Just nu i M3-nätverket
Jump to content

Problem med Spyware Protection (Vista)


Patric W

Recommended Posts

Rätt som det var nu i kväll hade jag fått ett nytt "anti-virus program", som varnade för alla möjliga problem, vid namn Spyware Protection. Tydligen kan detta installeras via pop-ups om det inte är så att man själv laddat ned det, och jag fick någon konstig popup tidigare som tog en väldig tid att ladda.

 

I alla fall, det heter Spyware Protection, och jag fann en massa hjälp kring program som låter väldigt väldigt snarlika vid namn "Spyware Protection 2009/2010", och de flesta sidorna sammanfattas ganska bra av www.spywarevoid.com/remove-spyware-protection-2010-spywareprotection-2010-removal.html

 

Problemet var bara först och främst att det här så kallade anti-virus programmet stängde ned det allra mesta så fort jag försökte öppna det. Först och främst Aktivitetshanteraren vilket gjorde att jag inte kunde ens genomföra steg ett i länken här ovan (och som var steg ett i mer eller mindre alla lösningar jag fann), det stängde även ned "regedit" (steg 2), "Ändra vilka program som startas automatiskt", SuperAntiSpyware etc. etc. Det fanns ytterligare en lösning där man skulle stänga av och slå på datorn och sedan trycka F8 och göra ett visst val, ett val som dock aldrig dök upp för min del.

 

Vad jag gjorde till slut var att lokalisera programfilen (som inte heter SpywareProtection2010.exe som i steg 3..) defender.exe och under säkerhet nekade jag alla behörigheter både för system, användare och administratör. När jag sedan startade om datorn så startades inte programmet automatiskt och jag behövde således inte genomföra steg 1 (eller ens kunde genomföra det). Steg två lyckades jag genomföra, men steg tre nu att ta bort filerna går lite sådär, när jag försöker ta bort defender.exe får jag till svar att jag "måste ha behörighet att utföra den här åtgärden". Kan det ha att göra med behörigheterna jag ändrade tidigare? Jag provade att ändra tillbaka "fullständig behörighet" + "ändra", men det gjorde ingen skillnad.

 

Jag vet inte hur mycket jag törs mixtra med filen nu när den lugnat sig med risk att det hela börjar om från början igen, samtidigt törs jag väl definitivt inte ha filerna liggandes kvar... Finns det något enkelt sätt att ta bort en fil när man får det svar jag får?

Link to comment
Share on other sites

Jag vill inte ens besöka sidan spywarevoid.com med tanke på åsikterna om den webbplatsen på http://www.mywot.com/sv/scorecard/spywarevoid.com och ändå mindre skulle jag lita på några anvisningar som finns där.

 

Vi får kolla upp datorn ordentligt med pålitliga program i stället. Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites

Då ska vi se om jag får till det: [log]DDS (Ver_10-11-09.01) - NTFS_AMD64

Run by Patric at 18:15:22,09 on 2010-11-09

Internet Explorer: 8.0.6001.18975

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.6134.3785 [GMT 1:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe

C:\ASUS.SYS\config\DVMExportService.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\Six Engine\SixEngine.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

D:\Daemon Tools\DAEMON Tools Lite\daemon.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Patric\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\ASUS\TurboV\TurboV.exe

C:\Program Files (x86)\ekort\ekort.exe

C:\Program Files\Windows Sidebar\sidebar.exe

D:\Java\bin\jusched.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\SysWOW64\OBroker.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

D:\Java\bin\jucheck.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Patric\Desktop\dds.scr

C:\Windows\SysWOW64\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.liverpoolfc.nu/

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Java\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "D:\Daemon Tools\DAEMON Tools Lite\daemon.exe" -autorun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Octoshape Streaming Services] "C:\Users\Patric\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [DfrgcfgInit] rundll32.exe "C:\Users\Patric\AppData\Local\mciPadvga\DfrgcfgInit.dll",winapiVdm DRMmapNetM

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun: [sunJavaUpdateSched] "D:\Java\bin\jusched.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: !SASWinLogon - D:\SuperAntiSpyware\SASWINLO.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - D:\SuperAntiSpyware\SASSEH.DLL

{9030D464-4C02-4ABF-8ECC-5164760863C6}

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

 

============= SERVICES / DRIVERS ===============

 

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1108000.005\symds64.sys [2010-9-21 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1108000.005\symefa64.sys [2010-9-21 221232]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx64.sys [2010-11-2 954928]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1108000.005\cchpx64.sys [2010-9-21 615040]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101108.002\IDSviA64.sys [2010-10-19 476720]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1108000.005\ironx64.sys [2010-9-21 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1108000.005\symtdiv.sys [2010-9-21 451120]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2008-11-26 323584]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [2010-9-21 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-5-27 132656]

R3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]

S3 PerfHost;Värd för prestandaräknar-DLL;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]

 

=============== File Associations ===============

 

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

 

=============== Created Last 30 ================

 

2010-11-09 16:59:57 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{E4B76995-65C7-4D4E-8108-E32DF5A2A9A7}\mpengine.dll

2010-11-06 21:43:30 2268672 ----a-w- C:\Users\Patric\AppData\Roaming\defender.exe

2010-11-02 16:51:26 -------- d-----w- C:\Users\Patric\AppData\Local\Octoshape

2010-11-01 22:06:12 -------- d-----w- C:\f243b0cdfac5452f760b9b

2010-10-28 17:29:48 -------- d-----w- C:\Users\Patric\AppData\Local\mciPadvga

2010-10-27 17:08:41 1927680 ----a-w- C:\Windows\System32\gameux.dll

2010-10-27 17:08:41 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll

2010-10-27 17:08:40 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll

2010-10-27 17:08:40 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll

2010-10-27 17:08:40 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll

2010-10-27 17:08:40 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll

2010-10-25 20:50:35 -------- d-----w- C:\Users\Patric\AppData\Roaming\84654EC4DC4F39739665D7654761A5A1

2010-10-23 16:22:52 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\89750f241cb72ce2f\InstallManager_WLE_WLE.exe

2010-10-23 16:22:30 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d5e6c941cb72ce23\MeshBetaRemover.exe

2010-10-23 16:22:12 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\724786c41cb72ce1c\DSETUP.dll

2010-10-23 16:22:12 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\724786c41cb72ce1c\DXSETUP.exe

2010-10-23 16:22:12 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\724786c41cb72ce1c\dsetup32.dll

2010-10-23 16:22:10 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\710c20941cb72ce1b\DSETUP.dll

2010-10-23 16:22:10 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\710c20941cb72ce1b\DXSETUP.exe

2010-10-23 16:22:10 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\710c20941cb72ce1b\dsetup32.dll

2010-10-23 16:21:39 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5d2ed4a41cb72ce0f\Silverlight.4.0.exe

2010-10-23 16:21:06 -------- d-----w- C:\Users\Patric\AppData\Local\Windows Live

2010-10-23 16:20:21 754688 ----a-w- C:\Windows\SysWow64\webservices.dll

2010-10-23 16:20:21 1103872 ----a-w- C:\Windows\System32\webservices.dll

2010-10-14 16:07:07 2753024 ----a-w- C:\Windows\System32\win32k.sys

2010-10-14 16:07:03 408064 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2010-10-14 16:07:03 339968 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

2010-10-14 16:07:03 1915904 ----a-w- C:\Windows\System32\ole32.dll

2010-10-14 16:07:03 1316864 ----a-w- C:\Windows\SysWow64\ole32.dll

 

==================== Find3M ====================

 

2010-10-19 09:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-09-22 22:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl

2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll

2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll

2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll

2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec

2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe

2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll

2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll

2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll

2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll

2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll

2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll

2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll

2010-08-20 16:57:50 1090048 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-20 16:05:07 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe

 

============= FINISH: 18:15:52,42 ===============[/log]

 

Jag hoppas det där blev rätt, det får bli lite av trial and error. Bifogat har jag försökt göra nu i en kvart men har ärligt talat ingen aning hur jag ska göra längre, det är säkert jätteenkelt, men jag tycker mig ha provat varenda knapp nu (inklusive egna märkliga lösningar) och nu har jag helt enkelt ingen idé längre.

Link to comment
Share on other sites

Det gick ju bra :)

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

C:\Users\Patric\AppData\Local\mciPadvga\DfrgcfgInit.dll

C:\Users\Patric\AppData\Roaming\defender.exe (fast det går kanske inte när du stängt ner behörigheterna)

 

Har SUPERAntiSpyware hittat något? I så fall klistra in en logg från det programmet.

Link to comment
Share on other sites

  • 2 weeks later...

Jag ser i DDS-loggen att det finns en gammal java-version med säkerhetshål

i datorn,avinstallera i Kontollpanelen Program och funktioner,ladda sedan

hem senaste versionen http://www.java.com/sv/

Fast inte förrän datorn är ren.

Link to comment
Share on other sites

Då ska vi se:

 

Första filen

 

Den andra gick som sagt inte eftersom jag inte hade behövrighet att öppna den. Jag körde SuperAntiSpyware mer eller mindre direkt efter jag lyckats "stänga ned" behörigheterna för defenderfilen, men det enda programmet hittade var några "Tracking Cookies"... som det brukar vara när det gått några dagar mellan sökningarna.

 

Angående den andra filen, bör jag ändra behörigheterna för att testa den med? Eller ska jag vara försiktig med den?

Link to comment
Share on other sites

Låt den andra filen vara så länge. Den som du skannade såg ju tillräckligt otrevlig ut.

 

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

 

Klicka på Start Scan.

 

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Delete. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

Link to comment
Share on other sites

Såhär såg det ut: [log]2010/11/20 08:58:56.0558 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12

2010/11/20 08:58:56.0558 ================================================================================

2010/11/20 08:58:56.0558 SystemInfo:

2010/11/20 08:58:56.0558

2010/11/20 08:58:56.0558 OS Version: 6.0.6002 ServicePack: 2.0

2010/11/20 08:58:56.0558 Product type: Workstation

2010/11/20 08:58:56.0558 ComputerName: PATRIC-DATOR

2010/11/20 08:58:56.0559 UserName: Patric

2010/11/20 08:58:56.0559 Windows directory: C:\Windows

2010/11/20 08:58:56.0559 System windows directory: C:\Windows

2010/11/20 08:58:56.0559 Running under WOW64

2010/11/20 08:58:56.0559 Processor architecture: Intel x64

2010/11/20 08:58:56.0559 Number of processors: 8

2010/11/20 08:58:56.0559 Page size: 0x1000

2010/11/20 08:58:56.0559 Boot type: Normal boot

2010/11/20 08:58:56.0559 ================================================================================

2010/11/20 08:58:56.0559 Utility is running under WOW64

2010/11/20 08:59:01.0174 Initialize success

2010/11/20 08:59:07.0646 ================================================================================

2010/11/20 08:59:07.0646 Scan started

2010/11/20 08:59:07.0646 Mode: Manual;

2010/11/20 08:59:07.0646 ================================================================================

2010/11/20 08:59:09.0485 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2010/11/20 08:59:09.0618 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2010/11/20 08:59:09.0723 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2010/11/20 08:59:09.0765 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2010/11/20 08:59:09.0791 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2010/11/20 08:59:09.0849 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2010/11/20 08:59:09.0872 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2010/11/20 08:59:09.0951 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/11/20 08:59:10.0037 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

2010/11/20 08:59:10.0078 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/11/20 08:59:10.0103 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2010/11/20 08:59:10.0135 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2010/11/20 08:59:10.0168 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2010/11/20 08:59:10.0214 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/20 08:59:10.0259 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

2010/11/20 08:59:10.0713 BHDrvx64 (9521d3908d3d2f5f6353f036845aad85) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys

2010/11/20 08:59:10.0775 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2010/11/20 08:59:10.0804 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/20 08:59:10.0842 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/11/20 08:59:10.0887 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/11/20 08:59:10.0946 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/11/20 08:59:11.0000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/11/20 08:59:11.0038 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/11/20 08:59:11.0066 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/11/20 08:59:11.0097 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/11/20 08:59:11.0356 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys

2010/11/20 08:59:11.0546 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/20 08:59:11.0637 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/20 08:59:11.0664 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

2010/11/20 08:59:11.0797 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2010/11/20 08:59:11.0839 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/11/20 08:59:11.0864 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

2010/11/20 08:59:11.0879 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2010/11/20 08:59:11.0916 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2010/11/20 08:59:11.0935 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2010/11/20 08:59:11.0983 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/11/20 08:59:12.0357 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/20 08:59:12.0517 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/11/20 08:59:12.0536 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2010/11/20 08:59:12.0820 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

2010/11/20 08:59:13.0266 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2010/11/20 08:59:13.0380 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/11/20 08:59:13.0425 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2010/11/20 08:59:13.0485 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2010/11/20 08:59:13.0555 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2010/11/20 08:59:13.0725 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/20 08:59:13.0818 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/11/20 08:59:13.0852 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/11/20 08:59:13.0878 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/20 08:59:13.0907 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2010/11/20 08:59:13.0933 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/20 08:59:13.0971 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2010/11/20 08:59:14.0021 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2010/11/20 08:59:14.0084 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/20 08:59:14.0113 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/11/20 08:59:14.0144 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

2010/11/20 08:59:14.0177 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/20 08:59:14.0210 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2010/11/20 08:59:14.0249 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2010/11/20 08:59:14.0312 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2010/11/20 08:59:14.0371 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/20 08:59:14.0430 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2010/11/20 08:59:15.0452 IDSVia64 (5b6fde76d72c2a1f0f99cbe5277e82ec) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101118.005\IDSvia64.sys

2010/11/20 08:59:15.0612 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/11/20 08:59:15.0703 IntcAzAudAddService (56c5a3afac93cd364dec7fbca616e1c2) C:\Windows\system32\drivers\RTKVHD64.sys

2010/11/20 08:59:15.0758 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2010/11/20 08:59:15.0791 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/20 08:59:15.0859 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/20 08:59:15.0919 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2010/11/20 08:59:15.0945 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/11/20 08:59:15.0966 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/11/20 08:59:15.0998 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2010/11/20 08:59:16.0049 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/20 08:59:16.0075 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/11/20 08:59:16.0111 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/11/20 08:59:16.0145 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys

2010/11/20 08:59:16.0161 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/20 08:59:16.0214 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/20 08:59:16.0258 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/20 08:59:16.0276 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/11/20 08:59:16.0346 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2010/11/20 08:59:16.0372 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/20 08:59:16.0402 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2010/11/20 08:59:16.0445 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2010/11/20 08:59:16.0473 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2010/11/20 08:59:16.0494 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2010/11/20 08:59:16.0509 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/11/20 08:59:16.0537 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2010/11/20 08:59:16.0619 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2010/11/20 08:59:16.0649 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/11/20 08:59:16.0683 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/20 08:59:16.0780 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/20 08:59:16.0829 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/20 08:59:16.0844 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/11/20 08:59:16.0901 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2010/11/20 08:59:16.0925 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/20 08:59:16.0952 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/11/20 08:59:16.0978 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2010/11/20 08:59:17.0035 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/20 08:59:17.0061 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/20 08:59:17.0081 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/20 08:59:17.0109 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

2010/11/20 08:59:17.0131 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2010/11/20 08:59:17.0183 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/11/20 08:59:17.0206 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/11/20 08:59:17.0243 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/20 08:59:17.0264 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/20 08:59:17.0282 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/11/20 08:59:17.0319 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2010/11/20 08:59:17.0341 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/20 08:59:17.0362 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/11/20 08:59:17.0382 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys

2010/11/20 08:59:17.0400 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2010/11/20 08:59:17.0454 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/20 08:59:17.0820 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101119.002\ENG64.SYS

2010/11/20 08:59:17.0927 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101119.002\EX64.SYS

2010/11/20 08:59:17.0968 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2010/11/20 08:59:17.0993 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/20 08:59:18.0011 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/20 08:59:18.0034 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/20 08:59:18.0049 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/11/20 08:59:18.0083 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/20 08:59:18.0117 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/20 08:59:18.0169 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/11/20 08:59:18.0217 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2010/11/20 08:59:18.0240 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/20 08:59:18.0279 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2010/11/20 08:59:18.0304 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/11/20 08:59:18.0492 nvlddmkm (aa0828f3223e1a2952f80a8d2047dd40) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/11/20 08:59:18.0576 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2010/11/20 08:59:18.0646 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2010/11/20 08:59:18.0679 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2010/11/20 08:59:18.0744 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/20 08:59:18.0771 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2010/11/20 08:59:18.0798 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2010/11/20 08:59:18.0823 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2010/11/20 08:59:18.0850 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

2010/11/20 08:59:18.0871 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2010/11/20 08:59:18.0907 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/11/20 08:59:18.0979 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/20 08:59:19.0004 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2010/11/20 08:59:19.0046 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/20 08:59:19.0098 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2010/11/20 08:59:19.0148 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/11/20 08:59:19.0181 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/20 08:59:19.0193 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/20 08:59:19.0217 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/20 08:59:19.0243 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/20 08:59:19.0278 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/20 08:59:19.0303 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/20 08:59:19.0323 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/20 08:59:19.0373 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2010/11/20 08:59:19.0388 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/20 08:59:19.0427 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2010/11/20 08:59:19.0511 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/20 08:59:19.0537 RTL8169 (9f248ef4d204ade0b18dd50e26095cd5) C:\Windows\system32\DRIVERS\Rtlh64.sys

2010/11/20 08:59:19.0576 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/11/20 08:59:19.0613 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/11/20 08:59:19.0638 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2010/11/20 08:59:19.0665 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2010/11/20 08:59:19.0691 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/11/20 08:59:19.0735 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2010/11/20 08:59:19.0760 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/11/20 08:59:19.0777 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2010/11/20 08:59:19.0800 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/11/20 08:59:19.0836 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2010/11/20 08:59:19.0856 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2010/11/20 08:59:19.0910 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2010/11/20 08:59:19.0958 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2010/11/20 08:59:20.0013 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys

2010/11/20 08:59:20.0013 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf

2010/11/20 08:59:20.0018 sptd - detected Locked file (1)

2010/11/20 08:59:20.0093 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS

2010/11/20 08:59:20.0112 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS

2010/11/20 08:59:20.0158 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys

2010/11/20 08:59:20.0186 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/20 08:59:20.0212 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/20 08:59:20.0247 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/20 08:59:20.0286 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/11/20 08:59:20.0350 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS

2010/11/20 08:59:20.0392 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS

2010/11/20 08:59:20.0438 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

2010/11/20 08:59:20.0461 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS

2010/11/20 08:59:20.0490 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS

2010/11/20 08:59:20.0533 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/11/20 08:59:20.0558 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/11/20 08:59:20.0631 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

2010/11/20 08:59:20.0678 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/20 08:59:20.0715 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/20 08:59:20.0739 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/11/20 08:59:20.0761 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/11/20 08:59:20.0794 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/20 08:59:20.0840 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/20 08:59:20.0896 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/20 08:59:20.0915 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/11/20 08:59:20.0969 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/20 08:59:20.0995 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2010/11/20 08:59:21.0028 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/20 08:59:21.0065 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2010/11/20 08:59:21.0097 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2010/11/20 08:59:21.0137 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/11/20 08:59:21.0166 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/11/20 08:59:21.0193 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/20 08:59:21.0246 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/20 08:59:21.0272 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2010/11/20 08:59:21.0287 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/20 08:59:21.0323 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/20 08:59:21.0350 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2010/11/20 08:59:21.0369 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

2010/11/20 08:59:21.0388 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/20 08:59:21.0402 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/20 08:59:21.0444 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/20 08:59:21.0461 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/11/20 08:59:21.0480 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/11/20 08:59:21.0510 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2010/11/20 08:59:21.0547 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2010/11/20 08:59:21.0666 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2010/11/20 08:59:21.0723 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2010/11/20 08:59:21.0751 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/11/20 08:59:21.0792 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/20 08:59:21.0799 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/20 08:59:21.0822 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/11/20 08:59:21.0856 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/20 08:59:22.0317 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

2010/11/20 08:59:22.0417 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/20 08:59:22.0490 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/20 08:59:22.0536 ================================================================================

2010/11/20 08:59:22.0536 Scan finished

2010/11/20 08:59:22.0536 ================================================================================

2010/11/20 08:59:22.0543 Detected object count: 1

2010/11/20 09:01:53.0549 Locked file(sptd) - User select action: Skip [/log]

 

Jag kunde inte välja Cure, jag kunde välja på skip, quarantine och delete (tror jag). Om jag förstod det rätt så var den där filen en del av Daemon Tools, så när inte cure fanns valde jag skip (som var förvalt). Kan väl nämna att jag stängde ned Daemon Tools strax innan jag startade TDSSKiller.

Link to comment
Share on other sites

Japp, det är en fil som används av Daemon Tools och liknande program. Du får stänga av den tills vidare så här:

 

1.

Spara DeFogger by jpshortstuff http://www.jpshortstuff.247fixes.com/Defogger.exe på Skrivbordet.

 

Starta DeFogger.

När programmets fönster kommer upp trycker du på knappen Disable för att inaktivera drivrutinerna som hör ihop med ditt installerade CD-emuleringsprogram.

Tryck på Yes/Ja för att fortsätta.

När programmet är klart kommer det upp ett meddelande 'Finished!'.

Tryck på OK.

Programmet ber om omstart av datorn, tryck på OK.

 

VIKTIGT! Om du får ett felmeddelande medan DeFogger kör, så klistra in loggen defogger_disable som då skapas på Skrivbordet.

 

Aktivera inte dessa drivrutiner innan rensningen är helt klar.

 

2.

Kör sedan TDSSKiller igen.

 

3.

Ladda ner mbr.exe till Skrivbordet:

http://www2.gmer.net/mbr/mbr.exe

 

Start - Kör

Kopiera raden som är i rutan nedan och klistra in i Kör-fältet.

"%userprofile%\desktop\mbr.exe" -tDFR -s  > "C:\mbr.log"

Klistra in innehållet i mbr.log som skapas i C:\.

 

Obs! Dra ur internetanslutningen och inaktivera/stäng av antivirus- och andra säkerhetsprogram innan du kör mbr.exe.

Link to comment
Share on other sites

Jag lyckades inte stänga ned Norton (har ärligt talat ingen aning i hur man gör det, och programmet själv eller hjälpsystemet gav inga svar heller), så jag inaktiverade vad brandväggen och "Antivirus Auto-Protect". Jag fick följande logg (som landade på skrivbordet) som spontant känns ganska tom: [log]Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.0.6002

 

device: opened successfully

user: error reading MBR

 

Disk trace:

error: Read Referensen (handle) är felaktig.

kernel: error reading MBR

 

Filesystem trace:

 

Registry trace:

[/log]

Link to comment
Share on other sites

Ja, troligen är det så att mbr.exe inte fungerar något vidare på 64-bitars Windows.

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwarebytes.org/mbam-download.php

http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=b4a0904e0f02b40bf2ae9ce030ef5c99&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11375988&mfgId=6290020&merId=6290020&pguid=XI3P-goPjFwAACI-g4wAAAA4&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3Db4a0904e0f02b40bf2ae9ce030ef5c99

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

Link to comment
Share on other sites

Då ska vi se, då verkar det som att defender.exe blev åtgärdad i alla fall: [log]Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 5166

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

 

2010-11-21 22:38:16

mbam-log-2010-11-21 (22-38-16).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 139159

Förfluten tid: 3 minut(er), 42 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Users\Patric\AppData\Roaming\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[/log]

 

Jag kan nämna förresten att det ligger en fil även i startmenyn som heter just Spyware Protection och som dök upp samtidigt som defender filen. Även den begränsade jag behörigheterna för så... den ligger bara kvar där för tillfället. En .ink fil om det spelar någon roll...

Link to comment
Share on other sites

En .lnk-fil (L som i link) är en genväg så den i sig gör ingen skada. Kan du högerklicka på den och välja Ta bort? Du får förstås se till att du har behörigheter till filen.

 

Finns det fler filer än DfrgcfgInit.dll i mappen C:\Users\Patric\AppData\Local\mciPadvga?

Link to comment
Share on other sites

Räcker det med att ändra behörigheten på mappen och filen? Du verkar ju vara van med det ;)

 

Om inte spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Under Standard Registry välj All.

 

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna och att radbrytningarna är kvar):

%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

 

Bocka för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

Link to comment
Share on other sites

Det gjorde det tyvärr inte (de hade redan fullständig behörighet)

 

Sparade den på skrivbordet, mitt kära, rena, fina skrivbord som nu svämmar över av programfiler, loggar och en massa annat ;)

 

Jag kan förresten nämna (som jag inte vet om det är av någon betydelse eller om det har med något annat att göra) att mitt Internet har varit konstigt i dag och hängt sig väldigt ofta när jag haft mer än en flik öppen eller om ett nytt fönster öppnats (vilket lett till säg att det hängt sig 10 gånger nu ikväll). Och att jag kom in på det nu hade att göra med en annan skum sak som nyss hände, jag kan het enkelt inte göra något på skrivbordet, inte klicka på några filer, inte klicka med höger musknapp någonstans eller någonting...

 

Via startmenyn och hårddisken kom jag i alla fall åt skrivbordet och detta var vad OTL kom fram till: [log]OTL logfile created on: 2010-11-24 21:16:23 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Patric\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 62,00% Memory free

12,00 Gb Paging File | 10,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,66 Gb Total Space | 16,60 Gb Free Space | 16,99% Space Free | Partition Type: NTFS

Drive D: | 833,85 Gb Total Space | 10,55 Gb Free Space | 1,26% Space Free | Partition Type: NTFS

Drive E: | 2,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: PATRIC-DATOR | User Name: Patric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Patric\Desktop\OTL.exe (OldTimer Tools)

PRC - D:\SuperAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program\Logitech\SetPoint\x86\SetPoint32.exe ()

PRC - C:\Users\Patric\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

PRC - C:\Program Files (x86)\ekort\ekort.exe (Orbiscom Ltd. All rights reserved.)

PRC - C:\Windows\SysWOW64\OBroker.exe ()

PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)

PRC - C:\Program\ASUS\Six Engine\SixEngine.exe ()

PRC - C:\Program\ASUS\TurboV\TurboV.exe ()

PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()

PRC - C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Patric\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)

MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\ASOEHOOK.DLL (Symantec Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe (Symantec Corporation)

SRV - (LBTServ) -- C:\Program\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)

SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found

DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found

DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found

DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1108000.005\SYMTDIV.SYS (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Ironx64.SYS (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SYMEFA64.SYS (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1108000.005\SRTSP64.SYS (Symantec Corporation)

DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SRTSPX64.SYS (Symantec Corporation)

DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ccHPx64.sys (Symantec Corporation)

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SYMDS64.SYS (Symantec Corporation)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101122.006\IDSviA64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101123.051\EX64.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101123.051\ENG64.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.liverpoolfc.nu/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 29 1D B6 11 37 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-17 09:52:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010-05-27 21:10:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program Files (x86)\ekort [2010-01-01 16:43:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010-01-13 17:15:19 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2006-09-18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files (x86)\ekort\EKortHelper.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [e-kort] C:\Program (x86)\ekort\ekort.exe File not found

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()

O4 - HKCU..\Run: [DfrgcfgInit] C:\Users\Patric\AppData\Local\mciPadvga\DfrgcfgInit.DLL ()

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Patric\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] D:\SuperAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\SuperAntiSpyware\SASWINLO.dll - D:\SuperAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Patric\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg

O24 - Desktop BackupWallPaper: C:\Users\Patric\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-07-30 09:30:42 | 000,000,154 | R--- | M] () - E:\autorun.cfg -- [ UDF ]

O32 - AutoRun File - [2008-11-27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - E:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006-09-11 14:26:42 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{232e417b-a374-11de-875c-00248c5b110c}\Shell\AutoRun\command - "" = L:\wd_windows_tools\WDSetup.exe -- File not found

O33 - MountPoints2\{c068151d-a2ba-11de-9d3f-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{c068151d-a2ba-11de-9d3f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008-11-27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive)

O33 - MountPoints2\{dd45f5c1-a878-11de-b82c-00248c5b110c}\Shell - "" = AutoRun

O33 - MountPoints2\{dd45f5c1-a878-11de-b82c-00248c5b110c}\Shell\AutoRun\command - "" = J:\OblivionLauncher.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-11-24 21:04:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Patric\Desktop\OTL.exe

[2010-11-21 22:19:17 | 000,000,000 | ---D | C] -- C:\Users\Patric\AppData\Roaming\Malwarebytes

[2010-11-21 22:19:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010-11-21 22:19:10 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010-11-21 22:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010-11-21 22:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010-11-21 22:18:10 | 000,000,000 | ---D | C] -- C:\Users\Patric\Desktop\mbam

[2010-11-20 08:58:35 | 000,000,000 | ---D | C] -- C:\Users\Patric\Desktop\tdsskiller

[2010-11-18 19:27:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010-11-18 19:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010-11-18 19:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010-11-18 19:26:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2010-11-18 19:26:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010-11-18 19:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010-11-18 19:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010-11-02 17:51:26 | 000,000,000 | ---D | C] -- C:\Users\Patric\AppData\Local\Octoshape

[2010-11-01 23:06:12 | 000,000,000 | ---D | C] -- C:\f243b0cdfac5452f760b9b

[2010-10-28 18:29:48 | 000,000,000 | ---D | C] -- C:\Users\Patric\AppData\Local\mciPadvga

[2010-10-27 18:08:41 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2010-10-27 18:08:41 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2010-10-27 18:08:40 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll

[2010-10-27 18:08:40 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll

[2010-10-27 18:08:40 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll

[2010-10-27 18:08:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll

[2010-10-25 21:50:35 | 000,000,000 | ---D | C] -- C:\Users\Patric\AppData\Roaming\84654EC4DC4F39739665D7654761A5A1

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010-11-24 21:04:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Patric\Desktop\OTL.exe

[2010-11-24 20:21:00 | 000,034,816 | ---- | M] () -- C:\Users\Patric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-11-24 19:40:00 | 001,395,246 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-11-24 19:40:00 | 000,597,598 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2010-11-24 19:40:00 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-11-24 19:40:00 | 000,117,210 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2010-11-24 19:40:00 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-11-24 19:34:08 | 000,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010-11-24 19:34:01 | 000,032,974 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010-11-24 19:33:46 | 000,004,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010-11-24 19:33:46 | 000,004,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010-11-24 19:33:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-11-22 20:00:03 | 000,000,698 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Kör fullständig systemsökning - Patric.job

[2010-11-21 19:52:45 | 000,089,088 | ---- | M] () -- C:\Users\Patric\Desktop\mbr.exe

[2010-11-21 19:48:22 | 000,000,174 | ---- | M] () -- C:\Users\Patric\defogger_reenable

[2010-11-21 19:47:41 | 000,050,477 | ---- | M] () -- C:\Users\Patric\Desktop\Defogger.exe

[2010-11-20 08:57:44 | 001,224,671 | ---- | M] () -- C:\Users\Patric\Desktop\tdsskiller.zip

[2010-11-14 00:04:32 | 000,018,488 | ---- | M] () -- C:\Users\Patric\Desktop\Dokument.rtf

[2010-11-09 18:00:49 | 000,630,272 | ---- | M] () -- C:\Users\Patric\Desktop\dds.scr

[2010-11-08 21:58:23 | 000,002,693 | ---- | M] () -- C:\Users\Patric\Desktop\SP.rtf

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-11-21 19:52:11 | 000,089,088 | ---- | C] () -- C:\Users\Patric\Desktop\mbr.exe

[2010-11-21 19:48:21 | 000,000,174 | ---- | C] () -- C:\Users\Patric\defogger_reenable

[2010-11-21 19:47:29 | 000,050,477 | ---- | C] () -- C:\Users\Patric\Desktop\Defogger.exe

[2010-11-20 08:57:40 | 001,224,671 | ---- | C] () -- C:\Users\Patric\Desktop\tdsskiller.zip

[2010-11-09 18:00:46 | 000,630,272 | ---- | C] () -- C:\Users\Patric\Desktop\dds.scr

[2010-11-08 21:58:22 | 000,002,693 | ---- | C] () -- C:\Users\Patric\Desktop\SP.rtf

[2010-05-14 09:51:55 | 000,000,680 | ---- | C] () -- C:\Users\Patric\AppData\Local\d3d9caps.dat

[2010-03-17 17:59:47 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll

[2009-09-17 11:47:08 | 000,034,816 | ---- | C] () -- C:\Users\Patric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-09-17 11:40:01 | 000,000,179 | ---- | C] () -- C:\Users\Patric\AppData\Roaming\setup.log

[2009-09-17 11:39:59 | 000,000,760 | ---- | C] () -- C:\Users\Patric\AppData\Roaming\setup_ldm.iss

[2009-09-17 10:29:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009-09-17 10:28:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009-09-17 09:45:50 | 000,032,974 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009-09-17 09:38:08 | 000,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009-09-16 13:27:42 | 000,000,732 | ---- | C] () -- C:\Users\Patric\AppData\Local\d3d9caps64.dat

[2009-09-15 12:57:38 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2009-09-15 12:57:38 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2009-09-15 12:57:35 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2009-09-15 12:57:35 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2009-09-15 12:45:47 | 000,040,121 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2009-09-15 12:45:45 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini

[2009-09-15 12:45:22 | 000,028,276 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2008-11-07 17:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

[2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008-01-21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007-12-28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

 

========== LOP Check ==========

 

[2010-10-25 21:50:35 | 000,000,000 | ---D | M] -- C:\Users\Patric\AppData\Roaming\84654EC4DC4F39739665D7654761A5A1

[2010-11-04 01:54:07 | 000,000,000 | ---D | M] -- C:\Users\Patric\AppData\Roaming\Azureus

[2009-09-23 20:43:39 | 000,000,000 | ---D | M] -- C:\Users\Patric\AppData\Roaming\DAEMON Tools Lite

[2010-08-28 11:43:42 | 000,000,000 | ---D | M] -- C:\Users\Patric\AppData\Roaming\Octoshape

[2010-08-08 17:48:05 | 000,000,000 | ---D | M] -- C:\Users\Patric\AppData\Roaming\Personal

[2010-05-25 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Patric\AppData\Roaming\Sports Interactive

[2010-11-24 19:32:14 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009-04-11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2009-09-15 13:29:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2010-11-24 19:33:54 | 005,074,663 | ---- | M] () -- C:\ntservicelogOutlook.txt

[2010-11-24 19:33:28 | 2451,750,911 | -HS- | M] () -- C:\pagefile.sys

[2009-09-15 12:50:53 | 000,001,717 | ---- | M] () -- C:\RHDSetup.log

[2009-09-15 13:01:11 | 000,000,060 | ---- | M] () -- C:\splash.idx

[2010-11-20 09:07:06 | 000,112,054 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_20.11.2010_08.58.56_log.txt

[2009-01-08 10:09:22 | 000,007,552 | -H-- | M] () -- C:\version

 

 

< MD5 for: AGP440.SYS >

[2008-01-21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008-01-21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2008-01-21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009-04-11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006-11-02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

< MD5 for: IASTORV.SYS >

[2008-01-21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2008-01-21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009-04-11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008-01-21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2008-01-21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2008-01-21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008-01-21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009-04-11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009-03-08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll

[2009-03-08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

[2010-09-13 16:46:13 | 010,627,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< >

 

< End of report >

[/log]

Extras.Txt

Link to comment
Share on other sites

Det har ju gått några dagar sedan du körde MBAM, så uppdatera inifrån programmet och skanna igenom datorn. Klistra in loggen om något hittas.

 

Återkommer när jag har gått igenom loggen.

Link to comment
Share on other sites

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:processes
killallprocesses 
:OTL
O4 - HKCU..\Run: [DfrgcfgInit] C:\Users\Patric\AppData\Local\mciPadvga\DfrgcfgInit.DLL ()
O32 - AutoRun File - [2009-07-30 09:30:42 | 000,000,154 | R--- | M] () - E:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2008-11-27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006-09-11 14:26:42 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{232e417b-a374-11de-875c-00248c5b110c}\Shell\AutoRun\command - "" = L:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{c068151d-a2ba-11de-9d3f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c068151d-a2ba-11de-9d3f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008-11-27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive)
O33 - MountPoints2\{dd45f5c1-a878-11de-b82c-00248c5b110c}\Shell - "" = AutoRun
O33 - MountPoints2\{dd45f5c1-a878-11de-b82c-00248c5b110c}\Shell\AutoRun\command - "" = J:\OblivionLauncher.exe -- File not found
:Commands
[CREATERESTOREPOINT]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

 

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

Link to comment
Share on other sites

Då ska vi se nu när jag har en lugn stund över äntligen. MBAM hittade ingenting.

 

Den där sidan hjälpte mig väl inte mer än vad jag kom fram till förra gången. Man skulle öppna Norton, sedan välja User Accounts, men det finns inget sådant val någonstans, så jag kommer aldrig längre i det där än till "Start Norton Internet Security". Någon skrev i en kommentar en bit nedanför att man kunde välja "Disable Antivirus Auto-Protect" vilket var vad jag gjorde sist (det plus "Disable Smart Firewall"). Så jag gör samma nu.

 

[log]========== PROCESSES ==========

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DfrgcfgInit deleted successfully.

C:\Users\Patric\AppData\Local\mciPadvga\DfrgcfgInit.DLL moved successfully.

File move failed. E:\autorun.cfg scheduled to be moved on reboot.

File move failed. E:\autorun.exe scheduled to be moved on reboot.

File move failed. E:\autorun.inf scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232e417b-a374-11de-875c-00248c5b110c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232e417b-a374-11de-875c-00248c5b110c}\ not found.

File L:\wd_windows_tools\WDSetup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c068151d-a2ba-11de-9d3f-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c068151d-a2ba-11de-9d3f-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c068151d-a2ba-11de-9d3f-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c068151d-a2ba-11de-9d3f-806e6f6e6963}\ not found.

File move failed. E:\autorun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd45f5c1-a878-11de-b82c-00248c5b110c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd45f5c1-a878-11de-b82c-00248c5b110c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd45f5c1-a878-11de-b82c-00248c5b110c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd45f5c1-a878-11de-b82c-00248c5b110c}\ not found.

File J:\OblivionLauncher.exe not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_190121

 

Files\Folders moved on Reboot...

File move failed. E:\autorun.cfg scheduled to be moved on reboot.

File move failed. E:\autorun.exe scheduled to be moved on reboot.

File move failed. E:\autorun.inf scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

[/log]

Link to comment
Share on other sites

Det där såg ju bra ut.

 

MBAM har kommit ut i en ny version 1.50 så uppdatera till den versionen.

 

Spara MBRCheck.exe av a_d_13 på Skrivbordet.

Kör programmet.

Vänta tills programmet är klart eller till texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. I det senare fallet tryck på N följt av Enter.

När det är klart skapas en loggfil på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Öppna loggen i Anteckningar genom att dubbelklicka på loggen och klistra in innehållet i ditt svar.

Link to comment
Share on other sites

  • 2 weeks later...

Hmm, det kom inte upp exakt så som du skrev så jag tror jag körde programmet två gånger när jag trodde jag gjort fel, loggfilerna hade inte riktigt samma namn (om det nu är rätt filer), men såhär såg den första ut: [log]MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x000001fc

 

Kernel Drivers (total 151):

0x01E5C000 \SystemRoot\system32\ntoskrnl.exe

0x01E16000 \SystemRoot\system32\hal.dll

0x00602000 \SystemRoot\system32\kdcom.dll

0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00647000 \SystemRoot\system32\PSHED.dll

0x0065B000 \SystemRoot\system32\CLFS.SYS

0x006B8000 \SystemRoot\system32\CI.dll

0x00800000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008DA000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008E8000 \SystemRoot\system32\drivers\acpi.sys

0x0093E000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00947000 \SystemRoot\system32\drivers\msisadrv.sys

0x00951000 \SystemRoot\system32\drivers\pci.sys

0x00981000 \SystemRoot\System32\drivers\partmgr.sys

0x00996000 \SystemRoot\system32\drivers\volmgr.sys

0x0076A000 \SystemRoot\System32\drivers\volmgrx.sys

0x009AA000 \SystemRoot\system32\drivers\pciide.sys

0x009B1000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x009C1000 \SystemRoot\System32\drivers\mountmgr.sys

0x009D4000 \SystemRoot\system32\drivers\atapi.sys

0x009DC000 \SystemRoot\system32\drivers\ataport.SYS

0x007D0000 \SystemRoot\system32\DRIVERS\jraid.sys

0x00A04000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x00A32000 \SystemRoot\system32\drivers\fltmgr.sys

0x00A79000 \SystemRoot\system32\drivers\fileinfo.sys

0x00A8D000 \SystemRoot\system32\drivers\NISx64\1108000.005\SYMDS64.SYS

0x00AFB000 \SystemRoot\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS

0x00B36000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00C07000 \SystemRoot\system32\drivers\ndis.sys

0x00E0E000 \SystemRoot\system32\drivers\msrpc.sys

0x00E5E000 \SystemRoot\system32\drivers\NETIO.SYS

0x01004000 \SystemRoot\System32\drivers\tcpip.sys

0x0117A000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01200000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01380000 \SystemRoot\system32\drivers\volsnap.sys

0x013C4000 \SystemRoot\System32\Drivers\spldr.sys

0x013CC000 \SystemRoot\System32\Drivers\mup.sys

0x011A6000 \SystemRoot\System32\drivers\ecache.sys

0x013DE000 \SystemRoot\system32\drivers\disk.sys

0x011D2000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x013F2000 \SystemRoot\system32\drivers\crcdisk.sys

0x00ED9000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x00EE6000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x00EEF000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0300B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x03AD7000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x03AD9000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03BBC000 \SystemRoot\System32\drivers\watchdog.sys

0x03BCC000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x00F02000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x03BD8000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x0260E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x026FB000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x0272B000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x0273D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x0274D000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x02755000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x02771000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x00F48000 \SystemRoot\system32\DRIVERS\storport.sys

0x027AA000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x027B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x027DA000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x00FA5000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x027E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x00FD6000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x00DCA000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x03BE9000 \SystemRoot\system32\DRIVERS\termdd.sys

0x02600000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x00FF4000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x027F6000 \SystemRoot\system32\DRIVERS\swenum.sys

0x00BBD000 \SystemRoot\system32\DRIVERS\ks.sys

0x03000000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x00DE2000 \SystemRoot\system32\DRIVERS\umbus.sys

0x02C0A000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x02C52000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x02C66000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x04C0E000 \SystemRoot\system32\drivers\portcls.sys

0x04C49000 \SystemRoot\system32\drivers\drmk.sys

0x04C6C000 \SystemRoot\system32\drivers\ksthunk.sys

0x04C72000 \SystemRoot\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS

0x04CF8000 \SystemRoot\system32\drivers\NISx64\1108000.005\Ironx64.SYS

0x04D1F000 \SystemRoot\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS

0x04A0C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101210.038\EX64.SYS

0x04BC5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x04BDD000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04D33000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

0x04BDF000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101210.038\ENG64.SYS

0x04D69000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04A00000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04D85000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04D97000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x04D9F000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0x04DB2000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x04DBD000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0x04DD1000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x04DDC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x04DE6000 \SystemRoot\System32\Drivers\Null.SYS

0x04DEF000 \SystemRoot\System32\drivers\vga.sys

0x05005000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0502A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x05033000 \SystemRoot\system32\drivers\rdpencdd.sys

0x0503C000 \SystemRoot\System32\Drivers\Msfs.SYS

0x05047000 \SystemRoot\System32\Drivers\Npfs.SYS

0x05058000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x05061000 \SystemRoot\system32\DRIVERS\tdx.sys

0x0507E000 \SystemRoot\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS

0x050F4000 \SystemRoot\system32\DRIVERS\smb.sys

0x0510F000 \SystemRoot\system32\drivers\afd.sys

0x0517A000 \SystemRoot\System32\DRIVERS\netbt.sys

0x051BE000 \SystemRoot\system32\DRIVERS\pacer.sys

0x051DC000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02DE2000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x05204000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x05251000 \SystemRoot\system32\drivers\nsiproxy.sys

0x0525D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101210.001\IDSvia64.sys

0x052D8000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

0x0534E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x05373000 \SystemRoot\System32\Drivers\dfsc.sys

0x0540E000 \SystemRoot\system32\drivers\NISx64\1108000.005\ccHPx64.sys

0x054AA000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx64.sys

0x05597000 \SystemRoot\SysWow64\drivers\AsIO.sys

0x0559E000 \SystemRoot\system32\DRIVERS\udfs.sys

0x055EC000 \SystemRoot\System32\Drivers\crashdmp.sys

0x05400000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x05390000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x000E0000 \SystemRoot\System32\win32k.sys

0x05398000 \SystemRoot\System32\drivers\Dxapi.sys

0x053A4000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00430000 \SystemRoot\System32\TSDDD.dll

0x006A0000 \SystemRoot\System32\cdd.dll

0x053B7000 \SystemRoot\system32\drivers\luafv.sys

0x0900C000 \SystemRoot\system32\drivers\spsys.sys

0x090A6000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x090BA000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x090D2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x090F2000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

0x09108000 \SystemRoot\system32\drivers\HTTP.sys

0x091AB000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x091D4000 \SystemRoot\system32\DRIVERS\bowser.sys

0x053D9000 \SystemRoot\System32\drivers\mpsdrv.sys

0x09207000 \SystemRoot\system32\drivers\mrxdav.sys

0x0922E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x09257000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x092A0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x092BF000 \SystemRoot\System32\DRIVERS\srv2.sys

0x092F1000 \SystemRoot\System32\DRIVERS\srv.sys

0x09385000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x09A06000 \SystemRoot\system32\drivers\peauth.sys

0x09ABC000 \SystemRoot\System32\Drivers\secdrv.SYS

0x09AC7000 \SystemRoot\System32\drivers\tcpipreg.sys

0x76E90000 \Windows\System32\ntdll.dll

 

Processes (total 84):

0 System Idle Process

4 System

476 C:\Windows\System32\smss.exe

548 csrss.exe

624 C:\Windows\System32\wininit.exe

636 csrss.exe

672 C:\Windows\System32\winlogon.exe

712 C:\Windows\System32\services.exe

728 C:\Windows\System32\lsass.exe

736 C:\Windows\System32\lsm.exe

884 C:\Windows\System32\svchost.exe

928 C:\Windows\System32\nvvsvc.exe

956 C:\Windows\System32\svchost.exe

1012 C:\Windows\System32\svchost.exe

304 C:\Windows\System32\svchost.exe

328 C:\Windows\System32\svchost.exe

344 C:\Windows\System32\svchost.exe

12 C:\Windows\System32\audiodg.exe

620 C:\Windows\System32\svchost.exe

468 C:\Windows\System32\SLsvc.exe

1040 C:\Windows\System32\svchost.exe

1148 C:\Windows\System32\svchost.exe

1288 WUDFHost.exe

1440 C:\Windows\System32\spoolsv.exe

1464 C:\Windows\System32\svchost.exe

1836 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe

1900 C:\ASUS.SYS\config\DVMExportService.exe

1932 C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe

1252 C:\Windows\System32\svchost.exe

1604 C:\Windows\System32\svchost.exe

780 C:\Windows\System32\svchost.exe

508 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2100 C:\Windows\System32\SearchIndexer.exe

2168 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2328 WUDFHost.exe

2736 dllhost.exe

2932 C:\Windows\System32\nvvsvc.exe

3144 C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe

3172 C:\Windows\System32\dwm.exe

3216 C:\Windows\System32\taskeng.exe

3312 C:\Windows\System32\taskeng.exe

3420 C:\Windows\explorer.exe

3444 C:\Program Files\ASUS\Six Engine\SixEngine.exe

3728 C:\Program Files\Windows Defender\MSASCui.exe

3736 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

3828 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

3848 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

3864 C:\Program Files\Windows Sidebar\sidebar.exe

3880 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

3888 C:\Windows\ehome\ehtray.exe

3908 C:\Windows\ehome\ehmsas.exe

3916 C:\Users\Patric\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

3928 D:\SuperAntiSpyware\SUPERANTISPYWARE.EXE

3964 C:\Program Files (x86)\Personal\bin\Personal.exe

3984 C:\Program Files\ASUS\TurboV\TurboV.exe

3992 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

4000 C:\Program Files (x86)\ekort\ekort.exe

4008 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

4016 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

4024 C:\Program Files\Logitech\SetPoint\SetPoint.exe

3076 C:\Windows\SysWOW64\OBroker.exe

2536 C:\Program Files\Windows Media Player\wmpnscfg.exe

3744 C:\Program Files\Windows Media Player\wmpnetwk.exe

4488 C:\Program Files\Windows Sidebar\sidebar.exe

4536 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

4556 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

4584 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

4604 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

5044 C:\Windows\System32\svchost.exe

5096 taskeng.exe

4772 C:\Windows\System32\taskeng.exe

2400 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

1980 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

2836 C:\Windows\System32\SearchProtocolHost.exe

4784 C:\Windows\System32\SearchFilterHost.exe

4244 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

6096 C:\Program Files (x86)\Internet Explorer\iexplore.exe

6136 C:\Program Files (x86)\Internet Explorer\iexplore.exe

5752 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

5680 C:\Program Files (x86)\Internet Explorer\iexplore.exe

5180 WmiPrvSE.exe

5860 C:\Program Files (x86)\Internet Explorer\iexplore.exe

6196 C:\Users\Patric\Desktop\MBRCheck.exe

6212 C:\Windows\SysWOW64\conime.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`6a100000 (NTFS)

 

PhysicalDrive0 Model Number: SAMSUNGHD103UJ, Rev: 1AA01118

 

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

 

 

Done![/log]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...