Virus - Segt internet (laddar sidorna segt)

[tobi]

hej,

 

datorn seg sedan ett par dagar, eller snarare internet laddar mycket segare än vanligt. mobilt bredband testat på andra datorer och fungerar normalt. Något stör processerna i min dator.

 

kollade logg i online armor och såg att den varannan minut ungefär stoppar olika processer såsom:

 

FAService.exe

OAcat.exe

 

samt

 

FATrayMon.exe

oaui.exe

 

upptäckte oxå att jag hade fått "registry mechanic" eller liknande som shortcut på skrivbordet..

 

postar en logg

[tobi]

hej,

 

datorn seg sedan ett par dagar, eller snarare internet laddar mycket segare än vanligt. mobilt bredband testat på andra datorer och fungerar normalt. Något stör processerna i min dator.

 

kollade logg i online armor och såg att den varannan minut ungefär stoppar olika processer såsom:

 

FAService.exe

OAcat.exe

 

samt

 

FATrayMon.exe

oaui.exe

 

upptäckte oxå att jag hade fått "registry mechanic" eller liknande som shortcut på skrivbordet..

 

postar en logg i nästa inlägg.

 

Ser oxå att varje gång en websida ska laddas så laddar den bl.a "adsby webservice" och liknande. (jag ser det nere i vänstra hörnet att dessa adresser fladdrar förbi)

 

Anar oråd!

[Mats H]

Hej,

Om något antivirus- eller antispionprogram har hittat något skadligt så klistra in en logg där det framgår vad som har hittats och vilka filer och mappar som är inblandade.

 

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

Mvh

Mats H

[tobi]

oj, fler som var uppesittare...

 

det blev en hijack this, skickar andra inom kort...

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:08:07, on 2011-01-11

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Emsisoft\Online Armor\oaui.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Emsisoft\Online Armor\OAhlp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Tific\Tific Client G1\ConnecteSupport.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Tele2 Connect\WVPNMonitor.exe

C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\System32\mobsync.exe

C:\Users\User\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [ConnecteSupport] "C:\Program Files\Tific\Tific Client G1\ConnecteSupport.exe" /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "Svenska" /SERVER t2connectsebg.tele2.com

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - Startup: Dropbox.lnk = User\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Connect Monitor.lnk = C:\Program Files\Tele2 Connect\WVPNMonitor.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} (SolidWorks Installation Manager Contol) - http://www.solidworks.com/sw/support/subscription/sldimdownload.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldsv-se.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{807AAAA7-9A7E-432D-8D65-43B29FBD7461}: NameServer = 130.244.127.161 130.244.127.169

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

O20 - Winlogon Notify: FastAccess - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a0cf2df6\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: Tele2 Connect AT Service (CTATSvc) - Tele2 - C:\Program Files\Tele2 Connect\ATService.exe

O23 - Service: Tele2 Connect Monitor (CTConnect) - Columbitech - C:\Program Files\Tele2 Connect\Connect.exe

O23 - Service: FAService - Sensible Vision - C:\Program Files\Sensible Vision\Fast Access\FAService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop-hanteraren 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\OAcat.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a0cf2df6\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

 

--

End of file - 11042 bytes

[tobi]

DDS (Ver_10-12-12.02) - NTFSx86

Run by User at 0:13:55,91 on 2011-01-11

Internet Explorer: 8.0.6001.18999

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.1638 [GMT 1:00]

 

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a0cf2df6\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Emsisoft\Online Armor\OAcat.exe

C:\Program Files\Emsisoft\Online Armor\oasrv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a0cf2df6\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Tele2 Connect\ATService.exe

C:\Program Files\Tele2 Connect\Connect.exe

C:\Program Files\Sensible Vision\Fast Access\FAService.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Emsisoft\Online Armor\oaui.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Emsisoft\Online Armor\OAhlp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Tific\Tific Client G1\ConnecteSupport.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Tele2 Connect\WVPNMonitor.exe

C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\System32\mobsync.exe

C:\Users\User\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files\sensible vision\fast access\FAIESSO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

mRun: [FAStartup]

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\oaui.exe"

mRun: [FATrayAlert] c:\program files\sensible vision\fast access\FATrayMon.exe

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ConnecteSupport] "c:\program files\tific\tific client g1\ConnecteSupport.exe" /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "Svenska" /SERVER t2connectsebg.tele2.com

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\connec~1.lnk - c:\program files\tele2 connect\WVPNMonitor.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: skandiabanken.se\secure

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldsv-se.cab

TCP: {807AAAA7-9A7E-432D-8D65-43B29FBD7461} = 130.244.127.161 130.244.127.169

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll

Notify: FastAccess - c:\program files\sensible vision\fast access\FALogNot.dll

AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll

LSA: Notification Packages = scecli FAPassSync

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\i53zgw4s.default\

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\i53zgw4s.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\i53zgw4s.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com

 

============= SERVICES / DRIVERS ===============

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-1-28 310320]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-7 165584]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-28 482432]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100505.001\IDSvix86.sys [2010-5-7 343088]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-8-7 236104]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-8-7 22600]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a0cf2df6\AEstSrv.exe [2009-2-6 73728]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-7 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-7 50768]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 40384]

R2 CTATSvc;Tele2 Connect AT Service;c:\program files\tele2 connect\ATService.exe [2010-10-1 578880]

R2 CTConnect;Tele2 Connect Monitor;c:\program files\tele2 connect\Connect.exe [2010-10-1 1803584]

R2 FAService;FAService;c:\program files\sensible vision\fast access\FAService.exe [2008-9-5 2340096]

R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-1-28 117640]

R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-8-7 1283400]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-1-23 90112]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-11 1153368]

R2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-8-7 3364680]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 40384]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-8-26 112640]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-8-26 101120]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-2-6 54784]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-2-6 203264]

R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-2-6 3663360]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-2-6 144672]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-2-6 277440]

R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-8-7 29256]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-1-23 27632]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-1-28 259632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2010-1-19 87336]

S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-8-2 230912]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-5 30192]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-8-7 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-8-7 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-8-7 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-8-7 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-8-7 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-8-7 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-8-7 115752]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-7 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-8-7 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-8-7 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-8-7 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-8-7 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-8-7 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-8-7 109736]

S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-1-28 48688]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

 

=============== Created Last 30 ================

 

2011-01-09 19:53:48 -------- d-----w- c:\program files\common files\PC Tools

2011-01-07 08:50:05 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{652c0a3f-ae4e-4b36-ae22-1fffe1f1ec44}\mpengine.dll

2011-01-06 18:26:37 -------- d-----w- c:\users\user\appdata\local\Symantec

2010-12-16 19:45:02 66048 ----a-w- c:\program files\windows mail\wabmig.exe

2010-12-16 19:45:02 515584 ----a-w- c:\program files\windows mail\wab.exe

2010-12-16 19:45:01 33280 ----a-w- c:\program files\windows mail\wabfind.dll

2010-12-16 19:45:00 2038272 ----a-w- c:\windows\system32\win32k.sys

2010-12-16 19:43:46 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

 

==================== Find3M ====================

 

2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll

2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe

 

============= FINISH: 0:17:17,23 ===============

Attach11jan0019.txt

[Mats H]

Hej,

ser att du har både Avast och Norton installerat

Avinstallera Norton, som dessutom är utdaterad.

Ett verktyg för att ta bort Norton:

Download and run the Norton Removal Tool to uninstall your Norton product | Norton Support

 

OnLine Armour är din brandvägg?

 

Skriv msconfig i sökrutan, tryck Enter, sedan fliken Autostart.

Markera ur följande, dessa program behöver ej startas upp när du startar din dator:

[uTorrent]

[iTunesHelper]

[DAEMON Tools]

[QuickTime Task]

[Adobe Reader Speed Launcher]

[Adobe ARM]

Avsluta med att trycka Ok och Verkställ.

 

Öppna Internet Explorer, sedan Verktyg, Internetalternativ, fliken Anslutningar, sedan knappen LAN-inställningar, markera ur/ta bort allt som har med proxy att göra.

 

Starta om datorn och installera Malwarebytes, hittas här:

Malwarebytes' Anti-Malware

 

Kör en snabbskanner, följ programmets instruktioner noga om något hittas. Även omstart kan förekomma.

Återkom med en logg här i din tråd. Loggar hittas under fliken Loggar.

 

Om du har några frågor, återkom.

Mvh

Mats H

[Brynäsarn]

Jag ser i DDS-loggen att du har en gammal java-version med säkerhetshål,

avinstallera i Kontrollpanelen Program och funktioner,hämta sedan uppdaterad

Java http://www.java.com/sv/ när datorn är ren.

[tobi]

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databasversion: 5503

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

 

2011-01-11 15:01:37

mbam-log-2011-01-11 (15-01-34).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 147058

Förfluten tid: 5 minut(er), 47 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> No action taken.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

c:\Users\User\AppData\Roaming\adddefaultvaluefordevicepathkey.reg (Rogue.AntiVirusPro) -> No action taken.

[tobi]

glömde att låta malwarebytes ta bort det den hittade, här kommer ny logg...

 

Startar sedan om datorn..

 

-----------------

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databasversion: 5503

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

 

2011-01-11 15:06:08

mbam-log-2011-01-11 (15-06-08).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 147058

Förfluten tid: 5 minut(er), 47 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

c:\Users\User\AppData\Roaming\adddefaultvaluefordevicepathkey.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

[Mats H]

Hej,

bra att detta kom fram.

 

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet "Remove found threats"

Bocka för "Scan Archives

 

Klicka på "Advanced Settings"

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Tryck på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Mvh

Mats H

[tobi]

hej,

 

och stort tack så här långt. tyvärr verkar scannern hänga sig på 21%. Det är andra gången jag låter den stå på nu. Väntade 10 minuter nyss utan att den fortsatte. Provar igen nu, men den verkar inte passera 21% och 299 scannade filer..

[Mats H]

Hej,

hoppas att du tar dig igenom, men ingen fara om det inte funkar.

Kör en ny DDS så vi får se hur avinstallationen av Norton gick.

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Mvh

Mats H

[tobi]

nu fortsätter den men det tar sin tid märker jag... får se om jag når slutet!

[Mats H]

Hej,

ett tillägg!

Kontrollera om där är något mer i c:\Users\User\AppData\Roaming som inte borde vara där.

Lista dem här i din tråd.

Obs, detta är dolda filer.

Öppna utforskaren, tryck på Alt tangenten, då ska Verktygsraden komma fram, sedan Verktyg, Mappalternativ och fliken Visning, markera i Visa dolda filer och mappar. Tryck OK och Verkställ.

Mvh

Mats H

[tobi]

DDS (Ver_10-12-12.02) - NTFSx86

Run by User at 0:04:18,21 on 2011-01-12

Internet Explorer: 8.0.6001.18999

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.1767 [GMT 1:00]

 

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a0cf2df6\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\Emsisoft\Online Armor\OAcat.exe

C:\Program Files\Emsisoft\Online Armor\oasrv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a0cf2df6\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Tele2 Connect\ATService.exe

C:\Program Files\Tele2 Connect\Connect.exe

C:\Program Files\Sensible Vision\Fast Access\FAService.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Emsisoft\Online Armor\oaui.exe

C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Emsisoft\Online Armor\OAhlp.exe

C:\Program Files\Tific\Tific Client G1\ConnecteSupport.exe

C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Tele2 Connect\WVPNMonitor.exe

C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Users\User\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files\sensible vision\fast access\FAIESSO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [FAStartup]

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\oaui.exe"

mRun: [FATrayAlert] c:\program files\sensible vision\fast access\FATrayMon.exe

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [ConnecteSupport] "c:\program files\tific\tific client g1\ConnecteSupport.exe" /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "Svenska" /SERVER t2connectsebg.tele2.com

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\connec~1.lnk - c:\program files\tele2 connect\WVPNMonitor.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: skandiabanken.se\secure

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldsv-se.cab

TCP: {807AAAA7-9A7E-432D-8D65-43B29FBD7461} = 130.244.127.161 130.244.127.169

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: FastAccess - c:\program files\sensible vision\fast access\FALogNot.dll

AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll

LSA: Notification Packages = scecli FAPassSync

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\i53zgw4s.default\

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\i53zgw4s.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\i53zgw4s.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-7 165584]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-8-7 236104]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-8-7 22600]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a0cf2df6\AEstSrv.exe [2009-2-6 73728]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-7 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-7 50768]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 40384]

R2 CTATSvc;Tele2 Connect AT Service;c:\program files\tele2 connect\ATService.exe [2010-10-1 578880]

R2 CTConnect;Tele2 Connect Monitor;c:\program files\tele2 connect\Connect.exe [2010-10-1 1803584]

R2 FAService;FAService;c:\program files\sensible vision\fast access\FAService.exe [2008-9-5 2340096]

R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-8-7 1283400]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-1-23 90112]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-11 1153368]

R2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-8-7 3364680]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-8-26 112640]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-8-26 101120]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-2-6 54784]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-2-6 203264]

R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-2-6 3663360]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-2-6 144672]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-2-6 277440]

R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-8-7 29256]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-1-23 27632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 40384]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2010-1-19 87336]

S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-8-2 230912]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-5 30192]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-8-7 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-8-7 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-8-7 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-8-7 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-8-7 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-8-7 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-8-7 115752]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-7 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-8-7 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-8-7 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-8-7 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-8-7 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-8-7 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-8-7 109736]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

 

=============== Created Last 30 ================

 

2011-01-11 22:28:11 -------- d-----w- c:\program files\ESET

2011-01-11 09:45:59 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c7192c57-c75c-4791-87b2-e531b9806024}\mpengine.dll

2011-01-06 18:26:37 -------- d-----w- c:\users\user\appdata\local\Symantec

2010-12-16 19:45:02 66048 ----a-w- c:\program files\windows mail\wabmig.exe

2010-12-16 19:45:02 515584 ----a-w- c:\program files\windows mail\wab.exe

2010-12-16 19:45:01 33280 ----a-w- c:\program files\windows mail\wabfind.dll

2010-12-16 19:45:00 2038272 ----a-w- c:\windows\system32\win32k.sys

2010-12-16 19:43:46 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

 

==================== Find3M ====================

 

2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll

2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe

 

============= FINISH: 0:06:00,03 ===============

Attach12jan0007.txt

[tobi]

online scannern tog tid, kom inte i mål. kan köra den imorrn o låta den stå på ett par timmar om det behövs..

 

appdata/roaming hittade jag inget som jag tyckte såg skumt ut, random siffror bokstäver eller annat. tror mig veta att alla mappar verkar var riktiga där.

 

tack så länge!

[Mats H]

Hej,

spara SystemLook på Skrivbordet från en av dessa länkar:

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

Dubbelklicka på SystemLook-filen för att köra den.

 

Kopiera alla rader i rutan

:filefind 
:service
:dir
:file

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

Mvh

Mats H

[tobi]

SystemLook 04.09.10 by jpshortstuff

Log created at 00:26 on 12/01/2011 by User

Administrator - Elevation successful

 

========== filefind ==========

 

========== service ==========

 

========== dir ==========

 

========== file ==========

 

-= EOF =-

[tobi]

känns som att vi kanske söker ett spöke.. men det är fortfarande segt att scrolla internetsidor som laddar segt och "småhänger sig lite" innan det går att scrolla normalt.

[Mats H]

Hej,

natten börjar kännas av!

Ber så mycket om ursäkt, men så här skulle det vara.

 

Spara SystemLook på Skrivbordet från en av dessa länkar:

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

Dubbelklicka på SystemLook-filen för att köra den.

 

Kopiera alla rader i rutan

:filefind 
:service
:dir
c:\Users\User\AppData\Roaming
:file

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

 

"känns som att vi kanske söker ett spöke.. men det är fortfarande segt att scrolla internetsidor som laddar segt och "småhänger sig lite" innan det går att scrolla normalt."

Har troligen med detta att göra: Internet Settings,ProxyServer = http=127.0.0.1:6522

I Internet Explorer:

Verktyg, Internetalternativ, fliken Anslutningar, sedan knappen LAN-inställningar, markera ur/ta bort allt som har med proxy att göra. Tryck Ok och sedan i Anslutningsfliken, Verkställ och Ok.

 

Ser du fortfarande "adsby webservice" ?

 

Mvh

Mats H

[tobi]

tog en sista koll i forumet och såg att du postat, tack..verkar inte vara ngt nytillkommet i appdata roaming mappen:

(adsby webservice är borta. däremot när jag tidigare dubbelkollade för att avmarkera proxy så var de redan avmarkerade, så varför det har försvunnit vet jag inte)

 

nu måste jag ta nån timmes sömn

 

tack så länge!

 

SystemLook 04.09.10 by jpshortstuff

Log created at 01:22 on 12/01/2011 by User

Administrator - Elevation successful

 

========== filefind ==========

 

========== service ==========

 

========== dir ==========

 

c:\Users\User\AppData\Roaming - Parameters: "(none)"

 

---Files---

UserTile.png --a---- 24206 bytes [16:03 05/08/2010] [16:03 05/08/2010]

 

---Folders---

Adobe d------ [12:56 06/05/2009]

Agency9 d------ [15:42 31/05/2009]

Apple Computer d------ [18:38 18/04/2010]

ATI d------ [09:15 06/05/2009]

Azureus d------ [21:22 07/05/2009]

com.zipeg d------ [08:13 11/05/2009]

Creative d------ [19:48 06/05/2009]

CyberLink d------ [16:14 23/09/2009]

DassaultSystemes d------ [10:06 04/09/2010]

Dropbox d------ [09:39 24/09/2010]

dvdcss d------ [19:54 09/05/2009]

EDrawings d------ [10:09 04/09/2010]

EPSON d------ [09:14 15/07/2009]

Google d------ [12:55 06/05/2009]

ICAClient d------ [06:44 18/05/2010]

Identities d------ [09:14 06/05/2009]

ImgBurn d------ [21:15 16/11/2009]

IrfanView d------ [19:10 02/11/2010]

Macromedia d------ [19:55 06/05/2009]

Malwarebytes d------ [14:03 05/08/2010]

Media Center Programs d------ [09:14 06/05/2009]

Microsoft d---s-- [09:14 06/05/2009]

Mozilla d------ [15:45 26/07/2010]

Nero d------ [11:20 04/09/2010]

OnlineArmor d------ [22:51 07/08/2010]

Personal d------ [10:12 03/05/2010]

Reallusion d------ [16:02 09/05/2009]

Roxio d------ [17:10 10/05/2009]

Skype d------ [22:05 07/05/2009]

skypePM d------ [22:07 07/05/2009]

SolidWorks d------ [08:11 04/09/2010]

Spotify d------ [20:03 23/05/2009]

SUPERAntiSpyware.com d------ [08:37 08/08/2010]

Template d------ [09:46 18/05/2009]

Tific d------ [22:40 26/08/2010]

U3 d------ [21:40 08/03/2010]

uTorrent d------ [21:13 10/08/2010]

vlc d------ [17:32 09/12/2010]

Western Digital d------ [10:15 12/06/2010]

Winamp d------ [18:46 25/05/2009]

 

========== file ==========

 

-= EOF =-

[tobi]

gjorde detta inlägg igår natt men det kom tydligen inte med, helskumt. iaf postar logg och en kommentar.

 

angående "ads bywwebservice" och liknande så ser jag inte det längre. I början kontrollerade jag inställningar för proxy och allt var redan avmarkerat så det verkade inte ha någon koppling?

 

Nedan ser inte jag ngt konstigt...

 

SystemLook 04.09.10 by jpshortstuff

Log created at 01:22 on 12/01/2011 by User

Administrator - Elevation successful

 

========== filefind ==========

 

========== service ==========

 

========== dir ==========

 

c:\Users\User\AppData\Roaming - Parameters: "(none)"

 

---Files---

UserTile.png --a---- 24206 bytes [16:03 05/08/2010] [16:03 05/08/2010]

 

---Folders---

Adobe d------ [12:56 06/05/2009]

Agency9 d------ [15:42 31/05/2009]

Apple Computer d------ [18:38 18/04/2010]

ATI d------ [09:15 06/05/2009]

Azureus d------ [21:22 07/05/2009]

com.zipeg d------ [08:13 11/05/2009]

Creative d------ [19:48 06/05/2009]

CyberLink d------ [16:14 23/09/2009]

DassaultSystemes d------ [10:06 04/09/2010]

Dropbox d------ [09:39 24/09/2010]

dvdcss d------ [19:54 09/05/2009]

EDrawings d------ [10:09 04/09/2010]

EPSON d------ [09:14 15/07/2009]

Google d------ [12:55 06/05/2009]

ICAClient d------ [06:44 18/05/2010]

Identities d------ [09:14 06/05/2009]

ImgBurn d------ [21:15 16/11/2009]

IrfanView d------ [19:10 02/11/2010]

Macromedia d------ [19:55 06/05/2009]

Malwarebytes d------ [14:03 05/08/2010]

Media Center Programs d------ [09:14 06/05/2009]

Microsoft d---s-- [09:14 06/05/2009]

Mozilla d------ [15:45 26/07/2010]

Nero d------ [11:20 04/09/2010]

OnlineArmor d------ [22:51 07/08/2010]

Personal d------ [10:12 03/05/2010]

Reallusion d------ [16:02 09/05/2009]

Roxio d------ [17:10 10/05/2009]

Skype d------ [22:05 07/05/2009]

skypePM d------ [22:07 07/05/2009]

SolidWorks d------ [08:11 04/09/2010]

Spotify d------ [20:03 23/05/2009]

SUPERAntiSpyware.com d------ [08:37 08/08/2010]

Template d------ [09:46 18/05/2009]

Tific d------ [22:40 26/08/2010]

U3 d------ [21:40 08/03/2010]

uTorrent d------ [21:13 10/08/2010]

vlc d------ [17:32 09/12/2010]

Western Digital d------ [10:15 12/06/2010]

Winamp d------ [18:46 25/05/2009]

 

========== file ==========

 

-= EOF =-

[Mats H]

Hej,

har du gjort några inställningar i din brandvägg som skulle kunna orsaka de blockeringar du skrev om i inlägg 1?

 

Internet Explorer:

Verktyg, Internetalternativ, fliken Anslutningar, sedan knappen LAN-inställningar, markera ur/ta bort allt som har med proxy att göra. Tryck sedan i på Avancerat i LAN-inställningarna och rensa bort värdena, bekräfta i varje flik så att du backat dig tillbaka till fliken Anslutningar, där du trycker OK och Verkställ.

 

Mvh

Mats H

[tobi]

Hej igen!

 

har inte gjort några speciella inställningar, eller snarare har jag inte medvetet gjort några förändringar som skulle kunna blockera ngt. Kanske har jag klickat på "block" när jag fått frågan om jag vill tillåta att ngt visst program körs. Det kan ju ligga och störa förstås, om det ständigt blockeras då det kan vara ett uppdateringsprogram eller annat. Kanske?

 

En annan sak som jag inte kommit underfund med är att vid uppstart säger datorn att det saknas drivrutiner till ett program och jag får klicka bort windows vanliga uppdateringsprogram 5ggr. Det är drivrutiner till Online Armor Miniport som den sedan några veckor säger att det saknas drivrutiner till. Har provat att söka drivrutinerna på nätet,automatiskt, men det går inte, och på online armors hemsida försökte jag regga mig för att ställa fråga i support forum, men de hade fel på registreringsfunktionen då. Ska prova den vägen igen.

 

Samtidigt så känns det konstigt om det skulle ha sådan inverkan på mitt problem?

 

Tack för all hjälp, uppskattas enormt mycket att få hjälp den här vägen!

[Mats H]

Hej,

avinstallera din brandvägg helt, och installera om den, och se om problemet kvarstår.

Inaktivera följande Insticksmoduler i Firefox:

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

 

Uppdatera din Java, avinstallera version 6 Update 21 via Kontrollpanelen\Program, installera sedan version 6 Update 23, hittas här: http://www.java.com/sv/

 

Mvh

Mats H