Tolkning av Hijackthislogg

[Sandruz]

Min pojkvän öppnade en länk på msn med namnet limageshack vilket i sin tur innebar att msn viruset tog över min msn därefter. Jag skickar således ut sådana länkar till mina kontakter och har försökt att identifiera och oskadliggöra saken med hjälp av AVG, trendmicro, nod32, SuperAntiSpyware, Malwarebytes och MSN Virus remover. Inget verkar dock fungera, skulle därför vilja ha hjälp med att tolka min Hijackthis-logg för att se om det går att nå någon lösning den vägen.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:44:39, on 2010-06-06

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18444)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=93&bd=Pavilion&pf=cnnb'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=93&bd=Pavilion&pf=cnnb'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=93&bd=Pavilion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gratissms.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=93&bd=Pavilion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=93&bd=Pavilion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - .DEFAULT User Startup: HP Artist Edition 2 Clock.lnk = C:\Program Files (x86)\Stardock\DesktopGadgets\HP Artist Edition 2 Clock\HP Artist Edition 2 Clock.exe (User 'Default user')

O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'Default user')

O4 - Global Startup: Stardock MyColors.lnk = C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe

O8 - Extra context menu item: &AOL Verktygsfalt Sök - C:\ProgramData\AOL\ieToolbar\resources\sv-SE\local\search.html

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\STacSV64.exe (file missing)

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 13449 bytes

[Mats H]

Hej,

gör så här:

Om något antivirus- eller antispionprogram har hittat något skadligt så klistra in en logg där det framgår vad som har hittats och vilka filer och mappar som är inblandade.

 

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil, använd Full Redigerare när du bifogar filen, knappen här, under rutan.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

Mvh

Mats H

[Sandruz]

Detta var vad Malwarebytes hittade, men problemet kvarstår fortfarande.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4171

 

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

2010-06-06 00:19:21

mbam-log-2010-06-06 (00-19-21).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 120698

Förfluten tid: 6 minut(er), 4 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 3

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Windows\System32\winsvncs.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Sandström\explorer.exe.back (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

[Sandruz]

DDS (Ver_10-03-17.01) - NTFSX64

Run by Sandstr”m at 13:48:57,33 on 2010-06-06

Internet Explorer: 7.0.6001.18000

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.46.1053.18.3069.1115 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\STacSV64.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\Ati2evxx.exe

C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

C:\Program Files (x86)\Stardock\MyColors\WBVista.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\SMINST\BLService.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\AVG\AVG9\avgemc.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\conime.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchIndexer.exe

C:\PROGRA~2\MICROS~1\WkDStore.exe

C:\Windows\splwow64.exe

C:\Windows\system32\mspaint.exe

C:\PROGRA~2\MICROS~1\wksss.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\mspaint.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Sandström\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.gratissms.se/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=93&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=93&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=93&bd=Pavilion&pf=cnnb

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll

BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files (x86)\aol\aol toolbar 5.0\aoltb.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files (x86)\aol\aol toolbar 5.0\aoltb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [Pando Media Booster] c:\program files (x86)\pando networks\media booster\PMB.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"

mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"

mRun: [TVAgent] "c:\program files (x86)\hewlett-packard\media\tv\TVAgent.exe"

mRun: [uCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"

mRun: [updateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [updatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start

mRun: [updateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe

mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [Corel File Shell Monitor] c:\program files (x86)\corel\corel paint shop pro photo x2\CorelIOMonitor.exe

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files (x86)\stardock\mycolors\SDDelayedLaunch.exe

uPolicies-system: WallpaperStyle = 2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{DE9C389F-3316-41A7-809B-AA305ED9D922}

mRun-x64: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun-x64: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe

mRun-x64: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun-x64: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

AppInit_DLLs-X64: avgrssta.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\sandst~1\appdata\roaming\mozilla\firefox\profiles\4hz3rpuf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-6-3 269320]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-6-3 35536]

R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-6-3 317520]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-27 139704]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_c7d6edb7\AESTSr64.exe [2009-6-24 89600]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-6-3 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-6-3 308064]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-4-27 164912]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2010-4-27 810120]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-4-27 124760]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 23040]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-6-24 365952]

R2 SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-4-28 120832]

R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-3-12 296320]

R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-3-12 116104]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-6-24 222512]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 64000]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-6-24 26168]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-25 135664]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-1-16 93184]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\magix\common\database\bin\fbserver.exe [2010-1-16 1527900]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-5 131424]

S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-21 3154432]

S3 PerfHost;Värd för prestandaräknar-DLL;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 17456]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]

 

=============== Created Last 30 ================

 

2010-06-06 01:19:48 0 d-----w- c:\program files (x86)\Secunia

2010-06-05 23:11:02 0 d-----w- c:\programdata\ESET

2010-06-05 23:11:02 0 d-----w- c:\program files\ESET

2010-06-05 22:34:35 0 d-----w- c:\program files (x86)\Trend Micro

2010-06-05 21:32:53 0 d-----w- c:\users\sandst~1\appdata\roaming\Malwarebytes

2010-06-05 21:32:31 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-05 21:32:31 0 d-----w- c:\programdata\Malwarebytes

2010-06-05 21:32:13 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-06-05 20:52:20 0 d-----w- c:\users\sandst~1\appdata\roaming\SUPERAntiSpyware.com

2010-06-05 20:52:20 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-06-05 20:52:12 0 d-----w- c:\programdata\SASCORE

2010-06-05 20:52:08 0 d-----w- c:\program files\SUPERAntiSpyware

2010-06-05 20:04:08 134656 ----a-w- c:\users\sandström\regedit.exe.back

2010-06-04 20:57:07 0 d-----w- C:\BackUpMSNCleaner

2010-06-04 18:53:49 0 d--h--w- C:\$AVG

2010-06-03 07:16:18 12976 ----a-w- c:\windows\system32\avgrssta.dll

2010-06-03 07:16:15 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2010-06-03 07:16:06 269320 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2010-06-03 07:16:03 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2010-06-03 07:16:03 0 d-----w- c:\windows\system32\drivers\Avg

2010-06-03 07:10:13 0 d-----w- c:\program files (x86)\AVG

2010-06-03 07:09:40 0 d-----w- c:\programdata\avg9

2010-05-28 11:04:52 17456 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2010-05-26 10:38:17 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-05-26 10:38:17 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-13 19:46:57 0 d-----w- c:\users\sandst~1\appdata\roaming\LolClient

2010-05-12 08:27:47 974848 ----a-w- c:\windows\system32\inetcomm.dll

2010-05-12 08:27:46 738304 ----a-w- c:\windows\syswow64\inetcomm.dll

 

==================== Find3M ====================

 

2010-06-06 11:44:10 1835008 --sha-w- c:\users\sandström\NTUSER.DAT

2010-06-06 11:41:02 8514 ----a-w- c:\users\sandst~1\appdata\roaming\wklnhst.dat

2010-06-03 08:59:47 86016 ----a-w- c:\windows\inf\infstrng.dat

2010-06-03 08:59:47 86016 ----a-w- c:\windows\inf\infstor.dat

2010-06-03 08:59:47 51200 ----a-w- c:\windows\inf\infpub.dat

2010-05-20 13:46:34 80612 ----a-w- c:\windows\system32\perfc00B.dat

2010-05-20 13:46:34 76390 ----a-w- c:\windows\system32\perfc014.dat

2010-05-20 13:46:34 597836 ----a-w- c:\windows\system32\perfh01D.dat

2010-05-20 13:46:34 454842 ----a-w- c:\windows\system32\perfh006.dat

2010-05-20 13:46:34 443832 ----a-w- c:\windows\system32\perfh014.dat

2010-05-20 13:46:34 427118 ----a-w- c:\windows\system32\perfh00B.dat

2010-05-20 13:46:34 117416 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-20 13:46:33 77100 ----a-w- c:\windows\system32\perfc006.dat

2010-05-12 09:21:16 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-05-02 22:07:08 952 --sha-w- c:\programdata\KGyGaAvL.sys

2010-05-02 14:32:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2010-04-27 09:13:52 124760 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys

2010-04-27 09:12:38 139704 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2010-04-27 09:09:58 164912 ----a-w- c:\windows\system32\drivers\eamonm.sys

2010-04-23 11:36:05 696666008 ----a-w- c:\program files\data2.cab

2010-04-23 11:30:04 368424 ----a-w- c:\program files\data1.hdr

2010-04-23 11:30:04 1079468 ----a-w- c:\program files\data1.cab

2010-04-23 11:28:02 1669931 ----a-w- c:\program files\setup.isn

2010-04-23 11:27:51 576000 ----a-w- c:\program files\ISSetup.dll

2010-04-23 11:26:11 21494 ----a-w- c:\program files\0x0409.ini

2010-04-23 11:24:47 473 ----a-w- c:\program files\layout.bin

2010-04-23 11:24:24 254098 ----a-w- c:\program files\setup.inx

2010-04-23 11:24:24 1224 ----a-w- c:\program files\setup.ini

2010-03-09 16:54:17 1032704 ----a-w- c:\windows\system32\wininet.dll

2010-03-09 16:50:32 86528 ----a-w- c:\windows\system32\ieencode.dll

2010-03-09 16:28:40 833024 ----a-w- c:\windows\syswow64\wininet.dll

2010-03-09 16:28:27 1174528 ----a-w- c:\windows\syswow64\urlmon.dll

2010-03-09 16:27:21 146432 ----a-w- c:\windows\syswow64\occache.dll

2010-03-09 16:26:20 671232 ----a-w- c:\windows\syswow64\mstime.dll

2010-03-09 16:26:11 476672 ----a-w- c:\windows\syswow64\mshtmled.dll

2010-03-09 16:26:11 3586048 ----a-w- c:\windows\syswow64\mshtml.dll

2010-03-09 16:26:10 458240 ----a-w- c:\windows\syswow64\msfeeds.dll

2010-03-09 16:25:38 28160 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-03-09 16:25:24 270848 ----a-w- c:\windows\syswow64\iertutil.dll

2010-03-09 16:25:24 193024 ----a-w- c:\windows\syswow64\iepeers.dll

2010-03-09 16:25:23 6069248 ----a-w- c:\windows\syswow64\ieframe.dll

2010-03-09 16:25:21 78336 ----a-w- c:\windows\syswow64\ieencode.dll

2010-03-09 16:25:21 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-03-09 16:25:21 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll

2010-03-09 16:25:21 230400 ----a-w- c:\windows\syswow64\ieaksie.dll

2010-03-09 14:28:42 32768 ----a-w- c:\windows\system32\ieUnatt.exe

2010-03-09 14:01:47 26624 ----a-w- c:\windows\syswow64\ieUnatt.exe

2010-01-16 21:19:51 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-06-24 03:42:14 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2009-06-24 03:42:14 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2009-06-24 03:42:14 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2009-06-24 03:42:14 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2009-06-24 03:31:17 35166 ----a-w- c:\windows\inf\perflib\0414\perfd.dat

2009-06-24 03:31:17 35166 ----a-w- c:\windows\inf\perflib\0414\perfc.dat

2009-06-24 03:31:17 294254 ----a-w- c:\windows\inf\perflib\0414\perfi.dat

2009-06-24 03:31:17 294254 ----a-w- c:\windows\inf\perflib\0414\perfh.dat

2009-06-24 03:20:21 36790 ----a-w- c:\windows\inf\perflib\040b\perfd.dat

2009-06-24 03:20:21 36790 ----a-w- c:\windows\inf\perflib\040b\perfc.dat

2009-06-24 03:20:21 274158 ----a-w- c:\windows\inf\perflib\040b\perfi.dat

2009-06-24 03:20:21 274158 ----a-w- c:\windows\inf\perflib\040b\perfh.dat

2009-06-24 03:10:18 36364 ----a-w- c:\windows\inf\perflib\0406\perfd.dat

2009-06-24 03:10:18 36364 ----a-w- c:\windows\inf\perflib\0406\perfc.dat

2009-06-24 03:10:18 300302 ----a-w- c:\windows\inf\perflib\0406\perfi.dat

2009-06-24 03:10:18 300302 ----a-w- c:\windows\inf\perflib\0406\perfh.dat

2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini

2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini

2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-24 04:24:48 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 13:51:42,07 ===============

[Mats H]

Hej,

Du har ett antal Antivirusprogram installerade, AVG 9, ESET NOd 32, och i vilken form är Trend Micro, skanner från nätet eller installerat program.

Du behöver först och främst avinstallera samtliga utom 1 av dem, detta kan leda till hängningar och konflikter i datorn samt definitivt sämre skydd.

 

Efter att du gjort detta, (viktigt), kör du följande:

Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Mvh

Mats H

[Sandruz]

Det står att Combofix inte är kompatibelt med mitt operativsystem utan enbart för Windows 2000 eller xp.

[Mats H]

Hej,

du måste stänga av antivirusprogrammen och Spyware, de förorsakar detta.

Kan finnas inställningar som gör att det inte vill fungera riktigt.

Men vi tar en annan väg, ingen fara!

Gå till denna sida:

http://www.kaspersky...kavwebscan.html

Kör denna skanner så ska vi se vad den hittar. Även här ska du stänga av Antivirusprogrammet.

Återkom med resultatet!

Mvh

Mats H