Virus-problematik

[Gallskrik1]

Mors !

Satt o surftade runt i det stora blå igår , varvid det dyker upp en ruta i nedre högra hörnet,

i form aven anti-virus scan , som tydligen hittade allt o inget o mer därtill , kort efter , vad jag än försökte

göra , ctrl + alt + del , komma åt kärnprocessen för "pop-up'en" , så stängdes de rutorna ner o jag fick som svar

"process terminated" , startade jag explorer stängdes det o enl pop'uperna att tyda var domedagen på god frammarsch ..

stängde av datorn o startade om samma sak oavsett vad jag försökte starta eller klicka på från aktivitetshanteraren till IE .

Startade om , körde i felsäkert o då hände inget eftersom nätet låg nere , gick in o kollade under autostartprocesser o hittade något som verkade skumt ;

Startobjekt ; bphcgnxo

Tillverkare ; Okänd

Kommando; C:\User\AppData\Local\Temp\oysrodufo\bmctbihsjmo.exe

Plats; HKCU\SOFTWARE\Microsoft\Windows\Currentversion\Run

 

Bockade av det att det inte skulle köras som autostart o startade om , då gick det bra , problemet försvann men ändå inte .

Internet explorer fungerar inte för fem öre o likaså msn , Firefox , netscape osv fungerar utan några som helst problem.

Körde full scan med AVG tidigare o fick upp diverse som hamnade i "karantän" eller togs bort när det inte var en möjlighet ,

ändå ligger processen kvar o lurar fast den inte körs o det är väl antagligen skälet till att programmen inte fungerar som det ska .. Någon som har en lösning på vart jag ska börja nysta ?Sitter med 64bitars versionen av Vista home prem , om det gör till eller ifrån .

 

Vore väldigt tacksam för alla tankar o ideer . Mvh .

[Sim0n]

Låter som att det är ett rootkit. Jag fick något liknande för några veckor sedan, men jag formaterade bara om datorn, sen försvann det.

 

Prova F-secure och avast. Någon av dom borde fixa problemet.

[Gallskrik1]

Saken är ju den att jag inte vill behöva formatera , annars hade jag gjort den kalkylen själv

Laddade hem F-secures Balcklight som tydligen är till för just vidriga bakgrundprocesser , o när jag ska installera det snubblar jag över ett problem till detta har dragit med sig , står inte längre som administratör , vilket gör det helt mycket roligare , så , hur o vad o när gör jag ?

mvh.

[Cecilia]

Det vore bra om du kunde leta upp loggen i AVG som visar vad programmet hittade och tog bort, för mer information gör det lättare att föreslå rätt åtgärd. Klistra in loggen i ditt svar.

 

Vi kan se vad DDS visar till att börja med för det ger en överblick över datorn. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil (klicka på "Använd full redigerare").

 

Efter det så ska det gå bättre att veta vilket borttagningsprogram som fungerar bäst.

[Gallskrik1]

Testade att ladda hem Malwarebytes o körde en snabbscanning då den hittade o åtgärdade en rad problem .

Startade om datorn o nu fungerar jag som admin , IE fungerar + msn o inget strul så att säga kan dock bifoga loggen ;

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databasversion: 5597

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

 

2011-01-25 18:10:28

mbam-log-2011-01-25 (18-10-28).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 182878

Förfluten tid: 10 minut(er), 41 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 4

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 1

Infekterade filer: 7

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

 

HKEY_CLASSES_ROOT\CLSID\{F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} (Trojan.Banker) -> Quarantined and deleted successfully.

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F22C37FD-2BCB-40B6-A12E-77DDA1FBDD88} (Trojan.Banker) -> Quarantined and deleted successfully.

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F22C37FD-2BCB-40B6-A12E-77DDA1FBDD88} (Trojan.Banker) -> Quarantined and deleted successfully.

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F22C37FD-2BCB-40B6-A12E-77DDA1FBDD88} (Trojan.Banker) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

 

c:\Users\pehr\AppData\Roaming\microsoft\Windows\start menu\Programs\WinZix (Trojan.Swizzor) -> Quarantined and deleted successfully.

 

Infekterade filer:

c:\Users\pehr\AppData\Roaming\acroiehelpe021.dll (Trojan.Banker) -> Quarantined and deleted successfully.

 

c:\Users\pehr\AppData\Local\Temp\11966007430.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

 

c:\Users\pehr\local settings\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

c:\Users\pehr\local settings\application data\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

c:\Users\pehr\AppData\Roaming\microsoft\Windows\start menu\Programs\WinZix\HomePage.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.

 

c:\Users\pehr\AppData\Roaming\microsoft\Windows\start menu\Programs\WinZix\uninstall.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.

 

c:\Users\pehr\AppData\Roaming\microsoft\Windows\start menu\Programs\WinZix\WinZix.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.

 

Måste avsluta med att fråga , har kört AVG 9 innan , dock verkar det rätt värdelsöt då det inte redde ut röran , vad för program eller vilka kombinationer bör jag köra för att vara "säker"

 

Tack föresten både Simon o Cecilia för snabba svar o engagemanget , hatten av

mvh

[Cecilia]

Dels är AVG version 9 lite gammal, version 10 (årsmodell 2011) kom ut i höstas med nya förbättrade funktioner. Man behöver ha både antivirusprogram och anti-malware (antispionprogram) för att få ett mer komplett skydd samt gärna en del ytterligare men det kan vi ta när datorn är färdigrensad.

 

c:\Users\pehr\AppData\Roaming\acroiehelpe021.dll (Trojan.Banker) -> Quarantined

Det där är ett skadligt program som är ute efter att stjäla inloggningsuppgifter, framför allt till banker men även till andra webbplatser. Du bör kontakta banken och från en garanterat ren dator byta alla andra lösenord.

http://www.f-secure.com/v-descs/trojan-spy_w32_banker_jag.shtml

 

Med tanke på vad som hittades i datorn rekommenderar jag ytterligare kontroller och då DDS till att börja med.

[Gallskrik1]

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by pehr at 19:47:35,14 on 2011-01-25

Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_20

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2046.684 [GMT 1:00]

 

AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\AVG\AVG9\avgam.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\PixArt\PAC7302\Monitor.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\pehr\Desktop\dds.scr

C:\Windows\SysWOW64\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.superstart.se/

uInternet Settings,ProxyOverride = <local>

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [shell] C:\Users\pehr\AppData\Roaming\regeditlib32.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"

mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAUQBYADkAMwAtAFcAWQBaAEsAVwAtAEIARQAyAEYAUgAtAFEAWAA4AE0AQQAtAFAARQBNAEIAUgA"&"inst=NwA2AC0ANQAxADMANgA0ADQANgA3ADkALQBYAE8AMwA2ACsAMQAtAEQAMwA4ADEATAArADUALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AA"&"prod=54"&"ver=9.0.872

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - C:\Users\pehr\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {BF76EA03-1C82-4B73-A78C-530938ED23A9} = 195.67.199.36,192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

mRun-x64: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe

mRun-x64: [CmPCIaudio] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfg3.cpl,CMICtrlWnd

AppInit_DLLs-X64: avgrssta.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - C:\Users\pehr\AppData\Roaming\Mozilla\Firefox\Profiles\dciyr8i7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=

FF - prefs.js: browser.search.selectedEngine - Fast Browser Search

FF - prefs.js: browser.startup.homepage - hxxp://www.filmfix.se/news80.php

FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=13&tid={431575B2-1E27-252A-9716-65E11A4BD68C}&q=

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npWebLaunch.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: My Web Tattoo (Fast Browser Search): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

 

============= SERVICES / DRIVERS ===============

 

R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2011-1-25 56008]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-3-1 52856]

R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2011-1-25 269904]

R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2011-1-25 35536]

R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2011-1-25 317520]

R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2007-8-31 26624]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203264]

R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-1-25 308136]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-5-27 6856192]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-27 264192]

R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2009-2-18 41280]

R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WNDA31vx.sys [2008-3-18 524248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-2-4 27648]

S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-2-29 942080]

S3 Mupenmrpnssw;Mupenmrpnssw; [x]

S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2007-11-29 22528]

S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2007-11-29 17920]

S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2009-2-18 43328]

S3 PerfHost;Värd för prestandaräknar-DLL;C:\Windows\SysWOW64\perfhost.exe [2009-2-4 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-25 89920]

 

=============== File Associations ===============

 

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

 

=============== Created Last 30 ================

 

2011-01-25 16:58:31 -------- d-----w- C:\Users\pehr\AppData\Roaming\Malwarebytes

2011-01-25 16:58:13 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-25 16:58:13 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-01-25 16:58:09 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-01-25 16:58:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-25 09:28:01 -------- d--h--w- C:\$AVG

2011-01-25 08:51:14 13048 ----a-w- C:\Windows\System32\avgrssta.dll

2011-01-25 08:51:13 56008 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2011-01-25 08:51:12 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2011-01-25 08:51:08 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2011-01-25 08:51:06 35536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2011-01-25 08:51:05 -------- d-----w- C:\Windows\System32\drivers\Avg

2011-01-24 16:58:50 -------- d-----w- C:\AVG

2011-01-24 16:57:49 -------- d-----w- C:\Users\pehr\avg

2011-01-22 20:41:28 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-01-21 09:19:14 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F97834F2-CF3E-489C-83D6-F4E7310FBA86}\mpengine.dll

2011-01-20 21:02:46 -------- d-----w- C:\Users\pehr\AppData\Roaming\Visan

2011-01-20 21:02:46 -------- d-----w- C:\PROGRA~3\Visan

2011-01-20 20:56:10 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2011-01-20 20:55:34 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer

2011-01-20 20:55:28 -------- d-----w- C:\Program Files (x86)\HP Photo Creations

2011-01-20 20:55:28 -------- d-----w- C:\PROGRA~3\HP Photo Creations

2011-01-20 20:55:17 -------- d-----w- C:\Users\pehr\AppData\Roaming\HpUpdate

2011-01-20 20:54:22 361320 ------w- C:\Windows\System32\HPDiscoPM8e11.dll

2011-01-20 20:52:32 -------- d-----w- C:\Program Files (x86)\HP

2011-01-20 20:52:05 -------- d-----w- C:\Program Files\HP

2011-01-20 20:51:30 -------- d-----w- C:\Users\pehr\AppData\Local\HP

2011-01-19 03:58:53 -------- d-----w- C:\Download

2011-01-19 03:58:02 -------- d-----w- C:\tmpDownload

2011-01-19 03:57:37 -------- d-----w- C:\YoutubeMusicDownloader

2011-01-12 11:16:07 -------- d-----w- C:\Users\pehr\Scan

2010-12-27 18:00:46 -------- d-----w- C:\Users\pehr\AppData\Local\P5

2010-12-27 18:00:42 -------- d-----w- C:\Betsson

 

==================== Find3M ====================

 

2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll

2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll

2010-12-14 16:15:49 1251840 ----a-w- C:\Windows\System32\sdclt.exe

2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll

2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll

2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl

2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll

2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll

2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll

2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec

2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe

2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-10-28 16:29:18 48128 ----a-w- C:\Windows\System32\atmlib.dll

2010-10-28 15:44:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2010-10-28 14:05:21 367104 ----a-w- C:\Windows\System32\atmfd.dll

2010-10-28 13:56:57 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-10-28 13:27:47 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll

2010-10-28 13:20:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

 

============= FINISH: 19:48:18,48 ===============

[Cecilia]

1.

Spara SystemLook på Skrivbordet från en av dessa länkar:

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

Dubbelklicka på SystemLook-filen för att köra den.

 

Kopiera alla rader i rutan

:dir
C:\Windows\SysWow64\%APPDATA%
c:\Users\pehr\local settings\application data\
c:\Users\pehr\local settings
c:\Users\pehr\AppData\Roaming

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

 

2.

Ta fram Kommandotolken (Start - Program - Tillbehör) och skriv:

 

sc delete Mupenmrpnssw

 

Om det blir något felmeddelande så skriver du av det i ditt svar.

 

3.

Firefox - Verktyg - Tillägg

Leta efter "My Web Tattoo" på de olika flikarna. Avinstallera, eller om det inte går så inaktivera, det.

 

4.

Starta om datorn och klistra in en ny DDS-logg.

[Gallskrik1]

1.

 

SystemLook 04.09.10 by jpshortstuff

Log created at 10:44 on 29/01/2011 by pehr

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

 

========== dir ==========

 

C:\Windows\SysWow64\C:\Users\pehr\AppData\Roaming - Unable to find folder.

 

c:\Users\pehr\local settings\application data - Parameters: "(none)"

 

---Files---

None found.

 

---Folders---

None found.

 

c:\Users\pehr\local settings - Parameters: "(none)"

 

---Files---

None found.

 

---Folders---

None found.

 

c:\Users\pehr\AppData\Roaming - Parameters: "(none)"

 

---Files---

AcroIEHelpe.dll --a---- 212304 bytes [17:05 17/10/2010] [17:05 17/10/2010]

AcroIEHelpe.txt --a---- 65 bytes [17:05 17/10/2010] [17:18 18/10/2010]

dciyr8i7.default.dat --a---- 5120 bytes [17:03 17/10/2010] [17:18 18/10/2010]

dciyr8i7.default.tmp --a---- 0 bytes [18:23 18/10/2010] [18:23 18/10/2010]

inst.exe --a---- 99384 bytes [11:46 13/12/2009] [12:07 13/12/2009]

pcouffin.cat --a---- 7859 bytes [11:46 13/12/2009] [12:07 13/12/2009]

pcouffin.inf --a---- 1167 bytes [11:46 13/12/2009] [12:07 13/12/2009]

pcouffin.log --a---- 34 bytes [11:48 13/12/2009] [12:07 13/12/2009]

pcouffin.sys --a---- 82816 bytes [11:46 13/12/2009] [12:07 13/12/2009]

srvblck2.tmp --a---- 112 bytes [17:05 17/10/2010] [17:05 17/10/2010]

urhtps.dat --a---- 25 bytes [17:40 17/10/2010] [17:41 18/10/2010]

vso_ts_preview.xml --a---- 1173 bytes [12:07 13/12/2009] [06:21 31/08/2010]

 

---Folders---

5006 d------ [17:05 17/10/2010]

Adobe d------ [17:57 02/12/2007]

AdobeUM d------ [19:20 02/01/2008]

Anthropics d------ [17:40 22/08/2009]

Apple Computer d------ [01:12 22/01/2010]

ATI d------ [13:36 02/12/2007]

Avant Profiles d------ [21:40 06/01/2008]

AVS4YOU d------ [14:02 27/09/2009]

Azureus d------ [17:58 07/12/2007]

BPFTP d------ [15:57 28/12/2008]

Canon d------ [12:29 13/02/2010]

cerasus.media d------ [22:43 03/12/2007]

cock d------ [17:03 17/10/2010]

Copax d------ [20:19 22/01/2009]

dvdcss d------ [21:00 19/12/2009]

DVDVideoSoftIEHelpers d------ [20:47 04/08/2010]

FDRLab d------ [18:41 06/01/2008]

GetRightToGo d------ [18:15 23/01/2010]

Hamachi d------ [23:38 04/04/2008]

HpUpdate d------ [20:55 20/01/2011]

Identities d------ [13:10 02/12/2007]

ImgBurn d------ [17:27 09/12/2007]

InstallShield d------ [13:18 02/12/2007]

kantaris d------ [19:16 06/01/2008]

Leadertech d------ [15:57 22/11/2008]

Macromedia d------ [15:29 02/12/2007]

Malwarebytes d------ [16:58 25/01/2011]

Media Center Programs d------ [13:10 02/12/2007]

Microsoft d---s-- [13:10 02/12/2007]

Mozilla d------ [19:47 02/03/2009]

MyPhoneExplorer d------ [23:24 19/08/2008]

Nero d------ [12:51 03/12/2007]

Netscape d------ [23:59 02/12/2007]

Nokia d------ [22:31 03/09/2008]

NSeries d------ [08:47 04/09/2008]

PC Suite d------ [22:29 03/09/2008]

Personal d------ [21:39 05/02/2009]

Rock Manager d------ [12:16 28/12/2008]

ScanSoft d------ [18:51 16/12/2007]

Skype d------ [10:35 14/11/2010]

skypePM d------ [10:37 14/11/2010]

Spotify d------ [18:36 01/01/2010]

Symantec d------ [09:46 28/02/2009]

TuneUp Software d------ [15:21 29/07/2010]

UAs d------ [17:18 18/10/2010]

uTorrent d------ [22:02 02/12/2007]

Ventrilo d------ [19:53 22/04/2008]

Visan d------ [21:02 20/01/2011]

vlc d------ [00:00 08/12/2007]

Vso d------ [11:46 13/12/2009]

Windows Sidebar Styler d------ [22:28 29/03/2009]

Xfire d------ [19:07 09/07/2010]

xmldm d------ [17:03 17/10/2010]

ZiggyTV d------ [15:18 29/07/2010]

Zylom d------ [13:13 15/12/2007]

 

-= EOF =-

 

 

 

2.

 

[sC] OpenService MISSLYCKADES 5:

 

Åtkomst nekad.

 

3.

 

Fixat !

 

4.

 

 

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by pehr at 10:54:06,41 on 2011-01-29

Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_20

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2046.808 [GMT 1:00]

 

AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\AVG\AVG9\avgam.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\PixArt\PAC7302\Monitor.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\pehr\Desktop\dds.scr

C:\Windows\SysWOW64\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.superstart.se/

uInternet Settings,ProxyOverride = <local>

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search

 

Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

 

Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN

 

Toolbar\Platform\5.0.1449.0\npwinext.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [shell] C:\Users\pehr\AppData\Roaming\regeditlib32.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"

mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?

 

lic=OABNAEUASAAtAFIAUQBYADkAMwAtAFcAWQBaAEsAVwAtAEIARQAyAEYAUgAtAFEAWAA4AE0AQQAtAFAARQBNAEIAUgA"&"inst=NwA2AC0A

 

NQAxADMANgA0ADQANgA3ADkALQBYAE8AMwA2ACsAMQAtAEQAMwA4ADEATAArADUALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKw

 

A5AA"&"prod=54"&"ver=9.0.872

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common

 

Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100

 

\WNDA3100.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - C:\Users\pehr\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows

 

Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet

 

Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {BF76EA03-1C82-4B73-A78C-530938ED23A9} = 195.67.199.36,192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12

 

\GrooveShellExtensions.dll

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

mRun-x64: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe

mRun-x64: [CmPCIaudio] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfg3.cpl,CMICtrlWnd

AppInit_DLLs-X64: avgrssta.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - C:\Users\pehr\AppData\Roaming\Mozilla\Firefox\Profiles\dciyr8i7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=

FF - prefs.js: browser.search.selectedEngine - Fast Browser Search

FF - prefs.js: browser.startup.homepage - hxxp://www.filmfix.se/news80.php

FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=13&tid={431575B2-1E27-252A-9716-65E11A4BD68C}&q=

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npWebLaunch.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll

FF - plugin: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-

 

ABCDEFFEDCBA}

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows

 

Presentation Foundation\DotNetAssistantExtension

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

 

============= SERVICES / DRIVERS ===============

 

R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2011-1-25 56008]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-3-1 52856]

R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2011-1-25 269904]

R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2011-1-25 35536]

R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2011-1-25 317520]

R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2007-8-31 26624]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008

 

-9-16 169312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203264]

R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-1-25 308136]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-5-27 6856192]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-27 264192]

R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2009-2-18 41280]

R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WNDA31vx.sys [2008-3-18 524248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010

 

-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

 

[2010-3-18 138576]

S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-2-4 27648]

S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-2-29 942080]

S3 Mupenmrpnssw;Mupenmrpnssw; [x]

S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2007-11-29 22528]

S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2007-11-29 17920]

S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2009-2-18 43328]

S3 PerfHost;Värd för prestandaräknar-DLL;C:\Windows\SysWOW64\perfhost.exe [2009-2-4 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319

 

\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

 

[2009-9-25 89920]

 

=============== File Associations ===============

 

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

 

=============== Created Last 30 ================

 

2011-01-25 16:58:31 -------- d-----w- C:\Users\pehr\AppData\Roaming\Malwarebytes

2011-01-25 16:58:13 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-25 16:58:13 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-01-25 16:58:09 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-01-25 16:58:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-25 09:28:01 -------- d--h--w- C:\$AVG

2011-01-25 08:51:14 13048 ----a-w- C:\Windows\System32\avgrssta.dll

2011-01-25 08:51:13 56008 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2011-01-25 08:51:12 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2011-01-25 08:51:08 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2011-01-25 08:51:06 35536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2011-01-25 08:51:05 -------- d-----w- C:\Windows\System32\drivers\Avg

2011-01-24 16:58:50 -------- d-----w- C:\AVG

2011-01-24 16:57:49 -------- d-----w- C:\Users\pehr\avg

2011-01-22 20:41:28 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-01-21 09:19:14 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F97834F2-CF3E-489C-83D6-

 

F4E7310FBA86}\mpengine.dll

2011-01-20 21:02:46 -------- d-----w- C:\Users\pehr\AppData\Roaming\Visan

2011-01-20 21:02:46 -------- d-----w- C:\PROGRA~3\Visan

2011-01-20 20:56:10 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2011-01-20 20:55:34 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer

2011-01-20 20:55:28 -------- d-----w- C:\Program Files (x86)\HP Photo Creations

2011-01-20 20:55:28 -------- d-----w- C:\PROGRA~3\HP Photo Creations

2011-01-20 20:55:17 -------- d-----w- C:\Users\pehr\AppData\Roaming\HpUpdate

2011-01-20 20:54:22 361320 ------w- C:\Windows\System32\HPDiscoPM8e11.dll

2011-01-20 20:52:32 -------- d-----w- C:\Program Files (x86)\HP

2011-01-20 20:52:05 -------- d-----w- C:\Program Files\HP

2011-01-20 20:51:30 -------- d-----w- C:\Users\pehr\AppData\Local\HP

2011-01-19 03:58:53 -------- d-----w- C:\Download

2011-01-19 03:58:02 -------- d-----w- C:\tmpDownload

2011-01-19 03:57:37 -------- d-----w- C:\YoutubeMusicDownloader

2011-01-12 11:16:07 -------- d-----w- C:\Users\pehr\Scan

 

==================== Find3M ====================

 

2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll

2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll

2010-12-14 16:15:49 1251840 ----a-w- C:\Windows\System32\sdclt.exe

2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll

2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll

2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl

2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll

2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll

2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll

2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec

2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe

2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

 

============= FINISH: 10:56:02,99 ===============

[Cecilia]

Verkar vara bäst att använda en variant av SystemLook för 64-bitars Windows. Ta bort den SystemLook du har och ladda ner den här i stället:

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

 

Upprepa punkt 1 i mitt förra inlägg.

[Brynäsarn]

Jag ser i DDS-loggen att det finns flera gamla java-versioner med säkerhetshål

i datorn,avinstallera i Kontrollpanelen Program och funktioner,ladda hem och

installera uppdaterad Java,finns här http://www.java.com/sv/ när datorn är

rensad.

[Gallskrik1]

SystemLook 04.09.10 by jpshortstuff

Log created at 11:25 on 30/01/2011 by pehr

Administrator - Elevation successful

 

========== dir ==========

 

C:\Windows\SysWow64\C:\Users\pehr\AppData\Roaming - Unable to find folder.

 

c:\Users\pehr\local settings\application data - Parameters: "(none)"

 

---Files---

None found.

 

---Folders---

None found.

 

c:\Users\pehr\local settings - Parameters: "(none)"

 

---Files---

None found.

 

---Folders---

None found.

 

c:\Users\pehr\AppData\Roaming - Parameters: "(none)"

 

---Files---

AcroIEHelpe.dll --a---- 212304 bytes [17:05 17/10/2010] [17:05 17/10/2010]

AcroIEHelpe.txt --a---- 65 bytes [17:05 17/10/2010] [17:18 18/10/2010]

dciyr8i7.default.dat --a---- 5120 bytes [17:03 17/10/2010] [17:18 18/10/2010]

dciyr8i7.default.tmp --a---- 0 bytes [18:23 18/10/2010] [18:23 18/10/2010]

inst.exe --a---- 99384 bytes [11:46 13/12/2009] [12:07 13/12/2009]

pcouffin.cat --a---- 7859 bytes [11:46 13/12/2009] [12:07 13/12/2009]

pcouffin.inf --a---- 1167 bytes [11:46 13/12/2009] [12:07 13/12/2009]

pcouffin.log --a---- 34 bytes [11:48 13/12/2009] [12:07 13/12/2009]

pcouffin.sys --a---- 82816 bytes [11:46 13/12/2009] [12:07 13/12/2009]

srvblck2.tmp --a---- 112 bytes [17:05 17/10/2010] [17:05 17/10/2010]

urhtps.dat --a---- 25 bytes [17:40 17/10/2010] [17:41 18/10/2010]

vso_ts_preview.xml --a---- 1173 bytes [12:07 13/12/2009] [06:21 31/08/2010]

 

---Folders---

5006 d------ [17:05 17/10/2010]

Adobe d------ [17:57 02/12/2007]

AdobeUM d------ [19:20 02/01/2008]

Anthropics d------ [17:40 22/08/2009]

Apple Computer d------ [01:12 22/01/2010]

ATI d------ [13:36 02/12/2007]

Avant Profiles d------ [21:40 06/01/2008]

AVS4YOU d------ [14:02 27/09/2009]

Azureus d------ [17:58 07/12/2007]

BPFTP d------ [15:57 28/12/2008]

Canon d------ [12:29 13/02/2010]

cerasus.media d------ [22:43 03/12/2007]

cock d------ [17:03 17/10/2010]

Copax d------ [20:19 22/01/2009]

dvdcss d------ [21:00 19/12/2009]

DVDVideoSoftIEHelpers d------ [20:47 04/08/2010]

FDRLab d------ [18:41 06/01/2008]

GetRightToGo d------ [18:15 23/01/2010]

Hamachi d------ [23:38 04/04/2008]

HpUpdate d------ [20:55 20/01/2011]

Identities d------ [13:10 02/12/2007]

ImgBurn d------ [17:27 09/12/2007]

InstallShield d------ [13:18 02/12/2007]

kantaris d------ [19:16 06/01/2008]

Leadertech d------ [15:57 22/11/2008]

Macromedia d------ [15:29 02/12/2007]

Malwarebytes d------ [16:58 25/01/2011]

Media Center Programs d------ [13:10 02/12/2007]

Microsoft d---s-- [13:10 02/12/2007]

Mozilla d------ [19:47 02/03/2009]

MyPhoneExplorer d------ [23:24 19/08/2008]

Nero d------ [12:51 03/12/2007]

Netscape d------ [23:59 02/12/2007]

Nokia d------ [22:31 03/09/2008]

NSeries d------ [08:47 04/09/2008]

PC Suite d------ [22:29 03/09/2008]

Personal d------ [21:39 05/02/2009]

Rock Manager d------ [12:16 28/12/2008]

ScanSoft d------ [18:51 16/12/2007]

Skype d------ [10:35 14/11/2010]

skypePM d------ [10:37 14/11/2010]

Spotify d------ [18:36 01/01/2010]

Symantec d------ [09:46 28/02/2009]

TuneUp Software d------ [15:21 29/07/2010]

UAs d------ [17:18 18/10/2010]

uTorrent d------ [22:02 02/12/2007]

Ventrilo d------ [19:53 22/04/2008]

Visan d------ [21:02 20/01/2011]

vlc d------ [00:00 08/12/2007]

Vso d------ [11:46 13/12/2009]

Windows Sidebar Styler d------ [22:28 29/03/2009]

Xfire d------ [19:07 09/07/2010]

xmldm d------ [17:03 17/10/2010]

ZiggyTV d------ [15:18 29/07/2010]

Zylom d------ [13:13 15/12/2007]

 

-= EOF =-

[Cecilia]

Ställ in Datorn/Utforskaren så att du kan se alla filer:

Verktyg - Mappalternativ - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Gå till mappen C:\Windows\SysWow64. Kan du se en mapp som heter %APPDATA% ?

Vad finns i den (om du ser den)?

 

Starta MBAM, uppdatera och gör en snabbskanning. Om något hittas så klistrar du in loggen.