Just nu i M3-nätverket
Jump to content

Kan inte spara HJT-logg?


mrcreosote

Recommended Posts

Min tjejs dator är seg och hänger sig, jag laddade ner HJT och körde, tänkte ni kunde få kika på en logg, men det går inte att spara en logg!! Notepad öppnas tom, (det går inte att hitta xxxx.log, vill du skapa en ny? JA, men händer inget. HJT säger även nåt om denied rights to access hosts file när man öppnar programmet.

 

Hjälp?

Link to comment
Share on other sites

Numera har vi lämnat HijackThis och i stället övergått till DDS eftersom den visar mer. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites

HEj och tack, jag såg det sen att ni bytt till DSS efter jag skrev det där, sorry, jag har inte varit här på länge. Då kommer de här:

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by lemi01 at 12:45:02,26 on 2011-01-23

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.1789.803 [GMT 1:00]

 

AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}

SP: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

 

============== Running Processes ===============

 

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskhost.exe

C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\F-Secure\Common\FSHDLL32.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Family Safety\fsui.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files\F-Secure\ORSP Client\fsorsp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\servicing\TrustedInstaller.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\Users\lemi01\Desktop\dds.scr

C:\windows\system32\conhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_SE&c=92&bd=all&pf=cmnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_SE&c=92&bd=all&pf=cmnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_SE&c=92&bd=all&pf=cmnb

uURLSearchHooks: H - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure\nrs\iescript\baselitmus.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure\nrs\iescript\baselitmus.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun

StartupFolder: c:\users\lemi01\appdata\roaming\micros~1\windows\startm~1\programs\startup\sticky~1.lnk - c:\windows\system32\StikyNot.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\lemi01\appdata\roaming\mozilla\firefox\profiles\115isdpn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=

FF - component: c:\program files\f-secure\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll

FF - component: c:\users\lemi01\appdata\roaming\mozilla\firefox\profiles\115isdpn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\lemi01\appdata\roaming\mozilla\firefox\profiles\115isdpn.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program files\f-secure\nrs\litmus-ff@f-secure.com

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

 

============= SERVICES / DRIVERS ===============

 

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-8-3 42664]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-16 64288]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2010-8-3 72520]

R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-8-3 37832]

R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-8-3 72840]

R1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2010-8-3 14504]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-10 214024]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe [2010-6-15 81920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-4 176128]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2010-8-3 221864]

R2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-14 39272]

R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-9-10 635416]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-15 29472]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-9-10 228408]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2010-8-3 130728]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2010-8-3 63992]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-4 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2009-9-10 79816]

S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2009-9-10 35272]

S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2009-9-10 34248]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-16 1343400]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2010-8-3 41896]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2010-8-3 27304]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

 

=============== Created Last 30 ================

 

2011-01-23 11:16:10 388096 ----a-r- c:\users\lemi01\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-01-23 10:35:59 -------- d-----w- c:\program files\Trend Micro

2011-01-22 16:31:29 -------- d-----w- c:\users\lemi01\appdata\local\{C39312C5-A62E-4385-BC75-B18F87DF4B26}

2011-01-21 23:24:12 -------- d-----w- c:\users\lemi01\appdata\local\{BE358750-7BCE-401B-8E70-E8E01A8C24CC}

2011-01-21 23:13:33 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-01-21 23:12:50 -------- d-----w- c:\program files\Lavasoft

2011-01-21 22:16:21 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{cdf224c7-ff85-49fe-a7ff-07e5c9473e9b}\mpengine.dll

2011-01-21 22:11:35 -------- d-----w- c:\users\lemi01\appdata\local\{2A18EA17-3344-485C-BEE4-BB8E143FA236}

2011-01-21 22:10:59 -------- d-----w- c:\progra~2\PDFC

2011-01-21 07:05:03 -------- d-----w- c:\users\lemi01\appdata\local\{5E96B1BC-A937-44D1-B6A5-A6B292EF2508}

2011-01-21 06:59:49 -------- d-----w- c:\users\lemi01\appdata\local\{F4CF1929-7D7A-419A-8549-2674B498B293}

2011-01-20 08:18:44 -------- d-----w- c:\users\lemi01\appdata\local\{E8126705-9AC8-46E5-A647-120AF16C5AC3}

2011-01-19 20:14:40 -------- d-----w- c:\users\lemi01\appdata\local\{5F38FBCD-B8A4-4BCA-A4C3-49E3070C3C2A}

2011-01-19 08:14:13 -------- d-----w- c:\users\lemi01\appdata\local\{E2C200E2-B61C-4AED-9AAE-3BEEA9B3C5FE}

2011-01-18 19:53:38 -------- d-----w- C:\AMD

2011-01-17 16:12:17 -------- d-----w- c:\users\lemi01\appdata\local\{470FDCA7-E0D1-4C4F-8615-9ED995ECC3D6}

2011-01-16 23:39:46 -------- d-----w- c:\users\lemi01\appdata\local\{3B41AE00-3CE0-4F10-834D-FF16F4C4A3B3}

2011-01-16 11:39:20 -------- d-----w- c:\users\lemi01\appdata\local\{AE74FABE-0FDA-4A15-B698-C88352C065FA}

2011-01-15 23:38:53 -------- d-----w- c:\users\lemi01\appdata\local\{7ED24CB0-2EE8-4E33-AE77-01FFFD29A22D}

2011-01-15 09:50:35 -------- d-----w- c:\users\lemi01\appdata\local\{9CB34A9D-A4B5-4A34-8C20-78D97AD81196}

2011-01-14 14:44:10 -------- d-----w- c:\users\lemi01\appdata\local\{06C122FF-EC19-4AD9-B6A6-2777CB163CA8}

2011-01-14 11:21:00 -------- d-----w- c:\users\lemi01\appdata\local\{6C78AEC1-3538-4E13-9EB8-587AA1BFFEAF}

2011-01-13 16:36:28 -------- d-----w- c:\users\lemi01\appdata\local\{9F88EB94-3354-4079-ADF0-B4282EE88B60}

2011-01-13 16:29:46 -------- d-----w- c:\windows\sv

2011-01-13 16:24:54 -------- d-----w- c:\program files\Microsoft

2011-01-13 16:22:34 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2011-01-13 16:22:29 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-01-13 16:21:21 469256 ----a-w- c:\program files\common files\windows live\.cache\e631b2371cbb33d04\InstallManager_WLE_WLE.exe

2011-01-13 16:20:58 15712 ----a-w- c:\program files\common files\windows live\.cache\dbfa06c91cbb33d03\MeshBetaRemover.exe

2011-01-12 21:06:06 573440 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 21:06:01 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll

2011-01-12 21:06:00 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll

2011-01-04 22:07:47 -------- d-----w- c:\users\lemi01\appdata\local\Google

2010-12-30 22:25:49 -------- d-----w- c:\program files\uTorrent

 

==================== Find3M ====================

 

2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-10 01:54:18 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-11-10 01:28:46 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll

2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll

2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll

2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll

2010-10-27 20:27:36 574632 ----a-w- c:\windows\system32\msvcp50.dll

2010-10-27 12:28:46 11320 ----a-w- c:\windows\help\oem\scripts\HPSARedirectorLauncher.exe

2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

 

=================== ROOTKIT ====================

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: Hitachi_HTS723216L9A360 rev.FC2OC60D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: >>UNKNOWN [0x82A4B000]<< >>UNKNOWN [0x88600000]<< >>UNKNOWN [0x893B2000]<< >>UNKNOWN [0x8862A000]<< >>UNKNOWN [0x82A14000]<< >>UNKNOWN [0x88906000]<< >>UNKNOWN [0x88771000]<< >>UNKNOWN [0x88988000]<< >>UNKNOWN [0x89229000]<< >>UNKNOWN [0x91E37000]<< >>UNKNOWN [0x8F0B8000]<< >>UNKNOWN [0xA8E0A000]<< >>UNKNOWN [0x8F099000]<< >>UNKNOWN [0x89423000]<< >>UNKNOWN [0x892E0000]<< >>UNKNOWN [0x889BE000]<< >>UNKNOWN [0x8F038000]<<

_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }

1 ntkrnlpa!IofCallDriver[0x82A87458] -> \Device\Harddisk0\DR0[0x85D18030]

\Driver\Disk[0x85D17D18] -> IRP_MJ_CREATE -> 0x8860439F

3 [0x8860459E] -> ntkrnlpa!IofCallDriver[0x82A87458] -> [0x85815898]

\Driver\ACPI[0x84F3F1B8] -> IRP_MJ_CREATE -> 0x886334AA

5 [0x886333B2] -> ntkrnlpa!IofCallDriver[0x82A87458] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85CE9908]

\Driver\atapi[0x8581F588] -> IRP_MJ_CREATE -> 0x889208C4

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

 

============= FINISH: 12:50:08,93 ===============

Link to comment
Share on other sites

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Link to comment
Share on other sites

Jag har varit duktig och gjort precis som du sade, med brandväggen och allting.

Logg kommer här:

 

ComboFix 11-01-22.03 - lemi01 2011-01-23 14:05:19.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.1789.932 [GMT 1:00]

Körs från: c:\users\lemi01\Desktop\ComboFix.exe

AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}

FW: F-Secure Internet Security 2011 10.51 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-12-23 till 2011-01-23 ))))))))))))))))))))))))))))))

.

 

2011-01-23 13:13 . 2011-01-23 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-23 11:16 . 2011-01-23 11:16 388096 ----a-r- c:\users\lemi01\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-23 10:35 . 2011-01-23 10:35 -------- d-----w- c:\program files\Trend Micro

2011-01-22 16:31 . 2011-01-23 09:07 -------- d-----w- c:\users\lemi01\AppData\Local\{C39312C5-A62E-4385-BC75-B18F87DF4B26}

2011-01-21 23:24 . 2011-01-21 23:25 -------- d-----w- c:\users\lemi01\AppData\Local\{BE358750-7BCE-401B-8E70-E8E01A8C24CC}

2011-01-21 23:13 . 2011-01-21 23:13 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-01-21 23:12 . 2011-01-21 23:12 -------- d-----w- c:\program files\Lavasoft

2011-01-21 22:16 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDF224C7-FF85-49FE-A7FF-07E5C9473E9B}\mpengine.dll

2011-01-21 22:11 . 2011-01-21 22:11 -------- d-----w- c:\users\lemi01\AppData\Local\{2A18EA17-3344-485C-BEE4-BB8E143FA236}

2011-01-21 22:10 . 2011-01-21 22:10 -------- d-----w- c:\programdata\PDFC

2011-01-21 07:05 . 2011-01-21 07:05 -------- d-----w- c:\users\lemi01\AppData\Local\{5E96B1BC-A937-44D1-B6A5-A6B292EF2508}

2011-01-21 06:59 . 2011-01-21 06:59 -------- d-----w- c:\users\lemi01\AppData\Local\{F4CF1929-7D7A-419A-8549-2674B498B293}

2011-01-20 08:18 . 2011-01-20 08:19 -------- d-----w- c:\users\lemi01\AppData\Local\{E8126705-9AC8-46E5-A647-120AF16C5AC3}

2011-01-19 20:14 . 2011-01-19 20:14 -------- d-----w- c:\users\lemi01\AppData\Local\{5F38FBCD-B8A4-4BCA-A4C3-49E3070C3C2A}

2011-01-19 08:14 . 2011-01-19 08:14 -------- d-----w- c:\users\lemi01\AppData\Local\{E2C200E2-B61C-4AED-9AAE-3BEEA9B3C5FE}

2011-01-18 19:53 . 2011-01-18 19:53 -------- d-----w- C:\AMD

2011-01-17 16:12 . 2011-01-18 16:13 -------- d-----w- c:\users\lemi01\AppData\Local\{470FDCA7-E0D1-4C4F-8615-9ED995ECC3D6}

2011-01-16 23:39 . 2011-01-16 23:39 -------- d-----w- c:\users\lemi01\AppData\Local\{3B41AE00-3CE0-4F10-834D-FF16F4C4A3B3}

2011-01-16 11:39 . 2011-01-16 11:39 -------- d-----w- c:\users\lemi01\AppData\Local\{AE74FABE-0FDA-4A15-B698-C88352C065FA}

2011-01-15 23:38 . 2011-01-15 23:39 -------- d-----w- c:\users\lemi01\AppData\Local\{7ED24CB0-2EE8-4E33-AE77-01FFFD29A22D}

2011-01-15 09:50 . 2011-01-15 09:52 -------- d-----w- c:\users\lemi01\AppData\Local\{9CB34A9D-A4B5-4A34-8C20-78D97AD81196}

2011-01-14 14:44 . 2011-01-14 14:44 -------- d-----w- c:\users\lemi01\AppData\Local\{06C122FF-EC19-4AD9-B6A6-2777CB163CA8}

2011-01-14 11:21 . 2011-01-14 11:21 -------- d-----w- c:\users\lemi01\AppData\Local\{6C78AEC1-3538-4E13-9EB8-587AA1BFFEAF}

2011-01-13 16:36 . 2011-01-13 16:36 -------- d-----w- c:\users\lemi01\AppData\Local\{9F88EB94-3354-4079-ADF0-B4282EE88B60}

2011-01-13 16:29 . 2011-01-13 16:29 -------- d-----w- c:\windows\sv

2011-01-13 16:24 . 2011-01-15 11:17 -------- d-----w- c:\program files\Microsoft

2011-01-13 16:22 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2011-01-13 16:22 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-01-13 16:21 . 2011-01-13 16:21 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e631b2371cbb33d04\InstallManager_WLE_WLE.exe

2011-01-13 16:20 . 2011-01-13 16:20 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\dbfa06c91cbb33d03\MeshBetaRemover.exe

2011-01-12 21:06 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 21:06 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-12 21:06 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-04 22:07 . 2011-01-05 19:08 -------- d-----w- c:\users\lemi01\AppData\Local\Google

2011-01-04 22:07 . 2011-01-04 22:08 -------- d-----w- c:\program files\Google

2011-01-03 12:10 . 2011-01-03 12:10 -------- d-----w- c:\windows\Sun

2010-12-30 22:25 . 2011-01-14 11:36 -------- d-----w- c:\program files\uTorrent

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-15 20:46 . 2010-08-03 19:20 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-12-03 09:05 . 2010-09-16 16:25 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-11-12 17:53 . 2010-06-19 17:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-10 01:54 . 2010-11-10 01:54 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-11-10 01:28 . 2010-11-10 01:28 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-11-06 22:18 . 2010-09-16 16:25 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-11-04 05:52 . 2010-12-15 09:19 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:48 . 2010-12-15 09:19 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41 . 2010-12-15 09:19 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08 . 2010-12-15 09:19 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-02 04:41 . 2010-12-15 09:19 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40 . 2010-12-15 09:19 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40 . 2010-12-15 09:19 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39 . 2010-12-15 09:19 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:34 . 2010-12-15 09:19 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34 . 2010-12-15 09:19 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-10-27 20:29 . 2010-08-03 19:20 37832 ----a-w- c:\windows\system32\drivers\fses.sys

2010-10-27 20:29 . 2010-08-03 19:20 72840 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2010-10-27 20:27 . 2010-10-27 20:31 574632 ----a-w- c:\windows\system32\msvcp50.dll

2010-10-27 12:28 . 2010-10-27 12:28 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe

2010-10-27 04:32 . 2010-12-15 09:20 2048 ----a-w- c:\windows\system32\tzres.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-14 395640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2010-10-27 201384]

"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2010-10-27 1655464]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-09-22 884584]

 

c:\users\lemi01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Sticky Notes.lnk - c:\windows\system32\StikyNot.exe [2009-7-14 354304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]

2009-06-18 16:07 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-12-03 15:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-01-14 11:36 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 136176]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-21 1402272]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2010-12-20 63992]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2010-10-27 41896]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2010-10-27 27304]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2010-10-27 72520]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-10-27 37832]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-10-27 72840]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-10-27 14504]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2010-12-01 130728]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2011-01-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 23:15]

 

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 22:07]

 

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 22:07]

 

2011-01-15 c:\windows\Tasks\HPCeeScheduleForlemi01.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_SE&c=92&bd=all&pf=cmnb

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

FF - ProfilePath - c:\users\lemi01\AppData\Roaming\Mozilla\Firefox\Profiles\115isdpn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program files\F-Secure\NRS\litmus-ff@f-secure.com

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Sluttid: 2011-01-23 14:16:05

ComboFix-quarantined-files.txt 2011-01-23 13:16

 

Före genomsökningen: 83 012 247 552 byte ledigt

Efter genomsökningen: 82 927 861 760 byte ledigt

 

- - End Of File - - 60C6694B8A20D231BD49B07E728BB261

Link to comment
Share on other sites

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

 

Klicka på Start Scan.

 

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

 

Stäng av alla antivirusprogram etc precis som innan ComboFix och kör sedan DDS. Klistra in DDS.txt

Link to comment
Share on other sites

Firefox - Verktyg - Tillägg

Titta på alla flikarna där om du hittar "uTorrentBar Community Toolbar". I så fall avinstallerar du det om möjligt och annars inaktiverar det. Starta om Firefox.

 

Det finns rester kvar av McAfee antivirusprogram i datorn. Använd deras särskilda städprogram MCPR enligt anvisningarna på http://service.mcafee.com/FAQDocument.aspx?id=TS100507

 

Kopiera alla rader i rutan:

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uURLSearchHooks: H - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Killall::
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix, dvs stäng av allt inklusive F-secure och Ad-Aware.

Kör DDS.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut från ComboFix samt DDS.txt från körningen nyss.

Link to comment
Share on other sites

Det står att jag ska avinstallera mcafee, men det finns inget sånt i listan över installerade program i kontrollpanelen?

Link to comment
Share on other sites

Menar du att ComboFix tycker att du ska avinstallera McAfee? Har du startat om datorn efter att du körde MCPR?

Link to comment
Share on other sites

  • 2 weeks later...

efter mycket om och men tror jag att jag lyckats göra som du beskriver. Men verkar det finnas nåt skit i datorn eller? jag bifogar dds loggen separat.

 

combofix logg:

 

ComboFix 11-01-31.02 - lemi01 2011-02-05 11:40:53.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.1789.739 [GMT 1:00]

Körs från: c:\users\lemi01\Downloads\ComboFix.exe

Använda kommandoväxlar :: c:\users\lemi01\Desktop\CFScript.txt

AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}

FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((( Filer Skapade från 2011-01-05 till 2011-02-05 ))))))))))))))))))))))))))))))

.

 

2011-02-05 10:48 . 2011-02-05 10:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-05 09:28 . 2011-02-05 09:29 -------- d-----w- c:\users\lemi01\AppData\Local\{F04D1032-C63D-451E-ACB7-08D044D6C0F9}

2011-02-04 14:31 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41D8DE5B-16F6-4606-9951-9DD61881013C}\mpengine.dll

2011-02-04 14:27 . 2011-02-04 14:28 -------- d-----w- c:\users\lemi01\AppData\Local\{F84DC07C-6B51-43E1-8BA5-5C8FE271BE84}

2011-02-03 08:16 . 2011-02-03 08:16 -------- d-----w- c:\users\lemi01\AppData\Local\{CC1427D6-1A7A-4BBE-A8E9-62C76998B000}

2011-02-02 10:56 . 2011-02-02 10:56 -------- d-----w- c:\users\lemi01\AppData\Local\{A3D8157A-EA7C-45ED-A05A-0C36C536E7BB}

2011-02-01 20:55 . 2011-02-01 20:55 -------- d-----w- c:\users\lemi01\AppData\Local\{9662A3D7-B993-44CC-8A14-277B7AC507D6}

2011-02-01 08:54 . 2011-02-01 08:54 -------- d-----w- c:\users\lemi01\AppData\Local\{B09FB012-E4F0-442A-9070-58F468A947F9}

2011-02-01 08:51 . 2011-02-01 08:51 -------- d-----w- c:\users\lemi01\AppData\Local\{A2C8DA6A-0395-4AB3-923E-A4E991015315}

2011-01-31 10:34 . 2011-01-31 10:35 -------- d-----w- c:\users\lemi01\AppData\Local\{7AC93E1E-39DC-432B-B685-C3547EFA117F}

2011-01-30 19:21 . 2011-01-30 19:21 -------- d-----w- c:\users\lemi01\AppData\Local\{DAB13995-019B-47E6-AA0D-BE6B57027AE6}

2011-01-29 17:40 . 2011-01-30 07:21 -------- d-----w- c:\users\lemi01\AppData\Local\{4BEA751E-A043-46B7-9172-92B4F84C7AAA}

2011-01-28 16:48 . 2011-01-28 16:49 -------- d-----w- c:\users\lemi01\AppData\Local\{0AB67695-CD35-433A-AE17-191D355EF10B}

2011-01-27 10:50 . 2011-01-27 10:50 -------- d-----w- c:\users\lemi01\AppData\Local\{C0F12303-6B66-45D0-B6C8-D07C119F7A7D}

2011-01-26 18:36 . 2011-01-26 18:36 -------- d-----w- c:\users\lemi01\AppData\Local\{0DA7ACE7-486E-40F5-A1E8-1CDE3C8DC8B7}

2011-01-26 16:00 . 2011-01-26 16:00 -------- d-----w- c:\users\lemi01\AppData\Local\{20ADC9F2-C3B9-4A0A-9608-29E9B990F297}

2011-01-25 06:11 . 2011-01-25 06:12 -------- d-----w- c:\users\lemi01\AppData\Local\{41DA5CC7-68BD-4B91-A390-B8A41F08B37A}

2011-01-24 13:02 . 2011-01-24 13:02 -------- d-----w- c:\users\lemi01\AppData\Local\{14FBEFDE-390E-4035-BBC2-B5DE1482CAA5}

2011-01-23 21:07 . 2011-01-23 21:07 -------- d-----w- c:\users\lemi01\AppData\Local\{42BFCE17-0E0A-4F14-9531-EC361FD26756}

2011-01-23 10:35 . 2011-01-23 10:35 -------- d-----w- c:\program files\Trend Micro

2011-01-22 16:31 . 2011-01-23 09:07 -------- d-----w- c:\users\lemi01\AppData\Local\{C39312C5-A62E-4385-BC75-B18F87DF4B26}

2011-01-21 23:24 . 2011-01-21 23:25 -------- d-----w- c:\users\lemi01\AppData\Local\{BE358750-7BCE-401B-8E70-E8E01A8C24CC}

2011-01-21 23:13 . 2011-01-21 23:13 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-01-21 23:12 . 2011-01-21 23:12 -------- d-----w- c:\program files\Lavasoft

2011-01-21 22:11 . 2011-01-21 22:11 -------- d-----w- c:\users\lemi01\AppData\Local\{2A18EA17-3344-485C-BEE4-BB8E143FA236}

2011-01-21 22:10 . 2011-02-04 14:28 -------- d-----w- c:\programdata\PDFC

2011-01-21 07:05 . 2011-01-21 07:05 -------- d-----w- c:\users\lemi01\AppData\Local\{5E96B1BC-A937-44D1-B6A5-A6B292EF2508}

2011-01-21 06:59 . 2011-01-21 06:59 -------- d-----w- c:\users\lemi01\AppData\Local\{F4CF1929-7D7A-419A-8549-2674B498B293}

2011-01-20 08:18 . 2011-01-20 08:19 -------- d-----w- c:\users\lemi01\AppData\Local\{E8126705-9AC8-46E5-A647-120AF16C5AC3}

2011-01-19 20:14 . 2011-01-19 20:14 -------- d-----w- c:\users\lemi01\AppData\Local\{5F38FBCD-B8A4-4BCA-A4C3-49E3070C3C2A}

2011-01-19 08:14 . 2011-01-19 08:14 -------- d-----w- c:\users\lemi01\AppData\Local\{E2C200E2-B61C-4AED-9AAE-3BEEA9B3C5FE}

2011-01-18 19:53 . 2011-01-18 19:53 -------- d-----w- C:\AMD

2011-01-17 16:12 . 2011-01-18 16:13 -------- d-----w- c:\users\lemi01\AppData\Local\{470FDCA7-E0D1-4C4F-8615-9ED995ECC3D6}

2011-01-16 23:39 . 2011-01-16 23:39 -------- d-----w- c:\users\lemi01\AppData\Local\{3B41AE00-3CE0-4F10-834D-FF16F4C4A3B3}

2011-01-16 11:39 . 2011-01-16 11:39 -------- d-----w- c:\users\lemi01\AppData\Local\{AE74FABE-0FDA-4A15-B698-C88352C065FA}

2011-01-15 23:38 . 2011-01-15 23:39 -------- d-----w- c:\users\lemi01\AppData\Local\{7ED24CB0-2EE8-4E33-AE77-01FFFD29A22D}

2011-01-15 09:50 . 2011-01-15 09:52 -------- d-----w- c:\users\lemi01\AppData\Local\{9CB34A9D-A4B5-4A34-8C20-78D97AD81196}

2011-01-14 14:44 . 2011-01-14 14:44 -------- d-----w- c:\users\lemi01\AppData\Local\{06C122FF-EC19-4AD9-B6A6-2777CB163CA8}

2011-01-14 11:21 . 2011-01-14 11:21 -------- d-----w- c:\users\lemi01\AppData\Local\{6C78AEC1-3538-4E13-9EB8-587AA1BFFEAF}

2011-01-13 16:36 . 2011-01-13 16:36 -------- d-----w- c:\users\lemi01\AppData\Local\{9F88EB94-3354-4079-ADF0-B4282EE88B60}

2011-01-13 16:29 . 2011-01-13 16:29 -------- d-----w- c:\windows\sv

2011-01-13 16:24 . 2011-01-15 11:17 -------- d-----w- c:\program files\Microsoft

2011-01-13 16:22 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2011-01-13 16:22 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-01-13 16:21 . 2011-01-13 16:21 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e631b2371cbb33d04\InstallManager_WLE_WLE.exe

2011-01-13 16:20 . 2011-01-13 16:20 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\dbfa06c91cbb33d03\MeshBetaRemover.exe

2011-01-12 21:06 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 21:06 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-12 21:06 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-15 20:46 . 2010-08-03 19:20 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-12-03 09:05 . 2010-09-16 16:25 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-11-12 17:53 . 2010-06-19 17:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-10 01:54 . 2010-11-10 01:54 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-11-10 01:28 . 2010-11-10 01:28 301936 ----a-w- c:\windows\WLXPGSS.SCR

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-14 395640]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2010-10-27 201384]

"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2010-10-27 1655464]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-09-22 884584]

 

c:\users\lemi01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Sticky Notes.lnk - c:\windows\system32\StikyNot.exe [2009-7-14 354304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]

2009-06-18 16:07 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-12-03 15:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-01-14 11:36 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 136176]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2010-10-27 41896]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2010-10-27 27304]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2010-10-27 72520]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-10-27 37832]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-10-27 72840]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-10-27 14504]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-21 1402272]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2010-12-01 130728]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2010-12-20 63992]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 22:07]

 

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 22:07]

 

2011-01-15 c:\windows\Tasks\HPCeeScheduleForlemi01.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]

.

.

------- Extra genomsökning -------

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_SE&c=92&bd=all&pf=cmnb

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL

FF - ProfilePath - c:\users\lemi01\AppData\Roaming\Mozilla\Firefox\Profiles\115isdpn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program files\F-Secure\NRS\litmus-ff@f-secure.com

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

SafeBoot-Wdf01000.sys

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'Explorer.exe'(3048)

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe

c:\windows\system32\atieclxx.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\LSI SoftModem\agrsmsvc.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\F-Secure\Anti-Virus\fsgk32st.exe

c:\program files\F-Secure\Common\FSMA32.EXE

c:\program files\F-Secure\Anti-Virus\FSGK32.EXE

c:\program files\Windows Live\Family Safety\fsssvc.exe

c:\windows\system32\taskhost.exe

c:\program files\F-Secure\Common\FSHDLL32.EXE

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\F-Secure\FWES\Program\fsdfwd.exe

c:\program files\F-Secure\Anti-Virus\fssm32.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\conhost.exe

c:\program files\F-Secure\Anti-Virus\fsav32.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Sluttid: 2011-02-05 11:55:46 - datorn startades om.

ComboFix-quarantined-files.txt 2011-02-05 10:55

ComboFix2.txt 2011-01-23 13:16

 

Före genomsökningen: 72 904 818 688 byte ledigt

Efter genomsökningen: 72 819 298 304 byte ledigt

 

- - End Of File - - 2E1708CE9B06CA7D6F129861D9D30883

Link to comment
Share on other sites

En del kvar i Firefox fortfarande. I Firefox adressfält skriver du in:

 

about:config

 

Leta upp raden:

 

browser.search.defaulturl

 

Högerklicka på den och välj Återställ.

 

Firefox - Verktyg - Tillägg - Insticksmoduler

Inaktivera alla Java som inte hör ihop med senaste versionen.

Link to comment
Share on other sites

Enligt ComboFix-loggen finns det fyra versioner av Java i Firefox:

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

 

Men om du bara ser den senaste, 6.0.230.5, där så är det inte mycket att göra, fast äldre versioner innebär säkerhetsproblem.

 

Hur gick det med DDS-loggarna?

 

Observera att senaste versionerna av Ad-Aware innehåller ett antivirusprogram och därför ska inte Ad-Aware vara igång när du har F-secure igång, dvs Ad-Watch ska vara inaktiverat, för att inte orsaka konstiga konflikter.

och vad har du sett för saker i alla loggar då?
Menar du vad för sorts typ av skadliga filer som du lät ComboFix ta bort?
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...