:\Users\MICHAE~1\AppData\Local\Windows Live

2010-10-20 08:16:14 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2010-10-20 08:16:14 206848 ----a-w- C:\Windows\System32\mfps.dll

2010-10-20 08:16:14 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2010-10-20 08:16:14 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2010-10-20 08:16:14 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2010-10-20 08:16:13 4068864 ----a-w- C:\Windows\System32\mf.dll

2010-10-20 08:16:13 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2010-10-18 08:11:46 -------- d-----w- C:\Users\MICHAE~1\AppData\Roaming\Tific

2010-10-18 08:11:45 -------- d-----w- C:\Users\MICHAE~1\AppData\Local\Symantec

2010-10-13 13:40:07 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2010-10-13 13:40:07 2085376 ----a-w- C:\Windows\System32\ole32.dll

2010-10-13 13:40:07 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-10-13 13:40:07 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-10-13 13:40:06 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

2010-10-13 13:40:06 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

2010-10-13 13:40:03 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2010-10-13 13:40:03 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2010-10-13 13:40:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-10-13 13:40:02 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-10-13 13:40:00 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-10-13 13:40:00 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-09-29 20:34:34 1654784 ------w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll

2010-09-29 20:34:33 -------- d-----w- C:\Program Files (x86)\LizardTech

2010-09-29 14:39:50 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-09-29 14:17:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-09-29 14:17:54 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-09-29 14:17:50 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-09-29 14:17:50 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-09-24 07:23:45 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys

2010-09-24 07:23:45 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys

2010-09-24 07:23:45 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtspx64.sys

2010-09-24 07:23:45 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys

2010-09-24 07:23:44 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys

2010-09-24 07:23:44 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtsp64.sys

2010-09-24 07:23:44 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys

2010-09-24 07:23:32 -------- d-----w- C:\Windows\System32\drivers\N360x64\0403000.005

2010-09-23 01:10:51 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2010-09-23 01:10:51 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2010-09-22 22:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-09-22 22:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-09-22 11:11:04 825640 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\43c8a1d01cb702f2d\OEM\Packages\default\SearchEnhancementPackSetup.EXE

2010-09-21 12:54:04 529280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

2010-09-21 12:51:18 55704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll

2010-09-21 12:51:18 1129880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll

2010-09-21 12:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

2010-09-21 12:49:00 419712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL

2010-09-21 12:49:00 290176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL

2010-09-21 12:49:00 2286976 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2010-09-21 12:49:00 222592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2010-09-21 12:49:00 170880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

2010-09-21 12:47:38 1558016 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL

2010-09-21 12:13:50 1564072 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL

2010-09-21 12:08:38 439168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

2010-09-21 12:06:02 853912 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll

2010-09-21 12:06:02 57752 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll

2010-09-21 12:03:14 332160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL

2010-09-21 12:03:14 237952 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL

2010-09-21 12:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

2010-09-21 12:03:14 145280 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

 

==================== Find3M ====================

 

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-09 19:42:08 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

 

============= FINISH: 13:55:43,02 ===============

 

 

 

 

Hej,

vilken typ av Trojan infekterade din dator, och med vilket "Malware" fick du bort den?

Finns det loggar?

Skannat med något Antivirusprogram?

Det kan ju vara så att du inte fått bort alla problem, utan skrapat på ytan.

Om något antivirus- eller antispionprogram har hittat något skadligt så klistra in en logg där det framgår vad som har hittats och vilka filer och mappar som är inblandade.

 

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

Mvh

Mats H

Attach.txt

Link to comment
Share on other sites

Hej,

börja med följande,

ta bort denna Toolbar, kan vara en dold fil.

Avaktivera i webbläsaren, leta reda på filen, först genom KOntrolpanelen Program, om du inte ser den där, Via Datorn och C:\, och Deleta.

C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

 

Starta Firefox:

Verktyg - Inställningar, fliken Allmänt byt start sida till denna:

https://www.google.com/

 

Starta om Firefox och skriv följande,

about:config i adressfältet, tryck Enter, bekräfta sedan , genom att trycka på Knappen "En farlig åtgärd, ska vara försiktig."

Leta reda på raden,

keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=

ersätt den med följande:

keyword.URL;http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

 

Utför dessa åtgärder och starta om datorn.

Conduit, är en tveksam historia som ofta leder till Adware och andra otyg.

DVDVideoSoftTB är detsamma.

http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=VideoSoftTB%20Toolbar%3A

 

Återkom med en ny DDS, Attach behövs ej.

Mvh

Mats H

Link to comment
Share on other sites

Hej,

Tack för analysen!

Vidtog de åtgärder du föreslog. Jag brukar alltid ha google som startsida, men conduit är default , så den dyker upp vid varje uppdatering av firefox. kommer den här ändringen jag gjort nu att förhindra detta framöver, eller bör man göra det varje gång en ny version av firefox dytker upp?

 

Här kommer DDS analysen gjord efter vidtagna åtgärder

 

mvh,

GoJ

 

DDS (Ver_10-10-10.03) - NTFS_AMD64

Run by michael f at 21:47:21,96 on 2010-10-21

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.8191.6540 [GMT 2:00]

 

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\michael f\Desktop\dds.scr

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r

mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [bCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Personal.lnk - C:\Program Files (x86)\Personal\bin\Personal.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\michael f\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - C:\Users\michael f\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - C:\Users\MICHAE~1\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - keyword.URL;hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\Users\michael f\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll

FF - component: C:\Users\michael f\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll

FF - component: C:\Users\michael f\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll

FF - component: C:\Users\michael f\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll

FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\michael f\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Users\michael f\AppData\Roaming\Mozilla\Firefox\Profiles\6n3mxjcz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-11 55024]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2010-9-24 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2010-9-24 221232]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys [2010-10-6 954928]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2010-9-24 615040]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101020.001\IDSviA64.sys [2010-10-19 476720]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2010-9-24 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2010-9-24 451120]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-7-17 132656]

R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-9 34032]

S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 67656]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-20 48488]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2010-8-9 13352]

S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-10-16 50176]

S4 BCSWAP;BCSWAP;C:\Windows\System32\drivers\bcswap.sys [2007-1-25 101352]

 

=============== Created Last 30 ================

 

2010-10-21 09:11:05 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2010-10-20 12:35:42 -------- d-----w- C:\Users\MICHAE~1\AppData\Roaming\Windows Live Writer

2010-10-20 12:35:42 -------- d-----w- C:\Users\MICHAE~1\AppData\Local\Windows Live Writer

2010-10-20 08:36:43 -------- d-----w- C:\Users\michael f\Tracing

2010-10-20 08:32:50 -------- d-----w- C:\Windows\sv

2010-10-20 08:31:27 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2010-10-20 08:31:08 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2010-10-20 08:31:04 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer

2010-10-20 08:31:02 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2010-10-20 08:31:02 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2010-10-20 08:31:02 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2010-10-20 08:31:02 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2010-10-20 08:17:42 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\43c8a1d01cb702f2d\InstallManager_WLE_WLE.exe

2010-10-20 08:17:28 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3c1849ce1cb702f22\MeshBetaRemover.exe

2010-10-20 08:17:13 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\326870ce1cb702f1a\DXSETUP.exe

2010-10-20 08:17:12 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\326870ce1cb702f1a\DSETUP.dll

2010-10-20 08:17:12 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\326870ce1cb702f1a\dsetup32.dll

2010-10-20 08:17:11 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31818fdc1cb702f19\DSETUP.dll

2010-10-20 08:17:11 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31818fdc1cb702f19\DXSETUP.exe

2010-10-20 08:17:11 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31818fdc1cb702f19\dsetup32.dll

2010-10-20 08:16:41 -------- d-----w- C:\Users\MICHAE~1\AppData\Local\Windows Live

2010-10-20 08:16:14 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2010-10-20 08:16:14 206848 ----a-w- C:\Windows\System32\mfps.dll

2010-10-20 08:16:14 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2010-10-20 08:16:14 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2010-10-20 08:16:14 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2010-10-20 08:16:13 4068864 ----a-w- C:\Windows\System32\mf.dll

2010-10-20 08:16:13 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2010-10-18 08:11:46 -------- d-----w- C:\Users\MICHAE~1\AppData\Roaming\Tific

2010-10-18 08:11:45 -------- d-----w- C:\Users\MICHAE~1\AppData\Local\Symantec

2010-10-13 13:40:07 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2010-10-13 13:40:07 2085376 ----a-w- C:\Windows\System32\ole32.dll

2010-10-13 13:40:07 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-10-13 13:40:07 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-10-13 13:40:06 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

2010-10-13 13:40:06 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

2010-10-13 13:40:03 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2010-10-13 13:40:03 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2010-10-13 13:40:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-10-13 13:40:02 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-10-13 13:40:00 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-10-13 13:40:00 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-09-29 20:34:34 1654784 ------w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll

2010-09-29 20:34:33 -------- d-----w- C:\Program Files (x86)\LizardTech

2010-09-29 14:39:50 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-09-29 14:17:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-09-29 14:17:54 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-09-29 14:17:50 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-09-29 14:17:50 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-09-24 07:23:45 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys

2010-09-24 07:23:45 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys

2010-09-24 07:23:45 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtspx64.sys

2010-09-24 07:23:45 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys

2010-09-24 07:23:44 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys

2010-09-24 07:23:44 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtsp64.sys

2010-09-24 07:23:44 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys

2010-09-24 07:23:32 -------- d-----w- C:\Windows\System32\drivers\N360x64\0403000.005

2010-09-23 01:10:51 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2010-09-23 01:10:51 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2010-09-22 22:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-09-22 22:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-09-22 11:11:04 825640 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\43c8a1d01cb702f2d\OEM\Packages\default\SearchEnhancementPackSetup.EXE

 

==================== Find3M ====================

 

2010-09-21 12:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

2010-09-21 12:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

2010-09-15 02:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-09 19:42:08 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

 

============= FINISH: 21:49:03,15 ===============

 

 

 

 

 

 

 

 

 

 

 

 

Hej,

börja med följande,

ta bort denna Toolbar, kan vara en dold fil.

Avaktivera i webbläsaren, leta reda på filen, först genom KOntrolpanelen Program, om du inte ser den där, Via Datorn och C:\, och Deleta.

C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

 

Starta Firefox:

Verktyg - Inställningar, fliken Allmänt byt start sida till denna:

https://www.google.com/

 

Starta om Firefox och skriv följande,

about:config i adressfältet, tryck Enter, bekräfta sedan , genom att trycka på Knappen "En farlig åtgärd, ska vara försiktig."

Leta reda på raden,

keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=

ersätt den med följande:

keyword.URL;http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

 

Utför dessa åtgärder och starta om datorn.

Conduit, är en tveksam historia som ofta leder till Adware och andra otyg.

DVDVideoSoftTB är detsamma.

http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=VideoSoftTB%20Toolbar%3A

 

Återkom med en ny DDS, Attach behövs ej.

Mvh

Mats H

Link to comment
Share on other sites

Hej,

enligt DDS är Conduit kvar.

Troligen har du installerat ngt program som ställer in denna söktjänst.

vanligt i vissa applikationer, om man inte tänker på att markera ur i ngn lite ruta.

 

Installera HiJack This, hittas här:

HijackThis - Trend Micro USA

 

Kör sedan "Do a System Scan and Save a Logfile".

Klistra in loggen här i din tråd så ska vi se efter.

Mvh

Mats H

Link to comment
Share on other sites

hej

ok, konstigt.

hijack har jag sedan tidigare.

här kommer körningen från hijack!:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:45:32, on 2010-04-11

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Spotify\spotify.exe

C:\Program Files (x86)\Jetico\BCWipe\BCResident.exe

C:\Users\michael f\Documents\Program .exe filer\vlc-1.0.5-win32.exe

C:\Users\michael f\Documents\Program .exe filer\SUPERAntiSpyware.exe

C:\Users\michael f\Documents\Program .exe filer\RSIT.exe

C:\Program Files (x86)\Trend Micro\HijackThis\michael f.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r'>http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r'>http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r'>http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3712&r=173604107516p04e5v125y44m2146r

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL

O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [bCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Lokal tjänst')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Lokal tjänst')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Nätverkstjänst')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Nätverkstjänst')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

O23 - Service: Tjänsten Google Update (gupdate1cad98a9bdda1f0) (gupdate1cad98a9bdda1f0) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe

O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11108 bytes

 

 

 

 

Hej,

enligt DDS är Conduit kvar.

Troligen har du installerat ngt program som ställer in denna söktjänst.

vanligt i vissa applikationer, om man inte tänker på att markera ur i ngn lite ruta.

 

Installera HiJack This, hittas här:

HijackThis - Trend Micro USA

 

Kör sedan "Do a System Scan and Save a Logfile".

Klistra in loggen här i din tråd så ska vi se efter.

Mvh

Mats H

Link to comment
Share on other sites

Hej,

ser inget konstigt här.

Kontrollera denna rad i Firefox, about:config

browser.search.defaulturl - hxxp://search.conduit.com

högerklicka och välj Återställ.

Starta om, och öppna igen och se om det ändrat sig.

Mvh

Mats H

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...