Just nu i M3-nätverket
Jump to content

Opera, firefox och IE hänger sig


putifar

Recommended Posts

Detta började idag, opera är värst, när jag klickar vidare på någon länk eller något så står det "svarar inte" och opera blir vitt och textlöst. efter några sekunder så kommer det igång, men detta händer ofta. IE har blivit bättre nu, efter omstart av datorn, IE bara stängdes ner då och då, jag körde en scan med Malwarebytes men inget skadligt.

Prövade nu också FireFox, men samma problem som med IE, stängs ner (fast oftare)

 

 

Kan ana virus, men vet ej lämmnar det åt er proffs!.

kan posta hijacklog etc om dt behövs, men eftersom det inte krångla igår och jag har inte varit inne på några skumma sidor eller något så vet jag verkligen inte.

 

Mvh Putifar

Link to comment
Share on other sites

  • Replies 76
  • Created
  • Last Reply

Blir galen, hjälp snarast, det känns som om min internetanslutning dör så fort jag klickar på en länk, och efter ännu en omstart måste jag starta IE 10ggr innan jag kommer fram hit.

 

Kan det va min ISP som vill retas lite?

pratade i telefon och min vän sa att jag loggade in och ut från skype.

 

Ja, hoppas att någon sitter där och känner medlidande!

Link to comment
Share on other sites

Hijack log

 

[log] Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:18:10, on 2011-01-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\Program\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

F:\Program\TortoiseSVN\bin\TSVNCache.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

F:\Winamp\winampa.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program\AVG\AVG10\avgwdsvc.exe

C:\Program\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

F:\Program\DAEMON Tools\daemon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

F:\Program\uTorrent.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Tunngle\TnglCtrl.exe

C:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program\AVG\AVG10\avgnsx.exe

C:\Program\AVG\AVG10\avgemcx.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Windows Live\Contacts\wlcomm.exe

C:\Program\Opera\Opera.exe

C:\Program\AVG\AVG10\avgrsx.exe

C:\Program\AVG\AVG10\avgcsrvx.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG10\avgssie.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre6\bin\jusched.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program\AVG\AVG10\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "F:\Program\uTorrent.exe"

O4 - HKCU\..\Run: [Logitech Vid] "F:\Program\Logitech\Logitech Vid\vid.exe" -bootmode

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG10\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\doasosubrim.tmp

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe

O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program\Tunngle\TnglCtrl.exe

 

--

End of file - 6964 bytes [/log]

Link to comment
Share on other sites

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in ett av följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\doasosubrim.tmp

 

Med DDS ser man mer än med HijackThis. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites

Attach.txt

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Folke at 0:43:58,21 on 2011-01-09

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.1535.559 [GMT 1:00]

 

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

============== Running Processes ===============

 

C:\Program\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

F:\Program\TortoiseSVN\bin\TSVNCache.exe

F:\Winamp\winampa.exe

C:\Program\iTunes\iTunesHelper.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program\AVG\AVG10\avgwdsvc.exe

C:\Program\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

F:\Program\DAEMON Tools\daemon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Tunngle\TnglCtrl.exe

C:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program\AVG\AVG10\avgnsx.exe

C:\Program\AVG\AVG10\avgemcx.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Windows Live\Contacts\wlcomm.exe

C:\Program\AVG\AVG10\avgrsx.exe

C:\Program\AVG\AVG10\avgcsrvx.exe

F:\Program\WC3Banlist\WC3Banlist.exe

C:\Program\Opera\Opera.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Folke\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg10\avgssie.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools] "f:\program\daemon tools\daemon.exe" -lang 1033

uRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background

uRun: [uTorrent] "f:\program\uTorrent.exe"

uRun: [Logitech Vid] "f:\program\logitech\logitech vid\vid.exe" -bootmode

uRun: [skype] "c:\program\skype\phone\Skype.exe" /nosplash /minimized

mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe

mRun: [ATICCC] "c:\program\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [WinampAgent] f:\winamp\winampa.exe

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] c:\program\java\jre6\bin\jusched.exe

mRun: [LogitechQuickCamRibbon] "f:\program\logitech\logitech webcam software\LWS.exe" /hide

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AVG_TRAY] c:\program\avg\avg10\avgtray.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program\java\jre6\bin\jp2iexp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\docume~1\alluse~1\applic~1\doasosubrim.tmp

 

============= SERVICES / DRIVERS ===============

 

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]

R2 AVGIDSAgent;AVGIDSAgent;c:\program\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]

R2 avgwd;AVG WatchDog;c:\program\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-9-28 38144]

R2 TunngleService;TunngleService;c:\program\tunngle\TnglCtrl.exe [2010-1-26 682232]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cpuz132;cpuz132;\??\c:\docume~1\folke\lokala~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\folke\lokala~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 GarenaPEngine;GarenaPEngine;c:\docume~1\folke\lokala~1\temp\UMC206.tmp [2010-8-29 25616]

S3 GGSAFERDriver;GGSAFER Driver;\??\f:\garena\safedrv.sys --> f:\garena\safedrv.sys [?]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-1-24 27136]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

 

=============== Created Last 30 ================

 

2011-01-08 22:50:55 -------- d-----w- c:\docume~1\folke\lokala~1\applic~1\Mozilla

2011-01-07 01:45:49 -------- d-----w- c:\docume~1\folke\lokala~1\applic~1\SKIDROW

2011-01-05 22:47:58 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-01-01 01:52:20 5632 ----a-w- c:\windows\system32\ptpusb.dll

2011-01-01 01:52:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

2011-01-01 01:52:19 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2011-01-01 01:52:19 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-12-27 00:24:19 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2010-12-27 00:24:19 4992 ----a-w- c:\windows\system32\drivers\loop.sys

2010-12-16 20:02:26 -------- d-----w- c:\docume~1\folke\applic~1\AVG10

2010-12-16 20:00:09 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2010-12-16 19:59:09 -------- d-----w- c:\windows\system32\drivers\AVG

2010-12-16 19:59:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2010-12-16 19:58:49 -------- d-----w- c:\program\AVG

2010-12-16 19:54:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2010-12-12 13:55:56 83806056 ----a-w- c:\program\delade filer\windows live\.cache\wlc27.tmp

 

==================== Find3M ====================

 

2010-10-21 12:37:18 81920 ----a-w- c:\windows\ALCFDRTM.VER

2010-10-21 12:37:18 81920 ----a-w- c:\windows\ALCFDRTM.EXE

 

============= FINISH: 0:44:51,67 ===============

 

 

 

VirusTotal

Link to comment
Share on other sites

Är SKIDROW något du känner igen?

2011-01-07 01:45:49 -------- d-----w- c:\docume~1\folke\lokala~1\applic~1\SKIDROW

 

Skanna med HijackThis och bocka för:

 

O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\doasosubrim.tmp

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Ställ in Datorn/Utforskaren så att du kan se alla filer:

Verktyg - Mappalternativ - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filen C:\DOCUME~1\ALLUSE~1\APPLIC~1\doasosubrim.tmp

Där ~1 står för ett antal godtyckliga tecken.

 

Fungerar webbläsarna bättre nu?

Link to comment
Share on other sites

SKIDROW är en mapp som kom med spelet MONKEY ISLAND.

För att förtydliga, då det kanske kan vara viktigt för Cecilia i hjälparbetet, det är en mapp som följer med det HACKADE spelet MONKEY ISLAND.

Link to comment
Share on other sites

doasosubrim.tmp - "FEL VID BORTAGNING AV FIL/MAPP" -Det går inta att ta bort doasosubrim.. åtkomst nekad. Kontrollera att disken inte är full eller skrivskyddad och att filen inte används.

 

doasosubrim.tmp har en vän i samma mapp -doasosubrim.dat

Link to comment
Share on other sites

Tack, Anjuna! :)

 

Hackade spel kan ju innehålla vad som helst. Då är det lämpligt att avinstallera spelet. Ny DDS.txt efter det.

Link to comment
Share on other sites

DDS (Ver_10-12-12.02) - NTFSx86

Run by Folke at 1:46:46,26 on 2011-01-09

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.1535.882 [GMT 1:00]

 

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

============== Running Processes ===============

 

C:\Program\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program\AVG\AVG10\avgwdsvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Tunngle\TnglCtrl.exe

C:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program\AVG\AVG10\avgnsx.exe

C:\Program\AVG\AVG10\avgemcx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

F:\Program\TortoiseSVN\bin\TSVNCache.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

F:\Winamp\winampa.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

F:\Program\DAEMON Tools\daemon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

F:\Program\uTorrent.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\AVG\AVG10\avgrsx.exe

C:\Program\AVG\AVG10\avgcsrvx.exe

C:\Documents and Settings\Folke\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg10\avgssie.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools] "f:\program\daemon tools\daemon.exe" -lang 1033

uRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background

uRun: [uTorrent] "f:\program\uTorrent.exe"

uRun: [Logitech Vid] "f:\program\logitech\logitech vid\vid.exe" -bootmode

uRun: [skype] "c:\program\skype\phone\Skype.exe" /nosplash /minimized

mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe

mRun: [ATICCC] "c:\program\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [WinampAgent] f:\winamp\winampa.exe

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] c:\program\java\jre6\bin\jusched.exe

mRun: [LogitechQuickCamRibbon] "f:\program\logitech\logitech webcam software\LWS.exe" /hide

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AVG_TRAY] c:\program\avg\avg10\avgtray.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program\java\jre6\bin\jp2iexp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\docume~1\alluse~1\applic~1\doasosubrim.tmp

 

============= SERVICES / DRIVERS ===============

 

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]

R2 AVGIDSAgent;AVGIDSAgent;c:\program\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]

R2 avgwd;AVG WatchDog;c:\program\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-9-28 38144]

R2 TunngleService;TunngleService;c:\program\tunngle\TnglCtrl.exe [2010-1-26 682232]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cpuz132;cpuz132;\??\c:\docume~1\folke\lokala~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\folke\lokala~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 GarenaPEngine;GarenaPEngine;c:\docume~1\folke\lokala~1\temp\UMC206.tmp [2010-8-29 25616]

S3 GGSAFERDriver;GGSAFER Driver;\??\f:\garena\safedrv.sys --> f:\garena\safedrv.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-1-24 27136]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

 

=============== Created Last 30 ================

 

2011-01-08 22:50:55 -------- d-----w- c:\docume~1\folke\lokala~1\applic~1\Mozilla

2011-01-07 01:45:49 -------- d-----w- c:\docume~1\folke\lokala~1\applic~1\SKIDROW

2011-01-05 22:47:58 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-01-01 01:52:20 5632 ----a-w- c:\windows\system32\ptpusb.dll

2011-01-01 01:52:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

2011-01-01 01:52:19 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2011-01-01 01:52:19 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-12-27 00:24:19 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2010-12-27 00:24:19 4992 ----a-w- c:\windows\system32\drivers\loop.sys

2010-12-16 20:02:26 -------- d-----w- c:\docume~1\folke\applic~1\AVG10

2010-12-16 20:00:09 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2010-12-16 19:59:09 -------- d-----w- c:\windows\system32\drivers\AVG

2010-12-16 19:59:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2010-12-16 19:58:49 -------- d-----w- c:\program\AVG

2010-12-16 19:54:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2010-12-12 13:55:56 83806056 ----a-w- c:\program\delade filer\windows live\.cache\wlc27.tmp

 

==================== Find3M ====================

 

2010-10-21 12:37:18 81920 ----a-w- c:\windows\ALCFDRTM.VER

2010-10-21 12:37:18 81920 ----a-w- c:\windows\ALCFDRTM.EXE

 

============= FINISH: 1:47:27,37 ===============

 

 

 

Då min cdläsare gått i kras har jag inte kunnat installera MONKEY ISLAND spelen via cd, Därför syndade jag och laddade ner dem. SKIDROW var då själva cracken om jag inte minns fel

Link to comment
Share on other sites

1.

Spara SystemLook på Skrivbordet från en av dessa länkar:

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

Dubbelklicka på SystemLook-filen för att köra den.

 

Kopiera alla rader i rutan

:dir
c:\docume~1\folke\lokala~1\applic~1\SKIDROW
:file
c:\docume~1\alluse~1\applic~1\doasosubrim.tmp
c:\docume~1\alluse~1\applic~1\doasosubrim.dat 

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

 

2.

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

God natt!

Link to comment
Share on other sites

SYSTEMLOOK

 

SystemLook 04.09.10 by jpshortstuff

Log created at 02:12 on 09/01/2011 by Folke

Administrator - Elevation successful

 

========== dir ==========

 

c:\docume~1\folke\lokala~1\applic~1\SKIDROW - Parameters: "(none)"

 

---Files---

None found.

 

---Folders---

SAVES d------ [01:45 07/01/2011]

 

========== file ==========

 

c:\docume~1\alluse~1\applic~1\doasosubrim.tmp - File found and opened.

MD5: BFDBCAD11BCFB4449F51AD1A51BA18E1

Created at 17:20 on 04/05/2010

Modified at 17:20 on 04/05/2010

Size: 2313082 bytes

Attributes: ---h---

No version information available.

 

c:\docume~1\alluse~1\applic~1\doasosubrim.dat - File found and opened.

MD5: B06D06B2257BA96D412FC277EEE42E55

Created at 17:20 on 04/05/2010

Modified at 17:20 on 04/05/2010

Size: 1790393 bytes

Attributes: ---h---

No version information available.

 

-= EOF =-

Link to comment
Share on other sites

Jag kan inte köra ComboFix utan att ha avinstallerat AVG, så jag gör det och installerar om när jag e färdig.

 

Eller?

Jag har installfilen. Väntar tills imorgon.

 

får ett felmedelande från ComboFix där det står såhär:

WARNING

 

COMBOFIX cannot run when AVG is installed.

This due to AVG's targeting of Combofix's files/processes.

it would be dangerous to continue.

 

Please uninstall AVG or use another tool.

 

-

jag gjorde som dom skrev på forumet du länka, att jag skulle temporary disable. men det fungera inte.

Man kanske skulle kunna ta och stänga det via processer eller något.

Jag vill inte pilla på datorn när det är sånthär på den så det får bli en god bok, återkommer imorgon och tack för hjälpen hitills!

Link to comment
Share on other sites

Körde en liten "testrun" av Opera och det går mer smidigt nu. IE har nog inte dött på 2 minuter snart, så framåt går det!

Link to comment
Share on other sites

Uppdatera inte Java så länge som datorn är infekterad.

 

Vi kan se om det går att lösa utan ComboFix.

 

1.

Ladda ner mbr.exe till Skrivbordet:

http://www2.gmer.net/mbr/mbr.exe

 

Start - Kör

Kopiera raden som är i rutan nedan och klistra in i Kör-fältet.

"%userprofile%\skrivbord\mbr.exe" -tDFR -s  > "C:\mbr.log"

Klistra in innehållet i mbr.log som skapas i C:\.

 

Obs! Dra ur internetanslutningen och inaktivera/stäng av antivirus- och andra säkerhetsprogram innan du kör mbr.exe.

 

2.

Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

 

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna och att varje rad här blir en egen rad i rutan):

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

 

Tryck på Quick Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil

Link to comment
Share on other sites

MBR startade och sedan va det som om någon tryckte av strömmen och satte på datorn igen, när datorn startar står det "datorn har återställts efter ett allvarligt fel"

en loggfol har skapatsöver det här felet,

C:\DOCUME~1\Folke\LOKALA~1\Temp\WERbc66.dir00\Mini010911-01.dmp

C:\DOCUME~1\Folke\LOKALA~1\Temp\WERbc66.dir00\sysdata.xml

 

hittade ingen MBR.LOG om den ska vara på C:

det låg en mbr.log på skrivbordet men den var tom

 

Körde MBR igen, denna gången med resultat (anledning för redigering av inlägg)

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD3200AAKS-00L9A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x898A41F8]<<

_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x898a4008; MOV EAX, 0xf74e82f8; CALL EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x89847AB8]

3 CLASSPNP[0xF765805B] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP1T0L0-e[0x89829D98]

\Driver\atapi[0x897E9030] -> IRP_MJ_CREATE -> 0x898A41F8

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi -> 0x898a41f8

user & kernel MBR OK

Warning: possible MBR rootkit infection !

 

Filesystem trace:

called modules: ntoskrnl.exe hal.dll AVGIDSFilter.Sys fltMgr.sys avgmfx86.sys sr.sys >>UNKNOWN [0x898A31F8]<<

C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys AVG Technologies CZ, s.r.o. AVG IDS

C:\WINDOWS\system32\DRIVERS\avgmfx86.sys AVG Technologies CZ, s.r.o. AVG Internet Security

_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x898a3008; MOV EAX, 0xf74e704c; CALL EAX; }

1 nt!IofCallDriver[0x804E13B9] -> [0x88B02868]

3 AVGIDSFilter[0xB1701404] -> nt!IofCallDriver[0x804E13B9] -> [0x89513DA8]

5 fltMgr[0xBA7E4E61] -> nt!IofCallDriver[0x804E13B9] -> [0x8979BC10]

7 sr[0xBA7D4870] -> nt!IofCallDriver[0x804E13B9] -> [0x8979BAD8]

9 fltMgr[0xBA7F10BE] -> nt!IofCallDriver[0x804E13B9] -> [0x89822020]

\FileSystem\Ntfs[0x897D01B0] -> IRP_MJ_CREATE -> 0x898A31F8

 

Registry trace:

called modules: ntoskrnl.exe spcj.sys hal.dll avgmfx86.sys >>UNKNOWN [0x898C48B0]<<

spcj.sys

C:\WINDOWS\system32\DRIVERS\avgmfx86.sys AVG Technologies CZ, s.r.o. AVG Internet Security

_asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffff6ca7cd6; }

Link to comment
Share on other sites

OTL logfile created on: 2011-01-09 15:24:01 - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Folke\Skrivbord

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 29,81 Gb Total Space | 7,57 Gb Free Space | 25,41% Space Free | Partition Type: NTFS

Drive F: | 268,28 Gb Total Space | 51,43 Gb Free Space | 19,17% Space Free | Partition Type: NTFS

 

Computer Name: WOLKE | User Name: Folke | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011-01-09 15:03:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Folke\Skrivbord\OTL.exe

PRC - [2010-11-23 13:34:16 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program\AVG\AVG10\avgwdsvc.exe

PRC - [2010-10-22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program\AVG\AVG10\avgtray.exe

PRC - [2010-05-14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Delade filer\Java\Java Update\jusched.exe

PRC - [2010-04-17 10:29:56 | 000,619,784 | ---- | M] (http://tortoisesvn.net) -- F:\Program\TortoiseSVN\bin\TSVNCache.exe

PRC - [2010-03-19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009-12-31 10:56:40 | 000,682,232 | ---- | M] (Tunngle.net GmbH) -- C:\Program\Tunngle\TnglCtrl.exe

PRC - [2009-10-07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\logishrd\LVMVFM\LVPrcSrv.exe

PRC - [2006-11-02 23:00:00 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE

PRC - [2006-11-02 23:00:00 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2005-08-12 13:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program\ATI Technologies\ATI.ACE\CLI.exe

PRC - [2005-04-07 19:48:54 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011-01-09 15:03:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Folke\Skrivbord\OTL.exe

MOD - [2005-04-07 10:50:20 | 001,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\srsvc.dll -- (srservice)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010-11-23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010-05-04 18:20:08 | 001,790,393 | -H-- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\doasosubrim.dat -- (SENS)

SRV - [2010-03-19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)

SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2009-12-31 10:56:40 | 000,682,232 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program\Tunngle\TnglCtrl.exe -- (TunngleService)

SRV - [2009-10-07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2005-08-02 22:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Garena\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Folke\LOKALA~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)

DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2010-09-13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2010-08-29 22:13:36 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Folke\Lokala inställningar\Temp\UMC206.tmp -- (GarenaPEngine)

DRV - [2010-08-19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2010-08-19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010-08-19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2010-04-09 12:35:40 | 000,016,224 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2010-02-11 12:08:25 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009-10-11 20:43:24 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-10-07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009-09-16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)

DRV - [2009-07-31 06:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)

DRV - [2009-04-30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2006-11-02 23:00:00 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006-01-18 18:41:58 | 000,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005-11-23 04:50:52 | 001,410,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005-08-02 22:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2004-10-27 14:21:36 | 000,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004-10-27 14:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

DRV - [2004-08-04 13:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2004-08-04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2004-08-04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2004-08-04 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004-08-03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-ljuddrivrutiner (WDM)

DRV - [2001-08-17 21:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program\AVG\AVG10\Firefox\ [2010-12-28 13:13:56 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,710 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [ATICCC] C:\Program\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LogitechQuickCamRibbon] F:\Program\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WinampAgent] F:\Winamp\winampa.exe ()

O4 - HKCU..\Run: [DAEMON Tools] F:\Program\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKCU..\Run: [Logitech Vid] F:\Program\Logitech\Logitech Vid\vid.exe (Logitech Inc.)

O4 - HKCU..\Run: [uTorrent] F:\Program\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\doasosubrim.tmp) - C:\Documents and Settings\All Users\Application Data\doasosubrim.tmp ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Min aktuella startsida) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Folke\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Folke\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-10-10 19:09:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010-05-04 01:26:49 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-05-04 01:26:49 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{6cf612d8-101a-11e0-98dd-0015f261dc2f}\Shell - "" = AutoRun

O33 - MountPoints2\{6cf612d8-101a-11e0-98dd-0015f261dc2f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\Program\AVG\AVG10\avgchsvx.exe /sync) - C:\Program\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\Program\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SENS - C:\Documents and Settings\All Users\Application Data\doasosubrim.dat ()

NetSvcs: SRService - C:\WINDOWS\System32\srsvc.dll File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: SSHNAS - File not found

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Unable to start service SrService!

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011-01-09 15:03:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Folke\Skrivbord\OTL.exe

[2011-01-09 14:41:21 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Java

[2011-01-09 02:35:50 | 153,229,464 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Folke\Skrivbord\avg_free_x86_all_2011_1191a3330.exe

[2011-01-09 02:14:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011-01-08 23:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Lokala inställningar\Application Data\Mozilla

[2011-01-07 02:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Lokala inställningar\Application Data\SKIDROW

[2011-01-06 00:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\LucasArts

[2011-01-05 23:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Application Data\LucasArts

[2010-12-18 23:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Skrivbord\MeepoBot

[2010-12-18 17:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\WC3Banlist

[2010-12-16 21:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Application Data\AVG10

[2010-12-16 21:00:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010-12-16 20:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\AVG 2011

[2010-12-16 20:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010-12-16 20:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG

[2010-12-16 20:58:49 | 000,000,000 | ---D | C] -- C:\Program\AVG

[2010-12-16 20:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010-12-16 19:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Skrivbord\War#2

[2010-12-16 19:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Skrivbord\War#1

[2010-12-16 19:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Skrivbord\Win BoT

[2010-12-11 01:37:01 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Skype

[2010-12-11 01:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Skype

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011-01-09 15:03:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Folke\Skrivbord\OTL.exe

[2011-01-09 14:45:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011-01-09 14:42:02 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\mbr.exe

[2011-01-09 14:41:13 | 103,833,463 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011-01-09 02:47:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat

[2011-01-09 02:35:50 | 153,229,464 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Folke\Skrivbord\avg_free_x86_all_2011_1191a3330.exe

[2011-01-09 02:31:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011-01-09 02:22:01 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job

[2011-01-09 02:09:41 | 004,150,950 | R--- | M] () -- C:\Documents and Settings\Folke\Skrivbord\ComboFix.exe

[2011-01-09 02:07:23 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\SystemLook.exe

[2011-01-09 00:40:49 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\dds.scr

[2011-01-08 23:51:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2011-01-08 17:34:32 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till CURSE.EXE.lnk

[2011-01-07 17:27:06 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till MISE.exe.lnk

[2011-01-07 15:33:32 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Folke\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-01-04 15:16:10 | 000,002,987 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\CV.doc

[2011-01-03 23:48:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-12-28 13:14:06 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\AVG 2011.lnk

[2010-12-24 01:16:03 | 000,002,227 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Skype.lnk

[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-12-19 13:31:09 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Folke\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2010-12-19 13:31:09 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Opera.lnk

[2010-12-18 17:27:03 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\WC3Banlist.lnk

[2010-12-18 17:26:03 | 000,451,339 | ---- | M] () -- C:\Documents and Settings\Folke\Mina dokument\Bannspoon.xml

[2010-12-16 20:32:25 | 000,503,098 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2010-12-16 20:32:25 | 000,502,264 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-12-16 20:32:25 | 000,102,242 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2010-12-16 20:32:25 | 000,087,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-12-16 20:15:19 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till TFTLaunch32.exe.lnk

[2010-12-16 20:15:06 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till TFTLaunch3.exe.lnk

[2010-12-16 11:36:23 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Kopia av Frozen Throne.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011-01-09 14:42:01 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\mbr.exe

[2011-01-09 14:41:13 | 103,833,463 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011-01-09 02:09:41 | 004,150,950 | R--- | C] () -- C:\Documents and Settings\Folke\Skrivbord\ComboFix.exe

[2011-01-09 02:07:23 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\SystemLook.exe

[2011-01-09 00:40:49 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\dds.scr

[2011-01-08 23:51:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011-01-08 17:34:32 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till CURSE.EXE.lnk

[2011-01-06 14:40:37 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till MISE.exe.lnk

[2010-12-18 17:27:03 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\WC3Banlist.lnk

[2010-12-18 17:26:03 | 000,451,339 | ---- | C] () -- C:\Documents and Settings\Folke\Mina dokument\Bannspoon.xml

[2010-12-16 20:59:59 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\AVG 2011.lnk

[2010-12-16 20:15:09 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till TFTLaunch32.exe.lnk

[2010-12-16 20:14:58 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till TFTLaunch3.exe.lnk

[2010-12-16 00:30:37 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Kopia av Frozen Throne.lnk

[2010-11-12 13:24:30 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL

[2010-07-28 11:21:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010-05-04 18:20:08 | 001,790,393 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\doasosubrim.dat

[2010-04-01 16:03:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\avitoiPodconverter.ini

[2010-02-15 18:13:48 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2009-12-01 14:55:49 | 000,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI

[2009-10-11 23:25:57 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Folke\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-10-11 20:43:24 | 000,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-10-10 19:51:49 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009-10-10 19:17:34 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Folke\Lokala inställningar\Application Data\fusioncache.dat

[2009-10-10 19:13:24 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2009-10-07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2009-10-07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2009-04-30 21:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2005-08-02 22:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2004-08-04 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

 

========== LOP Check ==========

 

[2010-09-17 02:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton

[2010-12-16 21:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010-04-03 12:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2010-12-16 21:00:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009-10-11 20:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

[2010-05-03 21:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser

[2010-12-16 20:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010-10-14 23:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2009-11-23 14:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2010-11-12 13:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2010-05-03 21:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft

[2010-01-24 14:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle

[2009-12-20 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010-09-17 02:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\Ableton

[2010-12-16 21:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\AVG10

[2011-01-06 20:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\Azureus

[2009-12-13 02:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\Blitware

[2009-10-11 20:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\DAEMON Tools Pro

[2010-07-18 15:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\Leadertech

[2011-01-05 23:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\LucasArts

[2009-10-11 17:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\Opera

[2009-11-23 14:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\Propellerhead Software

[2011-01-05 14:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\Spotify

[2010-11-12 13:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010-05-03 21:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\Steinberg

[2010-05-23 16:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\Subversion

[2010-01-30 15:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\Tunngle

[2011-01-09 14:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Folke\Application Data\uTorrent

[2011-01-09 02:22:01 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009-10-10 19:09:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009-10-10 17:55:26 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2004-08-04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2009-10-10 19:09:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009-10-10 19:09:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010-05-03 22:06:48 | 000,000,110 | ---- | M] () -- C:\mbam-error.txt

[2009-10-10 19:09:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009-10-10 19:28:26 | 000,250,560 | RHS- | M] () -- C:\ntldr

[2011-01-09 14:45:00 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2004-08-04 13:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\poon.drv

[2010-05-04 01:25:18 | 000,000,371 | ---- | M] () -- C:\rkill.log

 

< %systemroot%\system32\*.wt >

 

< %systemroot%\system32\*.ruy >

 

< %systemroot%\Fonts\*.com >

[2006-04-18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006-06-29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006-04-18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006-06-29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

 

< %systemroot%\Fonts\*.dll >

 

< %systemroot%\Fonts\*.ini >

[2009-10-10 19:09:33 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

 

< %systemroot%\Fonts\*.ini2 >

 

< %systemroot%\Fonts\*.exe >

 

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2004-02-03 05:00:00 | 000,016,384 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD58.DLL

[2004-02-03 05:00:00 | 000,048,640 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP58.DLL

[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

 

< %systemroot%\REPAIR\*.bak1 >

 

< %systemroot%\REPAIR\*.ini >

 

< %systemroot%\system32\*.jpg >

 

< %systemroot%\*.scr >

 

< %systemroot%\*._sy >

 

< %APPDATA%\Adobe\Update\*.* >

 

< %ALLUSERSPROFILE%\Favorites\*.* >

 

< %APPDATA%\Microsoft\*.* >

[2010-09-28 21:53:08 | 000,001,490 | -H-- | M] () -- C:\Documents and Settings\Folke\Application Data\Microsoft\LastFlashConfig.WFC

 

< %PROGRAMFILES%\*.* >

 

< %APPDATA%\Update\*.* >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2005-07-26 05:42:48 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2009-10-10 19:33:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009-10-10 19:33:39 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009-10-10 19:33:39 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-16 03:40:42

 

< End of report >

 

 

 

 

 

Extras.Txt

Link to comment
Share on other sites

Jag flyttar tråden nu när det är klart att datorn verkar vara infekterad.

 

1.

Spara DeFogger by jpshortstuff http://www.jpshortstuff.247fixes.com/Defogger.exe på Skrivbordet.

 

Starta DeFogger.

När programmets fönster kommer upp trycker du på knappen Disable för att inaktivera drivrutinerna som hör ihop med ditt installerade CD-emuleringsprogram.

Tryck på Yes/Ja för att fortsätta.

När programmet är klart kommer det upp ett meddelande 'Finished!'.

Tryck på OK.

Programmet ber om omstart av datorn, tryck på OK.

 

VIKTIGT! Om du får ett felmeddelande medan DeFogger kör, så klistra in loggen defogger_disable som då skapas på Skrivbordet.

 

Aktivera inte dessa drivrutiner innan rensningen är helt klar.

 

2.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

 

Klicka på Start Scan.

 

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

Link to comment
Share on other sites

TDSSKILLER (inget hittades)

 

2011/01/09 17:55:29.0593 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2011/01/09 17:55:29.0593 ================================================================================

2011/01/09 17:55:29.0593 SystemInfo:

2011/01/09 17:55:29.0593

2011/01/09 17:55:29.0593 OS Version: 5.1.2600 ServicePack: 2.0

2011/01/09 17:55:29.0593 Product type: Workstation

2011/01/09 17:55:29.0593 ComputerName: WOLKE

2011/01/09 17:55:29.0593 UserName: Folke

2011/01/09 17:55:29.0593 Windows directory: C:\WINDOWS

2011/01/09 17:55:29.0593 System windows directory: C:\WINDOWS

2011/01/09 17:55:29.0593 Processor architecture: Intel x86

2011/01/09 17:55:29.0593 Number of processors: 2

2011/01/09 17:55:29.0593 Page size: 0x1000

2011/01/09 17:55:29.0593 Boot type: Normal boot

2011/01/09 17:55:29.0593 ================================================================================

2011/01/09 17:55:29.0890 Initialize success

2011/01/09 17:55:41.0843 ================================================================================

2011/01/09 17:55:41.0843 Scan started

2011/01/09 17:55:41.0843 Mode: Manual;

2011/01/09 17:55:41.0843 ================================================================================

2011/01/09 17:55:42.0296 ACPI (d51b4fd79d252851a8f13cfe9404cd2b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/09 17:55:42.0343 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/09 17:55:42.0406 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/01/09 17:55:42.0437 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/01/09 17:55:42.0468 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys

2011/01/09 17:55:42.0609 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/09 17:55:42.0718 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/09 17:55:42.0750 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/09 17:55:42.0843 ati2mtag (bf278c2d512ef0d2748cdac641bb9649) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/01/09 17:55:42.0875 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/09 17:55:42.0906 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/09 17:55:42.0953 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/01/09 17:55:42.0968 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/01/09 17:55:43.0000 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/01/09 17:55:43.0015 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/01/09 17:55:43.0062 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/01/09 17:55:43.0093 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/01/09 17:55:43.0140 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/01/09 17:55:43.0171 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/01/09 17:55:43.0218 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/09 17:55:43.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/09 17:55:43.0296 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/01/09 17:55:43.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/09 17:55:43.0375 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/09 17:55:43.0406 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/09 17:55:43.0609 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/09 17:55:43.0656 dmboot (80bad99bf48053d32309afa3e8112de9) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/09 17:55:43.0703 dmio (33824764d4161c320ad7b56b6fa5f053) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/09 17:55:43.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/09 17:55:43.0765 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/09 17:55:43.0828 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/09 17:55:43.0875 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys

2011/01/09 17:55:43.0906 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/09 17:55:43.0937 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/09 17:55:43.0968 Fips (725ba8685312faf7ff7b2aa7eb32ae57) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/09 17:55:43.0984 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/09 17:55:44.0031 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/01/09 17:55:44.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/09 17:55:44.0093 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/09 17:55:44.0156 GarenaPEngine (97590bdd20e90546045982f6ea24eb1e) C:\DOCUME~1\Folke\LOKALA~1\Temp\UMC206.tmp

2011/01/09 17:55:44.0875 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/01/09 17:55:45.0000 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/09 17:55:45.0031 hamachi (85f4e4617dbd603c2202354cedfdf249) C:\WINDOWS\system32\DRIVERS\hamachi.sys

2011/01/09 17:55:45.0093 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys

2011/01/09 17:55:45.0125 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/09 17:55:45.0156 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/09 17:55:45.0218 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/09 17:55:45.0296 i8042prt (fb251fb7a44e34f3b9721472493d7992) C:\WINDOWS\system32\drivers\i8042prt.sys

2011/01/09 17:55:45.0312 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/09 17:55:45.0468 IntcAzAudAddService (47f27af890da3e51c633fdd510910115) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/01/09 17:55:45.0531 IntelIde (cabeb91f29698183a6b03a1265fa99ba) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/09 17:55:45.0562 intelppm (50272dadb0cabd79ac86f221e0e0b46c) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/09 17:55:45.0609 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/01/09 17:55:45.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/09 17:55:45.0656 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/09 17:55:45.0687 IpNat (d58ecd3b3969a670e68588f1640920b6) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/09 17:55:45.0718 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/09 17:55:45.0750 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/09 17:55:45.0781 isapnp (303640835cb95b00590b962283570648) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/09 17:55:45.0796 Kbdclass (ce96bfa4af66a2fe61982093bd1d8ffb) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/09 17:55:45.0828 kbdhid (8414f174d2199730d06f309389d2da02) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/09 17:55:45.0875 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/09 17:55:45.0890 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/09 17:55:45.0984 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/01/09 17:55:46.0015 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/09 17:55:46.0046 Modem (16482d7667fb6783108bbd90ad36b159) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/09 17:55:46.0078 Mouclass (91460066455e77da014cd5ef45b150e2) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/09 17:55:46.0109 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/09 17:55:46.0125 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/09 17:55:46.0187 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/09 17:55:46.0218 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/09 17:55:46.0265 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/09 17:55:46.0312 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/09 17:55:46.0328 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys

2011/01/09 17:55:46.0375 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/09 17:55:46.0390 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/09 17:55:46.0437 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/09 17:55:46.0468 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/01/09 17:55:46.0484 Mup (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/09 17:55:46.0515 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/01/09 17:55:46.0546 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/09 17:55:46.0562 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/01/09 17:55:46.0593 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/09 17:55:46.0625 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/09 17:55:46.0656 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/09 17:55:46.0671 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/09 17:55:46.0703 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/09 17:55:46.0734 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/09 17:55:46.0796 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/09 17:55:46.0828 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys

2011/01/09 17:55:46.0843 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys

2011/01/09 17:55:46.0875 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/09 17:55:46.0906 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/09 17:55:46.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/09 17:55:47.0000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/09 17:55:47.0015 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/09 17:55:47.0046 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2011/01/09 17:55:47.0062 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2011/01/09 17:55:47.0093 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2011/01/09 17:55:47.0125 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/09 17:55:47.0156 Parport (fb0832a8cd0b3ea70d133768f551ae78) C:\WINDOWS\system32\drivers\Parport.sys

2011/01/09 17:55:47.0171 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/09 17:55:47.0203 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/09 17:55:47.0234 PCI (9554dd34eddafa76d502cb0ec439273d) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/09 17:55:47.0296 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\drivers\PCIIde.sys

2011/01/09 17:55:47.0312 Pcmcia (40b2b244caa60e60aceb54f01767b14d) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/09 17:55:47.0531 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

2011/01/09 17:55:47.0625 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/09 17:55:47.0671 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/09 17:55:47.0687 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/09 17:55:47.0718 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/09 17:55:47.0843 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/09 17:55:47.0875 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/09 17:55:47.0906 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/09 17:55:47.0921 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/09 17:55:47.0953 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/09 17:55:47.0984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/09 17:55:48.0015 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/09 17:55:48.0046 redbook (6ab3e65a46fb2a6f21ba5acfdfa44fab) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/09 17:55:48.0125 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/01/09 17:55:48.0156 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/01/09 17:55:48.0203 RTL8187B (de4635e8b7975d2b5d961299469a7462) C:\WINDOWS\system32\DRIVERS\wg111v3.sys

2011/01/09 17:55:48.0296 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/09 17:55:48.0343 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/09 17:55:48.0375 Serial (6494c4e513795c363b20e0f2c9a2e9ab) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/09 17:55:48.0437 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/09 17:55:48.0500 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/01/09 17:55:48.0578 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/09 17:55:48.0640 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\System32\Drivers\sptd.sys

2011/01/09 17:55:48.0671 sr (125ccd7b6b7e4732a03b6f4d69f87f7b) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/09 17:55:48.0718 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/09 17:55:48.0765 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/01/09 17:55:48.0796 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/09 17:55:48.0828 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/09 17:55:48.0953 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/09 17:55:48.0984 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys

2011/01/09 17:55:49.0031 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/09 17:55:49.0062 Tcpip6 (7dda159deda4fef8523eefc34e524013) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/01/09 17:55:49.0093 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/09 17:55:49.0125 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/09 17:55:49.0156 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/09 17:55:49.0218 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/01/09 17:55:49.0250 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/09 17:55:49.0296 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/09 17:55:49.0343 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/01/09 17:55:49.0375 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/01/09 17:55:49.0406 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/09 17:55:49.0437 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/09 17:55:49.0468 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/09 17:55:49.0500 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/09 17:55:49.0531 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/09 17:55:49.0562 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/09 17:55:49.0593 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/09 17:55:49.0640 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/01/09 17:55:49.0671 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/01/09 17:55:49.0718 VolSnap (4d5f0d3eb992d4c2bfb59077d62240ba) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/09 17:55:49.0765 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/09 17:55:49.0828 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/09 17:55:49.0921 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/01/09 17:55:50.0109 ================================================================================

2011/01/09 17:55:50.0109 Scan finished

2011/01/09 17:55:50.0109 ================================================================================

2011/01/09 17:56:06.0843 Deinitialize success

 

_

 

Något du kanske bör veta om du inte sett det i alla loggar så har jag nyligen fixat microsoft loopback adapter, varför? - jo, jag spelar Warcraft3 och använder en del 3djeparts program som inte fungerar felfritt utan detta.

 

Defogger

[log]defogger_disable by jpshortstuff (23.02.10.1)

Log created at 17:48 on 09/01/2011 (Folke)

 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

HKCU:DAEMON Tools -> Removed

 

Checking for services/drivers...

Unable to read sptd.sys

SPTD -> Disabled (Service running -> reboot required)

 

 

-=E.O.F=-[/log]

inga error's eller något liknande, men postade iallafall

Link to comment
Share on other sites

Scannar igenom datorn med AVG med brist på saker att göra.

är det SKIDROW eller doasosubrim som orsakar detta tror du?

jag har avinstallerat spelet med har fortfarande .iso kvar, och där ligger ju SKIDROW

jag vet ju inte riktigt vad som är aktuellt, ge mig instruktioner så uppdaterar jag er asap

Link to comment
Share on other sites

1.

Eftersom "System Restore" (systemåterställningen) inte fungerar gör en säkerhetskopia av registret med ERUNT.

På sidan http://aumha.org/freeware/freeware.php skrollar du ner till ERUNT. Spara filen "or version with installer" på Skrivbordet.

Installera ERUNT.

Dubbelklicka på Erunt.exe för att göra en säkerhetskopia av registret.

 

Om det blir problem efter att du har gjort något kan du återställa registret genom att starta programmet ERDNT i samma mapp som Erunt.exe.

 

2.

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Under Standard Registry välj All.

 

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna):

%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
disk.sys
sr.sys
/md5stop
CREATERESTOREPOINT

 

Bocka inte för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

 

2.

Kör mbr.exe på samma sätt som sist så får vi se hur det ser ut nu efter Defogger.

 

3.

Har AVG, MBAM (Malwarebytes' Anti-Malware) eller något annat program hittat något skadligt de senaste dagarna?

I så fall skulle jag vilja se loggar från det programmet där det framgår vad som har hittats.

 

4.

Ladda upp filen C:\poon.drv på virustotal-sidan.

Link to comment
Share on other sites

Har AVG, MBAM (Malwarebytes' Anti-Malware) eller något annat program hittat något skadligt de senaste dagarna?

I så fall skulle jag vilja se loggar från det programmet där det framgår vad som har hittats.

 

MBAM har inte hittat något, körde just en fullscan med AVG och den hittade 3 filer

 

jag har inte använt AVG så länge, så vet inte hur jag får loggarna,

3filer hittades, jag känner igen 2 av filerna och det är DirectX installfiler.

 

1

"Object name";"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hardcore"

"Detection name";"Found Dialer.Generic"

"Object type";"registry key"

"SDK Type";"Core"

"Result";"Moved to Virus Vault"

"Action history";"Moved to Virus Vault"

 

 

2

"Object name";"C:\Documents and Settings\Folke\Lokala inställningar\Application Data\Opera\Opera\temporary_downloads\SoftonicDownloader_for_directx.exe"

"Detection name";"Corrupted executable file"

"Object type";"file"

"SDK Type";"Core"

"Result";"Moved to Virus Vault"

"Action history";"Moved to Virus Vault"

 

3

"Object name";"C:\Documents and Settings\Folke\Lokala inställningar\Application Data\Opera\Opera\temporary_downloads\dxwebsetup.exe"

"Detection name";"Corrupted executable file"

"Object type";"file"

"SDK Type";"Core"

"Result";"Moved to Virus Vault"

"Action history";"Moved to Virus Vault"

 

(klicka på "view details" och copypastea.)

 

återkommer snart när jag gjort de andra anvisningarna

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.




×
×
  • Create New...