Virus och trojaner

[Asko84]

Har råkat ut för ett missöde som verkar svårlöst. Från Ad-Aware får jag meddelande att jag har Win32.Trojan.BHO och från Malwere får jag meddelande om Trojan Tracur, Trojan Agent och en misstänkt fil: lsass.exe. Detta ställer till besvär med bla seghet och Gud vet vad. Har försökt ta bort allt med Malwere och får besked på att allt är deletat men vid nästa körning finns allt fortfarande kvar. Har försökt få hjälp av Norton som jag prenumererar på. Deras svar är: visst vi hjälper till men det kostar 999:- Otroligt att man först skall betala för skyddet och när det inte räcker till vill de ha ytterligare betalt.

Finns det någon som kan hjälpa mig bil av med "skiten"

Lasse

[Gäst Olle Munter]

Med lite tur, kan man bli av med trojaner och virus genom en systemåterställning. Jag gjorde det själv faktiskt häromdagen. Har du inte på en vecka bakåt, installerat massa konstiga program, så kan du ta ett datum 4 dagar bakåt och det ska alltså vara innan du fick dessa trojaner på din dator och är du säker på att du använt detta program, när du nämner Malwere.

 

http://www.malwarebytes.org/mbam.php

 

Ladda annars ner och testa.

 

Gör du en systemåterställning, måste sedan alla systemåterställningspunkter raderas, om återställningen lyckas och att du blir av med allt skräp. Sedan startar du om systemåterställningen.

[Cecilia]

Har råkat ut för ett missöde som verkar svårlöst. Från Ad-Aware får jag meddelande att jag har Win32.Trojan.BHO och från Malwere får jag meddelande om Trojan Tracur, Trojan Agent och en misstänkt fil: lsass.exe. Detta ställer till besvär med bla seghet och Gud vet vad. Har försökt ta bort allt med Malwere och får besked på att allt är deletat men vid nästa körning finns allt fortfarande kvar. Har försökt få hjälp av Norton som jag prenumererar på. Deras svar är: visst vi hjälper till men det kostar 999:- Otroligt att man först skall betala för skyddet och när det inte räcker till vill de ha ytterligare betalt.

Finns det någon som kan hjälpa mig bil av med "skiten"

Lasse

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

 

Med lite tur, kan man bli av med trojaner och virus genom en systemåterställning. Jag gjorde det själv faktiskt häromdagen. Har du inte på en vecka bakåt, installerat massa konstiga program, så kan du ta ett datum 4 dagar bakåt och det ska alltså vara innan du fick dessa trojaner på din dator och är du säker på att du använt detta program, när du nämner Malwere.

 

http://www.malwarebytes.org/mbam.php

 

Ladda annars ner och testa.

 

Gör du en systemåterställning, måste sedan alla systemåterställningspunkter raderas, om återställningen lyckas och att du blir av med allt skräp. Sedan startar du om systemåterställningen.

Det är inte lämpligt att göra en systemåterställning för att bli av med skadliga filer. Det kan bli delvis borttaget och det kan göra återstoden svår att hitta. Att man inte längre märker av att datorn är infekterad betyder ju inte att det inte finns skadliga filer i den.

 

-----------

Flyttar tråden från "Windows 7" till "Virus, skadliga program & botemedel".

 

Cecilia

Moderator

[Gäst Olle Munter]

Skönt att smaken är som baken eller hur Cecilia?

 

Det var faktiskt första gången jag testade att rensa bort dom trojaner jag blev drabbad av, genom en systemåterställning, så delvis har du rätt Cecilia. Men - jag lyckades bli av med nästan allt. Behövde köra en genomgång med ett visst program och därefter så var jag ren. De filer jag hade kvar, i packat tillstånd, förpassade jag ut i cyberrymden, för dom fanns ju kvar i dokumentmappen jag använt.

 

Alla sätt är bra, utom de dåliga!

[Cecilia]

Problemet är att om man rensar på fel sätt, vid vissa typer av infektioner, kan det leda till att datorn inte startar något mer, så det är inte bara fråga om smak.

[Asko84]

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

 

Det är inte lämpligt att göra en systemåterställning för att bli av med skadliga filer. Det kan bli delvis borttaget och det kan göra återstoden svår att hitta. Att man inte längre märker av att datorn är infekterad betyder ju inte att det inte finns skadliga filer i den.

 

-----------

Flyttar tråden från "Windows 7" till "Virus, skadliga program & botemedel".

 

Cecilia

Moderator

Hoppas jag gjort rätt,

 

DDS (Ver_10-11-27.01) - NTFSx86

Run by Lasse at 20:59:10,05 on 2010-12-03

Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3070.1122 [GMT 1:00]

 

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SYSTEM32\astsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\CISVC.EXE

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\System32\snmp.exe

C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe

C:\Program Files\Telia\Supportassistenten\bin\sprtsvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Telia\Supportassistenten\bin\tgsrvc.exe

C:\Windows\system32\wiarpc32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\ProgramData\d3d832.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\PC Doc Pro v5\PC Doc Pro Scheduler.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\conime.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\SMS från Datorn Outlook\GWServer.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\System32\OBroker.exe

C:\Program Files\ekort\ekort.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Lasse\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://di.se/?

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=74&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = local;*.local

uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll

uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll

uURLSearchHooks: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - c:\program files\mediastar2\tbMed0.dll

mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll

mURLSearchHooks: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - c:\program files\mediastar2\tbMed0.dll

BHO: {01317390-2873-4857-bce9-ea3ee941ba1a} - c:\windows\system32\apilogen32.dll

BHO: 60d035ad: {01761f8d-369e-d58f-0697-e6a35f808cc9} - c:\programdata\apilogen32.dll

BHO: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - c:\program files\mediastar2\tbMed0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: EKortBrowserHelper Class: {1c900459-deef-4aa9-b260-1ef0f0c70a8d} - c:\program files\ekort\Bhoekort.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\18.1.0.37\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\18.1.0.37\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program files\ekort\EKortHelper.dll

BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: {ad55c869-668e-457c-b270-0cfb2f61116f} - No File

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\WidgiToolbarIE.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: {ad55c869-668e-457c-b270-0cfb2f61116f} - No File

TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} -

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program files\ekort\EKortToolbar.dll

TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\WidgiToolbarIE.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\18.1.0.37\coIEPlg.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - c:\program files\mediastar2\tbMed0.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Telia] "c:\program files\telia\supportassistent\bin\sprtcmd.exe" /P Telia

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [RTHDBPL] c:\windows\lsass.exe

dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uPolicies-explorer: Start_NotifyNewApps = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Anpassa meny - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Fyll i formulär - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: RF verktygsfält - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Spara formulär - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: ica.se\www

Trusted Zone: swedbank.se\internetbank

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.hib-veteraner.se/auth/controls/IlosoftImageUpload.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: acaptuser32.dll,c:\programdata\apilogen32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://di.se/|https://www.avanza.se/aza/home/home.jsp|http://www.blocket.se/hela_sverige?q=&cg=1100&w=3&st=s&st=u&ps=32&pe=&c=&ca=23_10&md=th

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\program files\ekort\components\SlimOrbAddonEkort.dll

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll

FF - component: c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np_IEGetPlugin.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Extension: Cooliris: piclens@cooliris.com - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\piclens@cooliris.com

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Extension: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}

FF - Extension: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

FF - Extension: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Extension: e-kort for Firefox: ekort@orbiscom - c:\program files\ekort

FF - Extension: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

FF - Extension: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn

FF - Extension: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coFFPlgn

 

============= SERVICES / DRIVERS ===============

 

R0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2010-1-7 69672]

R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [2010-1-7 121696]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-11-19 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-11-19 666672]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20101130.001\IDSvix86.sys [2010-10-19 353840]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-11-19 134704]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys [2010-11-19 331312]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2010-11-19 126904]

R2 sprtsvc_telia;SupportSoft Sprocket Service (telia);c:\program files\telia\supportassistent\bin\sprtsvc.exe [2010-10-20 202016]

R2 sprtsvc_teliada;SupportSoft Sprocket Service (teliada);c:\program files\telia\supportassistenten\bin\sprtsvc.exe [2010-7-13 206120]

R2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\comodo\comodo backup\SynchronizationService.exe [2010-1-7 942328]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-4-2 1373480]

R2 tgsrvc_teliada;SupportSoft Repair Service (teliada);c:\program files\telia\supportassistenten\bin\tgsrvc.exe [2010-7-13 185640]

R2 vds32;Virtual Disk ;c:\windows\system32\wiarpc32.exe [2010-11-25 1437696]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-7 102448]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-4-2 15656]

S0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-30 64288]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]

S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]

S3 BthAvrcp;Bluetooth – AVRCP-profil;c:\windows\system32\drivers\BthAvrcp.sys [2008-7-10 15872]

S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [2010-2-11 23552]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-3-15 23456]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-23 21504]

S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]

S3 MRV6X32U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x86;c:\windows\system32\drivers\MRVW24B.sys [2010-7-7 310016]

S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-1-15 206608]

S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-1-15 206608]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

 

=============== File Associations ===============

 

regfile=regedit.exe "%1" %*

 

=============== Created Last 30 ================

 

2010-12-03 19:28:39 193536 --sha-w- c:\windows\lsass.exe

2010-12-03 15:43:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-12-03 15:43:50 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2010-12-03 15:43:03 -------- d-----w- c:\users\lasse\appdata\local\Sunbelt Software

2010-12-03 15:42:11 -------- dc-h--w- c:\progra~2\{E961CE1B-C3EA-4882-9F67-F859B555D097}

2010-12-03 14:49:34 54016 ----a-w- c:\windows\system32\drivers\sutneht.sys

2010-12-03 14:23:28 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP

2010-12-03 14:19:48 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3821417f-7d27-4201-960e-fda08f443422}\mpengine.dll

2010-12-03 13:28:15 505856 --sh--w- c:\windows\msimsgwow.exe

2010-12-03 13:23:42 -------- d-----w- c:\program files\Enigma Software Group

2010-12-03 11:52:32 505856 --sh--w- c:\windows\d3dim700wow.exe

2010-12-03 03:50:19 505856 --sh--w- c:\windows\httpapiwow.exe

2010-12-02 22:35:11 256512 ----a-w- c:\progra~2\apilogen32.dll

2010-12-02 11:34:46 505856 --sh--w- c:\windows\wsepnowow.exe

2010-12-02 06:34:38 505856 --sh--w- c:\windows\odbccp32wow.exe

2010-12-01 20:56:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-01 20:56:45 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2010-12-01 20:31:06 505856 --sh--w- c:\windows\ipnathlpwow.exe

2010-12-01 20:31:05 423936 ----a-w- c:\windows\system32\apilogen32.dll

2010-12-01 19:13:51 505856 --sh--w- c:\windows\nvsvswow.exe

2010-12-01 12:55:30 505856 --sh--w- c:\windows\wnaspi32wow.exe

2010-12-01 07:55:26 505856 --sh--w- c:\windows\RelMonwow.exe

2010-11-30 17:14:32 -------- d-----w- c:\users\lasse\appdata\roaming\GetRightToGo

2010-11-30 17:04:01 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-11-30 15:54:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-11-30 10:39:12 1437696 ----a-w- c:\progra~2\d3d832.exe

2010-11-30 10:28:51 -------- d-----w- c:\users\lasse\appdata\local\NPE

2010-11-25 13:54:08 -------- d-sh--w- c:\progra~2\SysWoW32

2010-11-25 13:53:53 203776 --sh--w- c:\progra~2\unrar.exe

2010-11-25 13:53:52 -------- d-sh--w- c:\progra~2\311343945155A5399C913A6F514E247F

2010-11-25 13:53:34 1437696 ----a-w- c:\windows\system32\wiarpc32.exe

2010-11-25 13:04:36 -------- d-----w- c:\users\lasse\appdata\roaming\LimeWire

2010-11-25 12:32:37 -------- d-----w- c:\users\lasse\Shared

2010-11-25 12:31:59 -------- d-----w- c:\program files\360Share Pro

2010-11-25 12:31:52 -------- d-----w- c:\program files\MediaStar2

2010-11-24 16:27:47 -------- d-----w- c:\program files\ConduitEngine

2010-11-24 16:27:13 -------- d-----w- c:\program files\MyAshampoo

2010-11-24 14:55:41 -------- d-----w- c:\progra~2\sitoo

2010-11-24 14:44:19 -------- d-----w- c:\program files\Sitoo

2010-11-24 07:55:27 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2010-11-22 10:01:04 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll

2010-11-22 10:01:04 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll

2010-11-22 10:01:04 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe

2010-11-22 10:01:04 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll

2010-11-22 10:01:04 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll

2010-11-22 10:01:04 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll

2010-11-22 10:01:03 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll

2010-11-19 10:39:08 666672 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys

2010-11-19 10:39:08 50096 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtspx.sys

2010-11-19 10:39:08 489008 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtsp.sys

2010-11-19 10:39:08 339504 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymDS.sys

2010-11-19 10:39:08 331312 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys

2010-11-19 10:39:08 294448 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symnets.sys

2010-11-19 10:39:08 134704 ----a-r- c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys

2010-11-19 10:38:57 -------- d-----w- c:\windows\system32\drivers\nis\1201000.025

2010-11-17 08:06:20 -------- d-----w- c:\users\lasse\appdata\roaming\Nvu

2010-11-17 08:06:04 -------- d-----w- c:\program files\Nvu

2010-11-15 08:26:46 -------- d-----w- c:\program files\iPod

2010-11-15 08:26:43 -------- d-----w- c:\program files\iTunes

2010-11-10 19:03:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2010-11-10 13:04:50 -------- d-----w- c:\users\lasse\appdata\roaming\Windows Live Writer

2010-11-10 13:04:50 -------- d-----w- c:\users\lasse\appdata\local\Windows Live Writer

 

==================== Find3M ====================

 

2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-22 22:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-15 17:59:44 72080 ----a-w- c:\users\lasse\g2mdlhlpx.exe

2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec

2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll

2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

Attach.txt

[Cecilia]

från Malwere får jag meddelande om Trojan Tracur, Trojan Agent och en misstänkt fil: lsass.exe

Är det programmet Malwarebytes Anti-Malware(MBAM)?

Klistra in loggen från programmet, om det är MBAM finns den på fliken loggar.

 

Vad är det för Ad-Aware-variant och -version du har?

 

Avinstallera på vanligt sätt:

Conduit Engine

Java™ 6 Update 6

Java™ 6 Update 7

Java™ SE Runtime Environment 6 Update 1

livetvbar Toolbar

MediaStar2 Toolbar

MyAshampoo Toolbar

pdfforge Toolbar v1.0

(de flesta mer eller mindre olämpliga toolbars)

 

Starta om datorn och klistra in en ny DDS-logg, men Attach-loggen behövs inte.

 

Skanna datorn med Ad-Aware. Om något hittas så klistra in loggen/resultatet.

[Gäst Olle Munter]

Cecilia, det är klart det går att göra på olika sätt, för att bli av med trojaner. Man kan göra som jag gjorde eller så kan man formatera datorn. Verkar som det är så många gör, för minsta lilla problem numera. Däremot tar jag tillbaka det där jag skrev om smaken.

 

En bil som inte startar, kan för det mesta om det är batterifel, dras igång eller startas med startkabel från en annan bil. Sätten är många, vad gäller att ändra i en dator eller starta en bil. Det är ju oftast, när den 3:e experten dyker upp, som felen blir avhjälpta.

 

Hoppas jag inte störde dig allför mycket.

[Asko84]

Är det programmet Malwarebytes Anti-Malware(MBAM)?

Klistra in loggen från programmet, om det är MBAM finns den på fliken loggar.

 

Vad är det för Ad-Aware-variant och -version du har?

 

Avinstallera på vanligt sätt:

Conduit Engine

Java 6 Update 6

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

livetvbar Toolbar

MediaStar2 Toolbar

MyAshampoo Toolbar

pdfforge Toolbar v1.0

(de flesta mer eller mindre olämpliga toolbars)

 

Starta om datorn och klistra in en ny DDS-logg, men Attach-loggen behövs inte.

 

Skanna datorn med Ad-Aware. Om något hittas så klistra in loggen/resultatet.

Hej Cecilia,

 

Mitt Ad-Aware är 8.3.6

 

Har kört genom enfull scan och fått logg som visar på "inneboende" bifogar denna.

Efter rensning verkar det som om mina "inneboende" forfarande finns kvar. När jag söker från Google blir jag redicted till någom fejkad virussida, eller annan konstig sajt. Här kommer infon:

 

DDS (Ver_10-12-05.01) - NTFSx86

Run by Lasse at 20:56:00,88 on 2010-12-05

Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3070.1022 [GMT 1:00]

 

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SYSTEM32\astsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\CISVC.EXE

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\System32\snmp.exe

C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe

C:\Program Files\Telia\Supportassistenten\bin\sprtsvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Telia\Supportassistenten\bin\tgsrvc.exe

C:\Windows\system32\wiarpc32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\ProgramData\d3d832.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Program Files\PC Doc Pro v5\PC Doc Pro Scheduler.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe

C:\Windows\t2embedwow.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\SMS från Datorn Outlook\GWServer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Lasse\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://di.se/?

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=74&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = local;*.local

uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: {01317390-2873-4857-bce9-ea3ee941ba1a} - c:\windows\system32\apilogen32.dll

BHO: 60d035ad: {01761f8d-369e-d58f-0697-e6a35f808cc9} - c:\programdata\apilogen32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: EKortBrowserHelper Class: {1c900459-deef-4aa9-b260-1ef0f0c70a8d} - c:\program files\ekort\Bhoekort.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\18.1.0.37\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\18.1.0.37\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program files\ekort\EKortHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program files\ekort\EKortToolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\18.1.0.37\coIEPlg.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB: {067F6FB8-19BA-4AB6-B7BB-2D6270691A20} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Telia] "c:\program files\telia\supportassistent\bin\sprtcmd.exe" /P Telia

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [RTHDBPL] c:\windows\lsass.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [t2embedwow.exe] c:\windows\t2embedwow.exe

dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uPolicies-explorer: Start_NotifyNewApps = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Anpassa meny - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Fyll i formulär - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: RF verktygsfält - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Spara formulär - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: ica.se\www

Trusted Zone: swedbank.se\internetbank

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.hib-veteraner.se/auth/controls/IlosoftImageUpload.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: acaptuser32.dll,c:\programdata\apilogen32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://di.se/|https://www.avanza.se/aza/home/home.jsp|http://www.blocket.se/hela_sverige?q=&cg=1100&w=3&st=s&st=u&ps=32&pe=&c=&ca=23_10&md=th

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\program files\ekort\components\SlimOrbAddonEkort.dll

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll

FF - component: c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np_IEGetPlugin.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Extension: Cooliris: piclens@cooliris.com - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\piclens@cooliris.com

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Extension: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}

FF - Extension: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

FF - Extension: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Extension: e-kort for Firefox: ekort@orbiscom - c:\program files\ekort

FF - Extension: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

FF - Extension: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn

FF - Extension: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coFFPlgn

 

============= SERVICES / DRIVERS ===============

 

R0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2010-1-7 69672]

R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [2010-1-7 121696]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-30 64288]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-11-19 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-11-19 666672]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20101130.001\IDSvix86.sys [2010-10-19 353840]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-11-19 134704]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys [2010-11-19 331312]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2010-11-19 126904]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]

R2 sprtsvc_telia;SupportSoft Sprocket Service (telia);c:\program files\telia\supportassistent\bin\sprtsvc.exe [2010-10-20 202016]

R2 sprtsvc_teliada;SupportSoft Sprocket Service (teliada);c:\program files\telia\supportassistenten\bin\sprtsvc.exe [2010-7-13 206120]

R2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\comodo\comodo backup\SynchronizationService.exe [2010-1-7 942328]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-4-2 1373480]

R2 tgsrvc_teliada;SupportSoft Repair Service (teliada);c:\program files\telia\supportassistenten\bin\tgsrvc.exe [2010-7-13 185640]

R2 vds32;Virtual Disk ;c:\windows\system32\wiarpc32.exe [2010-11-25 1437696]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-7 102448]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-4-2 15656]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]

S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]

S3 BthAvrcp;Bluetooth – AVRCP-profil;c:\windows\system32\drivers\BthAvrcp.sys [2008-7-10 15872]

S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [2010-2-11 23552]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-3-15 23456]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-23 21504]

S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]

S3 MRV6X32U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x86;c:\windows\system32\drivers\MRVW24B.sys [2010-7-7 310016]

S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-1-15 206608]

S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-1-15 206608]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

 

=============== File Associations ===============

 

regfile=regedit.exe "%1" %*

 

=============== Created Last 30 ================

 

2010-12-05 19:01:55 505856 --sh--w- c:\windows\t2embedwow.exe

2010-12-05 16:24:00 505856 --sh--w- c:\windows\msctfwow.exe

2010-12-05 11:23:51 505856 --sh--w- c:\windows\PortableDeviceConnectApiwow.exe

2010-12-05 10:58:46 149280 ----a-w- c:\windows\system32\jusched.exe

2010-12-04 15:11:31 505856 --sh--w- c:\windows\KBDKHMRwow.exe

2010-12-04 10:11:16 505856 --sh--w- c:\windows\gpsvcwow.exe

2010-12-04 09:21:14 505856 --sh--w- c:\windows\ir50_qcwow.exe

2010-12-03 15:43:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-12-03 15:43:50 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2010-12-03 15:43:03 -------- d-----w- c:\users\lasse\appdata\local\Sunbelt Software

2010-12-03 15:42:11 -------- dc-h--w- c:\progra~2\{E961CE1B-C3EA-4882-9F67-F859B555D097}

2010-12-03 14:23:28 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP

2010-12-03 14:19:48 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3821417f-7d27-4201-960e-fda08f443422}\mpengine.dll

2010-12-03 13:28:15 505856 --sh--w- c:\windows\msimsgwow.exe

2010-12-03 13:23:42 -------- d-----w- c:\program files\Enigma Software Group

2010-12-03 11:52:32 505856 --sh--w- c:\windows\d3dim700wow.exe

2010-12-03 03:50:19 505856 --sh--w- c:\windows\httpapiwow.exe

2010-12-02 22:35:11 256512 ----a-w- c:\progra~2\apilogen32.dll

2010-12-02 11:34:46 505856 --sh--w- c:\windows\wsepnowow.exe

2010-12-02 06:34:38 505856 --sh--w- c:\windows\odbccp32wow.exe

2010-12-01 20:56:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-01 20:56:45 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2010-12-01 20:31:06 505856 --sh--w- c:\windows\ipnathlpwow.exe

2010-12-01 20:31:05 423936 ----a-w- c:\windows\system32\apilogen32.dll

2010-12-01 19:13:51 505856 --sh--w- c:\windows\nvsvswow.exe

2010-12-01 12:55:30 505856 --sh--w- c:\windows\wnaspi32wow.exe

2010-12-01 07:55:26 505856 --sh--w- c:\windows\RelMonwow.exe

2010-11-30 17:14:32 -------- d-----w- c:\users\lasse\appdata\roaming\GetRightToGo

2010-11-30 17:04:01 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-11-30 15:54:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-11-30 10:39:12 1437696 ----a-w- c:\progra~2\d3d832.exe

2010-11-30 10:28:51 -------- d-----w- c:\users\lasse\appdata\local\NPE

2010-11-25 13:54:08 -------- d-sh--w- c:\progra~2\SysWoW32

2010-11-25 13:53:53 203776 --sh--w- c:\progra~2\unrar.exe

2010-11-25 13:53:52 -------- d-sh--w- c:\progra~2\311343945155A5399C913A6F514E247F

2010-11-25 13:53:34 1437696 ----a-w- c:\windows\system32\wiarpc32.exe

2010-11-25 13:04:36 -------- d-----w- c:\users\lasse\appdata\roaming\LimeWire

2010-11-25 12:32:37 -------- d-----w- c:\users\lasse\Shared

2010-11-25 12:31:59 -------- d-----w- c:\program files\360Share Pro

2010-11-24 14:55:41 -------- d-----w- c:\progra~2\sitoo

2010-11-24 14:44:19 -------- d-----w- c:\program files\Sitoo

2010-11-24 07:55:27 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2010-11-22 10:01:04 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll

2010-11-22 10:01:04 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll

2010-11-22 10:01:04 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe

2010-11-22 10:01:04 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll

2010-11-22 10:01:04 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll

2010-11-22 10:01:04 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll

2010-11-22 10:01:03 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll

2010-11-19 10:39:08 666672 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys

2010-11-19 10:39:08 50096 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtspx.sys

2010-11-19 10:39:08 489008 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtsp.sys

2010-11-19 10:39:08 339504 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymDS.sys

2010-11-19 10:39:08 331312 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys

2010-11-19 10:39:08 294448 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symnets.sys

2010-11-19 10:39:08 134704 ----a-r- c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys

2010-11-19 10:38:57 -------- d-----w- c:\windows\system32\drivers\nis\1201000.025

2010-11-17 08:06:20 -------- d-----w- c:\users\lasse\appdata\roaming\Nvu

2010-11-17 08:06:04 -------- d-----w- c:\program files\Nvu

2010-11-15 08:26:46 -------- d-----w- c:\program files\iPod

2010-11-15 08:26:43 -------- d-----w- c:\program files\iTunes

2010-11-10 19:03:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2010-11-10 13:04:50 -------- d-----w- c:\users\lasse\appdata\roaming\Windows Live Writer

2010-11-10 13:04:50 -------- d-----w- c:\users\lasse\appdata\local\Windows Live Writer

 

==================== Find3M ====================

 

2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-22 22:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-15 17:59:44 72080 ----a-w- c:\users\lasse\g2mdlhlpx.exe

2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec

2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb

 

============= FINISH: 20:57:08,57 ===============

Ad-Aware 20101204.txt

[Cecilia]

Kan du klistra in första (för denna infektionsomgång) och senaste loggen som finns på fliken Loggar i MBAM?

 

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[Micke-89]

Kan du klistra in första (för denna infektionsomgång) och senaste loggen som finns på fliken Loggar i MBAM?

 

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

 

Vi inte störa, men combo fix funkar bara på XP. Fick den inte att funka på windows 7 och jag tror den inte funkar på vista häller. Kom upp ett meddelande när jag startade programet att den funkade bara i XP (något i den stillen i alla fall).

[Asko84]

Kan du klistra in första (för denna infektionsomgång) och senaste loggen som finns på fliken Loggar i MBAM?

 

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Hej här kommer loggarna:

Från 20101203:

alwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4052

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

 

2010-12-03 15:49:11

mbam-log-2010-12-03 (15-49-11).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 145779

Förfluten tid: 8 minut(er), 47 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Windows\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

Från 20101206:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4052

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

 

2010-12-06 10:25:11

mbam-log-2010-12-06 (10-25-11).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 443142

Förfluten tid: 2 timme(ar), 33 minut(er), 12 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> No action taken.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> No action taken.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[Cecilia]

Vi inte störa, men combo fix funkar bara på XP. Fick den inte att funka på windows 7 och jag tror den inte funkar på vista häller. Kom upp ett meddelande när jag startade programet att den funkade bara i XP (något i den stillen i alla fall).

ComboFix fungerar bra på 32-bitars Vista och Windows 7 också.

 

 

Hej här kommer loggarna:

Från 20101203:

alwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4052

Det är en mycket gammal databas och även själva programmet har uppdaterats. Uppdatera och skanna datorn igen. Klistra in loggen från det.

[Asko84]

ComboFix fungerar bra på 32-bitars Vista och Windows 7 också.

 

 

Det är en mycket gammal databas och även själva programmet har uppdaterats. Uppdatera och skanna datorn igen. Klistra in loggen från det.

Ursäkta mitt slarv med uppdatering men nu är det gjort och här kommer resultatet:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

 

Databasversion: 5256

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

 

2010-12-06 18:09:46

mbam-log-2010-12-06 (18-09-46).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 474684

Förfluten tid: 2 timme(ar), 45 minut(er), 53 sekund(er)

 

Infekterade minnesprocesser: 2

Infekterade minnesmoduler: 2

Infekterade registernycklar: 9

Infekterade registervärden: 1

Infekterade registerdataposter: 1

Infekterade mappar: 1

Infekterade filer: 37

 

Infekterade minnesprocesser:

c:\Windows\System32\wiarpc32.exe (Trojan.Tracur.S) -> 3196 -> Unloaded process successfully.

c:\programdata\d3d832.exe (Trojan.Tracur.S) -> 3408 -> Unloaded process successfully.

 

Infekterade minnesmoduler:

c:\programdata\apilogen32.dll (Trojan.Tracur.S) -> Delete on reboot.

c:\Windows\System32\apilogen32.dll (Trojan.Tracur.S) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vds32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{01761F8D-369E-D58F-0697-E6A35F808CC9} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01761F8D-369E-D58F-0697-E6A35F808CC9} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01761F8D-369E-D58F-0697-E6A35F808CC9} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01761F8D-369E-D58F-0697-E6A35F808CC9} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{01317390-2873-4857-BCE9-EA3EE941BA1a} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01317390-2873-4857-BCE9-EA3EE941BA1A} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01317390-2873-4857-BCE9-EA3EE941BA1A} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01317390-2873-4857-BCE9-EA3EE941BA1A} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Tracur.S) -> Value: RTHDBPL -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.S) -> Bad: (C:\ProgramData\apilogen32.dll) Good: () -> Quarantined and deleted successfully.

 

Infekterade mappar:

c:\Windows\System32\config\systemprofile\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade filer:

c:\Windows\System32\wiarpc32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\programdata\apilogen32.dll (Trojan.Tracur.S) -> Delete on reboot.

c:\programdata\d3d832.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\apilogen32.dll (Trojan.Tracur.S) -> Delete on reboot.

c:\Windows\System32\config\systemprofile\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\programdata\311343945155a5399c913a6f514e247f\update.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\Windows\t2embedwow.exe.vir (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\d3dim700wow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\msctfwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\msimsgwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\msvcrt40wow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\relmonwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\gpsvcwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\httpapiwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\ipnathlpwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\ir50_qcwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\kbdkhmrwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\nvsvswow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\odbccp32wow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\portabledeviceconnectapiwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\wnaspi32wow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\wsepnowow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\sti_ciwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\temp\864E.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\temp\9AE8.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\temp\AB0D.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\temp\C024.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\d3d832.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000d5227cac1076c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000d5227cac1076o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000d5227cac1076p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000d5227cac1076s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\02000000d5227cac1076c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\02000000d5227cac1076o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\02000000d5227cac1076p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\02000000d5227cac1076s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.

[Cecilia]

Bra, då hittades det lite mer

 

Starta om datorn och sök igenom med MBAM en gång till. Du behöver bara klistra in loggen om något hittas.

 

Kör DDS och klistra in logge därifrån så får vi se vad som återstår.

[Asko84]

Bra, då hittades det lite mer

 

Starta om datorn och sök igenom med MBAM en gång till. Du behöver bara klistra in loggen om något hittas.

 

Kör DDS och klistra in logge därifrån så får vi se vad som återstår.

NU! Nu ser det ut som banditerna är borta. Du är fantastisk!!!! Jättetack!!!

 

DDS (Ver_10-12-05.01) - NTFSx86

Run by Lasse at 22:36:23,82 on 2010-12-06

Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3070.1528 [GMT 1:00]

 

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SYSTEM32\astsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\CISVC.EXE

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\System32\snmp.exe

C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Telia\Supportassistenten\bin\sprtsvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Telia\Supportassistenten\bin\tgsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\SMS från Datorn Outlook\GWServer.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Lasse\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://di.se/?

uInternet Settings,ProxyOverride = local;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: EKortBrowserHelper Class: {1c900459-deef-4aa9-b260-1ef0f0c70a8d} - c:\program files\ekort\Bhoekort.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\18.1.0.37\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\18.1.0.37\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program files\ekort\EKortHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program files\ekort\EKortToolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\18.1.0.37\coIEPlg.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Telia] "c:\program files\telia\supportassistent\bin\sprtcmd.exe" /P Telia

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uPolicies-explorer: Start_NotifyNewApps = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Anpassa meny - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Fyll i formulär - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: RF verktygsfält - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Spara formulär - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: ica.se\www

Trusted Zone: swedbank.se\internetbank

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.hib-veteraner.se/auth/controls/IlosoftImageUpload.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: c:\windows\system32\acaptuser32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://di.se/|https://www.avanza.se/aza/home/home.jsp|http://www.blocket.se/hela_sverige?q=&cg=1100&w=3&st=s&st=u&ps=32&pe=&c=&ca=23_10&md=th

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\program files\ekort\components\SlimOrbAddonEkort.dll

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll

FF - component: c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Extension: Cooliris: piclens@cooliris.com - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\piclens@cooliris.com

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Extension: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}

FF - Extension: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

FF - Extension: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - c:\users\lasse\appdata\roaming\mozilla\firefox\profiles\o91y7zy3.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Extension: e-kort for Firefox: ekort@orbiscom - c:\program files\ekort

FF - Extension: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

FF - Extension: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn

FF - Extension: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coFFPlgn

 

============= SERVICES / DRIVERS ===============

 

R0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2010-1-7 69672]

R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [2010-1-7 121696]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-30 64288]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-11-19 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-11-19 666672]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20101201.001\IDSvix86.sys [2010-12-6 353912]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-11-19 134704]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys [2010-11-19 331312]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2010-11-19 126904]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]

R2 sprtsvc_telia;SupportSoft Sprocket Service (telia);c:\program files\telia\supportassistent\bin\sprtsvc.exe [2010-10-20 202016]

R2 sprtsvc_teliada;SupportSoft Sprocket Service (teliada);c:\program files\telia\supportassistenten\bin\sprtsvc.exe [2010-7-13 206120]

R2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\comodo\comodo backup\SynchronizationService.exe [2010-1-7 942328]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-4-2 1373480]

R2 tgsrvc_teliada;SupportSoft Repair Service (teliada);c:\program files\telia\supportassistenten\bin\tgsrvc.exe [2010-7-13 185640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-7 102448]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-4-2 15656]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]

S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]

S3 BthAvrcp;Bluetooth – AVRCP-profil;c:\windows\system32\drivers\BthAvrcp.sys [2008-7-10 15872]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-3-15 23456]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-23 21504]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]

S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]

S3 MRV6X32U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x86;c:\windows\system32\drivers\MRVW24B.sys [2010-7-7 310016]

S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-1-15 206608]

S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-1-15 206608]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

 

=============== Created Last 30 ================

 

2010-12-06 13:59:52 -------- d-----w- c:\users\lasse\appdata\local\temp

2010-12-06 13:56:58 -------- d-sh--w- C:\$RECYCLE.BIN

2010-12-06 13:23:51 98816 ----a-w- c:\windows\sed.exe

2010-12-06 13:23:51 89088 ----a-w- c:\windows\MBR.exe

2010-12-06 13:23:51 256512 ----a-w- c:\windows\PEV.exe

2010-12-06 13:23:51 161792 ----a-w- c:\windows\SWREG.exe

2010-12-03 15:43:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-12-03 15:43:50 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2010-12-03 15:43:03 -------- d-----w- c:\users\lasse\appdata\local\Sunbelt Software

2010-12-03 15:42:11 -------- dc-h--w- c:\progra~2\{E961CE1B-C3EA-4882-9F67-F859B555D097}

2010-12-03 14:23:28 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP

2010-12-03 14:19:48 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3821417f-7d27-4201-960e-fda08f443422}\mpengine.dll

2010-12-03 13:23:42 -------- d-----w- c:\program files\Enigma Software Group

2010-12-01 20:56:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-01 20:56:45 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2010-11-30 17:14:32 -------- d-----w- c:\users\lasse\appdata\roaming\GetRightToGo

2010-11-30 17:04:01 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-11-30 15:54:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-11-30 10:28:51 -------- d-----w- c:\users\lasse\appdata\local\NPE

2010-11-25 13:53:52 -------- d-sh--w- c:\progra~2\311343945155A5399C913A6F514E247F

2010-11-25 13:04:36 -------- d-----w- c:\users\lasse\appdata\roaming\LimeWire

2010-11-25 12:32:37 -------- d-----w- c:\users\lasse\Shared

2010-11-25 12:31:59 -------- d-----w- c:\program files\360Share Pro

2010-11-24 14:55:41 -------- d-----w- c:\progra~2\sitoo

2010-11-24 14:44:19 -------- d-----w- c:\program files\Sitoo

2010-11-24 07:55:27 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2010-11-22 10:01:04 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll

2010-11-22 10:01:04 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll

2010-11-22 10:01:04 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe

2010-11-22 10:01:04 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll

2010-11-22 10:01:04 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll

2010-11-22 10:01:04 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll

2010-11-22 10:01:03 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll

2010-11-19 10:39:08 666672 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys

2010-11-19 10:39:08 50096 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtspx.sys

2010-11-19 10:39:08 489008 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtsp.sys

2010-11-19 10:39:08 339504 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymDS.sys

2010-11-19 10:39:08 331312 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys

2010-11-19 10:39:08 294448 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symnets.sys

2010-11-19 10:39:08 134704 ----a-r- c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys

2010-11-19 10:38:57 -------- d-----w- c:\windows\system32\drivers\nis\1201000.025

2010-11-17 08:06:20 -------- d-----w- c:\users\lasse\appdata\roaming\Nvu

2010-11-17 08:06:04 -------- d-----w- c:\program files\Nvu

2010-11-15 08:26:46 -------- d-----w- c:\program files\iPod

2010-11-15 08:26:43 -------- d-----w- c:\program files\iTunes

2010-11-10 19:03:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2010-11-10 13:04:50 -------- d-----w- c:\users\lasse\appdata\roaming\Windows Live Writer

2010-11-10 13:04:50 -------- d-----w- c:\users\lasse\appdata\local\Windows Live Writer

 

==================== Find3M ====================

 

2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-22 22:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec

2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb

 

============= FINISH: 22:38:10,99 ===============

Attach.txt

[Cecilia]

Jag ser inte längre till några skadliga filer i loggen

 

Körde du ComboFix? Det ser ut att vara installerat.

 

En rest av någon gammal Norton som kan tas bort.

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp Automatisk LiveUpdate-schemaläggare i listan, dubbelklicka och välj Startmetod Inaktiverad.

 

Eftersom du har avinstallerat SpyHunter kan du ta bort mappen c:\program files\Enigma Software Group.

 

I Firefox finns de gamla Java-versionerna kvar.

Firefox - Verktyg - Tillägg - Insticksmoduler

Inaktivera alla som börjar med Java utom de som har versionsnumret 6.0.220.4.

 

Sedan är ju frågan hur du ska ha det med antivirusprogram. Jag ser både Norton och Ad-Aware, som i sin senaste version även är ett antivirusprogram, och det är inte lämpligt att ha två antivirusprogram igång i datorn.

 

Verkar allt vara bra med datorn nu så det är dags för en slutstädning eller verkar det vara något kvar i datorn?