Just nu i M3-nätverket
Jump to content

Har fått "MS Removal Tool", vad gör jag?


Euro

Recommended Posts

Hejsan,

 

Fick nyss ett samtal från min pappa att hans dator inte fungerar som den ska och vi kom fram till att den har blivit smittad av "MS Removal Tool" och hur sjutton gör vi nu för att bli av med detta? Ett problem är att min pappa inte är någon jättehejare på datorer och att han bor på andra sidan Sverige så jag ska försöka hjälpa honom på distans.

 

När jag sökte själv så hittade jag bla. följande sidor där det står om "MSRT" och hur man kan göra för att ta bort det men jag är osäker på att prova något okänt på eget bevåg och undrar nu om jag kan få hjälp här. Vad ska vi börja med att göra?

 

Här är länkarna till de två sidorna med infon. Kan man lita på dessa och göra efter deras instruktioner eller har nån här något bättre förslag?

 

http://trojan-killer.net/ms-removal-tool-scam-how-to-remove-ms-removal-tool-fake-anti-virus/?lang=sv

 

http://se.pcthreat.com/parasitebyid-18091se.html

 

Mvh

Link to comment
Share on other sites

Hej,

dessa länkar har inte bra rykte enligt WOT.

http://www.mywot.com/sv/scorecard/trojan-killer.net

http://www.mywot.com/sv/scorecard/se.pcthreat.com

 

Skulle rekommendera att börja med att köra Malwarebytes.

Malwarebytes' Anti-Malware

Följ programmets instruktioner, omstart kan krävas.

Kör sedan DDS,

Om något antivirus- eller antispionprogram har hittat något skadligt så klistra in en logg där det framgår vad som har hittats och vilka filer och mappar som är inblandade.

 

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

 

Återkom här med loggar från båda programmen, så ska du få assistans här.

Mvh

Mats H

Link to comment
Share on other sites

Det vore bra om din pappa kunde läsa och skriva här direkt och att inte allt ska gå via dig. Om det är något han inte förstår så är det bara att fråga så förklarar jag noggrannare.

 

Innan man följer Mats förslag bör man göra så här:

Kontrollpanelen - Internetalternativ - Anslutningar - LAN-inställningar

Klicka på Avancerat

Ta bort innehållet där så att alla rutor under rubriken Servrar är tomma.

Klicka OK

Ta bort eventuellt innehåll i rutan Adress

Avbocka "Använd en proxyserver...."

 

Om det inte fungerar att köra MBAM (Malwarebytes Anti-Malware) så kör DDS direkt.

 

Edit: Omskrivet eftersom Mats hann före.

Link to comment
Share on other sites

Hej och tack för att ni orkar med allt sånt här :thumbsup:

 

Jag ska kolla med farsan om han törs ge sig på det här på helt egen hand då jag är på kurs imorgon lördag. Hur som helst så lär vi återkomma.

 

Gonatt!

Link to comment
Share on other sites

Som sagt, det är bara för honom att fråga på tills han känner sig helt säker på vad han ska göra.

 

God natt!

Link to comment
Share on other sites

Hej,

 

Har försökt fått pappa att lägga ut här själv men han har inte ens lyckats skaffa sig ett konto här på E-forum. Säger kanske en del om nivån :blush:

 

När han har kört MBAM så kommer det upp ett varningsmeddelande men det verkar vara hans säkerhetsprogram (från Bredbandsbolaget) som säger ifrån. Han har godkännt och skanningen har gått vidare, loggen kommer här nedan. Den verkar inte ha skannat så länge men det kanske hänger ihop med hur mycket som finns på hårddisken.

 

När han ska köra DDS så kommer det upp ett fönster som säger att det inte är godkänt. Jag tror att vi lyckades ändrad i säkerhetsprogrammet så DDS ska godkännas men det funkar ändå inte att köra det, kan det vara det andra (skräp) programmet som sätter stopp för DDS-körningen eller har han gjort något galet?

 

Jag tror han lyckades fibbla bort loggen från den första MBAM-skanningen men sparas inte de automatiskt någonstans? Här kommer den senaste:

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databasversion: 6247

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

2011-04-02 19:22:03

mbam-log-2011-04-02 (19-22-03).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 169765

Förfluten tid: 2 minut(er), 3 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

Link to comment
Share on other sites

  • 3 weeks later...

Hej,

 

Nu är jag tillbaka här igen. Pappas dator började fungera hyfsat igen och han vågade/klarade inte göra så mycket mer. Nu är jag här och besöker honom och kan köra lite mer med datorn om det behövs. Här kommer MBAM-loggen:

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databasversion: 6415

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

2011-04-21 22:08:59

mbam-log-2011-04-21 (22-08-59).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 171471

Förfluten tid: 4 minut(er), 30 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

Link to comment
Share on other sites

Och här är DDS:en

 

 

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Hasse at 22:21:52,23 on 2011-04-21

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3836.2420 [GMT 2:00]

.

AV: Säker Bas 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

SP: Säker Bas 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Säker Bas 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Bredbandsbolaget Security Services\Common\FSMA32.EXE

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Bredbandsbolaget Security Services\Common\FSHDLL32.EXE

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Program Files (x86)\Bredbandsbolaget Security Services\Common\FSHDLL64.EXE

C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Bredbandsbolaget Security Services\ORSP Client\fsorsp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files (x86)\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files (x86)\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Bredbandsbolaget Security Services\Anti-Virus\FSGK32.EXE

C:\Program Files (x86)\Bredbandsbolaget Security Services\Anti-Virus\fssm32.exe

C:\Program Files (x86)\Bredbandsbolaget Security Services\Anti-Virus\fsav32.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Hasse\Desktop\dds.scr

C:\Windows\system32\conhost.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2740822

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5538&r=273602105125l04h4z1l5t4442v942

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5538&r=273602105125l04h4z1l5t4442v942

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5538&r=273602105125l04h4z1l5t4442v942

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed0.dll

mURLSearchHooks: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed0.dll

mWinlogon: Userinit=userinit.exe,

BHO: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed0.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex

mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [F-Secure Manager] "C:\Program Files (x86)\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "C:\Program Files (x86)\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Hasse\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TELIAM~1.LNK - C:\Program Files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0_06\bin\npjpi150_06.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: C:\Program Files (x86)\Bredbandsbolaget Security Services\FSPS\program\FSLSP.DLL

Trusted Zone: unifaun.se\po

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_Win32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll

AppInit_DLLs: acaptuser32.dll

{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {067F6FB8-19BA-4AB6-B7BB-2D6270691A20} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

AppInit_DLLs-X64: acaptuser64.dll

.

============= SERVICES / DRIVERS ===============

.

R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Bredbandsbolaget Security Services\HIPS\drivers\fshs.sys [2010-2-9 57920]

R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2010-2-9 45624]

R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2010-2-9 94280]

R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Bredbandsbolaget Security Services\Anti-Virus\minifilter\fsvista.sys [2010-2-9 14904]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-17 203264]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2009-10-16 107016]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-16 844320]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe [2010-2-9 215648]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-25 62720]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]

R2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2011-1-4 90112]

R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-10-16 253952]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-10-16 240160]

R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-14 281088]

R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-14 15360]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Bredbandsbolaget Security Services\Anti-Virus\minifilter\fsgk.sys [2010-2-9 194728]

R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Bredbandsbolaget Security Services\ORSP Client\fsorsp.exe [2010-2-9 63992]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-16 215040]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-1-15 34872]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-9 135664]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-3-27 61280]

S3 fsssvc;Tjänsten Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]

S3 GTUHSBUS;GT UHS BUS;C:\Windows\System32\drivers\gtuhsbus.sys [2009-5-13 88576]

S3 GTUHSNDISIPXP;GT UHS IP NDIS;C:\Windows\System32\drivers\gtuhs51.sys [2009-5-13 129536]

S3 GTUHSSER;GT UHS SER;C:\Windows\System32\drivers\gtuhsser.sys [2009-5-13 10496]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-16 219136]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\System32\drivers\s1018bus.sys [2011-1-3 113704]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\System32\drivers\s1018mdfl.sys [2011-1-3 19496]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\System32\drivers\s1018mdm.sys [2011-1-3 153128]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1018mgmt.sys [2011-1-3 133160]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1018nd5.sys [2011-1-3 34856]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1018obex.sys [2011-1-3 128552]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1018unic.sys [2011-1-3 146472]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-1-3 155344]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-23 1255736]

S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\Bredbandsbolaget Security Services\Anti-Virus\win2k\fsfilter.sys [2010-2-9 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\Bredbandsbolaget Security Services\Anti-Virus\win2k\fsrec.sys [2010-2-9 25184]

.

=============== Created Last 30 ================

.

2011-04-19 07:37:00 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{88B39560-C0C1-4587-BBD1-CFE9043ADD29}\mpengine.dll

2011-04-13 20:47:19 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-04-13 20:47:19 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-04-13 20:47:09 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-04-13 20:47:08 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-04-13 20:47:03 3133440 ----a-w- C:\Windows\System32\win32k.sys

2011-04-13 20:46:52 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-04-13 20:46:51 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-04-13 20:46:51 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-04-13 20:46:50 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-04-13 20:46:40 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-13 20:46:40 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-13 20:46:39 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-13 20:46:34 367104 ----a-w- C:\Windows\System32\atmfd.dll

2011-04-13 20:46:34 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-04-13 20:46:33 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-04-13 20:46:33 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-04-13 20:43:59 603976 ----a-w- C:\Windows\System32\winload.exe

2011-04-13 20:43:59 518160 ----a-w- C:\Windows\System32\winresume.exe

2011-04-13 20:43:58 640896 ----a-w- C:\Windows\System32\winload.efi

2011-04-13 20:43:58 556928 ----a-w- C:\Windows\System32\winresume.efi

2011-04-13 20:43:58 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-04-13 20:43:58 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-04-13 20:43:58 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-04-13 20:43:51 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-04-13 20:43:45 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-13 20:43:44 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-04-13 20:43:44 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-13 20:43:44 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-02 12:22:53 -------- d-----w- C:\Users\Hasse\AppData\Roaming\Malwarebytes

2011-04-02 12:22:42 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-02 12:22:41 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-04-02 12:22:34 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-04-02 12:22:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-04-01 14:16:53 -------- d-----w- C:\PROGRA~3\mDj01804aBkEa01804

.

==================== Find3M ====================

.

2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec

2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-02 16:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll

.

============= FINISH: 22:29:57,12 ===============

Attach.txt

Link to comment
Share on other sites

@rendtheheavens:

Jag flyttade de inlägg som gällde din dator till en egen tråd så att loggarna skulle blandas ihop. Du hittar tråden här: //eforum.idg.se/topic/329036-rendtheheavens-ms-removal-tool/

 

Cecilia

Moderator

Link to comment
Share on other sites

Hej,

börja med att ta bort följande Tillägg i Internet Explorer, inaktivera/avinstallera:

Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2740822

samt MediaStar2 Toolbar, hittas här med - C:\Program Files (x86)\MediaStar2\tbMed0.dll

 

Sedan gammal Java, Kontrollpanelen\Program:

J2SE Runtime Environment 5.0 Update 6

 

Vad finns här?

C:\PROGRA~3\mDj01804aBkEa01804

 

Mvh

Mats H

Link to comment
Share on other sites

Hej Mats H och tack för att du hjälper till,

 

Har avinstallerat Media Star2 och Java, har även bytt startsida (räcker det eller? Hittar inget i "Tilläggen INternet Explorer).

 

Vad som finns i programmappen har jag ingen aning om. Hittar den inte ens men jag är inte van vid W7 som pappa har i sin dator.

Link to comment
Share on other sites

Det funkade inte klockrent med HJT utan det kom upp ett felmedelande mitt i (se bif) och loggen sparades inte men till slut så tror jag att det funkade, här kommer loggen:

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:14:31, on 2011-04-22

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files (x86)\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5538&r=273602105125l04h4z1l5t4442v942'>http://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5538&r=273602105125l04h4z1l5t4442v942'>http://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5538&r=273602105125l04h4z1l5t4442v942

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leta.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5538&r=273602105125l04h4z1l5t4442v942

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5538&r=273602105125l04h4z1l5t4442v942

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background

O4 - Startup: Telia Mobilt bredband.lnk = C:\Program Files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe

O4 - Global Startup: Acer VCM.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files (x86)\Personal\bin\Personal.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_Win32.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll

O20 - AppInit_DLLs: acaptuser32.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Bredbandsbolaget Security Services\ORSP Client\fsorsp.exe

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 15191 bytes

HJT.doc

Link to comment
Share on other sites

Hej,

prova följande, kan ta lite tid.

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet "Remove found threats"

Bocka för "Scan Archives

 

Klicka på "Advanced Settings"

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Tryck på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Mvh

Mats H

Link to comment
Share on other sites

Hej,

 

Nu har ESET stått och tuggat ett tag men det är inte så mycket som hamnade i logg-filen:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

 

 

 

 

Men i själva programförnstret så kom det upp att det hade hittat fyra "threats", här kommer kopia på det:

 

 

C:\Users\Hasse\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Hasse\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\javaobe.jar-8a5443f-3b805802.zip multiple threats

C:\Users\Hasse\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Hasse\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\ktjrkqiqdvfvg8.jar-5df54475-6b6a3ca3.zip multiple threats

C:\Users\Hasse\AppData\Local\Microsoft\Windows Live Mail\Kvallsjonre 5e3\Inbox\048A5BBD-000001B7.eml HTML/ScrInject.B.Gen virus

C:\Users\Hasse\Desktop\Gamla Skrivbordet\Euroswede\Data\Program\Webdesignskolan\Webdesignskolan filer\blandat\hotbar.htm HTML/Iframe.B.Gen virus

Link to comment
Share on other sites

Hej,

vi tar en Combofix med, se instruktioner:

 

Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Mvh

Mats H

Link to comment
Share on other sites

Hej,

 

Jag körde ESET en gång till men jag hittar inte loggfilen den här gången heller.

 

Här kommer ComboFix-loggen:

 

ComboFix 11-04-23.01 - Hasse 2011-04-23 23:42:39.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3836.2090 [GMT 2:00]

Körs från: c:\users\Hasse\Desktop\ComboFix.exe

AV: Säker Bas 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Säker Bas 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Säker Bas 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\hpe3430.dll

.

.

(((((((((((((((((((((((( Filer Skapade från 2011-03-23 till 2011-04-23 ))))))))))))))))))))))))))))))

.

.

2011-04-23 22:08 . 2011-04-23 22:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-23 07:15 . 2011-04-23 07:15 -------- d-----w- c:\program files (x86)\ESET

2011-04-22 15:39 . 2011-04-22 15:39 388096 ----a-r- c:\users\Hasse\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-04-22 14:14 . 2011-04-22 14:14 -------- d-----w- c:\program files (x86)\Trend Micro

2011-04-22 11:11 . 2010-09-22 22:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2011-04-22 11:11 . 2011-04-22 11:11 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-04-22 11:09 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-04-22 11:09 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-04-22 11:09 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-04-22 11:09 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-04-22 10:56 . 2011-04-22 10:56 -------- d-----w- c:\windows\system32\SPReview

2011-04-22 10:55 . 2011-04-22 10:55 -------- d-----w- c:\windows\system32\EventProviders

2011-04-22 10:44 . 2010-11-20 13:44 3072 ----a-w- c:\windows\system32\drivers\sv-SE\tsusbflt.sys.mui

2011-04-22 10:44 . 2010-11-20 13:40 2560 ----a-w- c:\windows\system32\drivers\sv-SE\rdpwd.sys.mui

2011-04-22 10:43 . 2010-11-20 13:40 4096 ----a-w- c:\windows\system32\drivers\sv-SE\pscr.sys.mui

2011-04-22 10:43 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-04-22 10:43 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-04-22 10:43 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-04-22 10:43 . 2010-11-20 13:33 5563776 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-22 10:43 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2011-04-22 10:43 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2011-04-22 10:43 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll

2011-04-22 10:43 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll

2011-04-22 10:43 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll

2011-04-22 10:42 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll

2011-04-22 10:42 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2011-04-22 10:42 . 2010-11-20 12:19 954752 ----a-w- c:\windows\SysWow64\mfc40.dll

2011-04-22 10:42 . 2010-11-20 12:19 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll

2011-04-22 10:42 . 2010-11-20 13:27 1743360 ----a-w- c:\windows\system32\sysmain.dll

2011-04-22 10:42 . 2010-11-20 13:33 1924480 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-22 10:42 . 2010-11-20 13:27 3650560 ----a-w- c:\windows\system32\MSVidCtl.dll

2011-04-22 10:42 . 2010-11-20 13:27 2314752 ----a-w- c:\windows\system32\tquery.dll

2011-04-22 10:42 . 2010-11-20 13:27 2223616 ----a-w- c:\windows\system32\mssrch.dll

2011-04-22 10:42 . 2010-11-05 01:57 444752 ----a-w- c:\windows\system32\mscoree.dll

2011-04-22 10:39 . 2010-11-20 12:19 1493504 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll

2011-04-22 10:37 . 2010-11-20 13:27 2621952 ----a-w- c:\windows\system32\wucltux.dll

2011-04-22 10:36 . 2010-11-20 13:27 624128 ----a-w- c:\windows\system32\qedit.dll

2011-04-22 10:35 . 2010-11-20 13:33 155008 ----a-w- c:\windows\system32\drivers\mpio.sys

2011-04-22 10:34 . 2010-11-20 13:26 1087488 ----a-w- c:\windows\system32\dbghelp.dll

2011-04-22 10:33 . 2010-11-20 13:15 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-04-22 10:32 . 2010-11-20 12:08 7168 ----a-w- c:\windows\SysWow64\KBDINMAR.DLL

2011-04-22 10:27 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-04-22 10:27 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-04-22 10:27 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-04-22 10:27 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-04-22 10:27 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-04-22 10:26 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-04-22 10:26 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-04-22 09:57 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-04-22 09:57 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-04-22 09:57 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-04-22 09:57 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2011-04-22 09:18 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D991ECD9-3EE6-4032-96C5-70349A93B2EA}\mpengine.dll

2011-04-13 20:47 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-13 20:47 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-04-13 20:47 . 2011-02-18 10:56 613376 ----a-w- c:\windows\system32\vbscript.dll

2011-04-13 20:47 . 2011-02-18 05:43 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-04-13 20:47 . 2011-03-03 03:52 3135488 ----a-w- c:\windows\system32\win32k.sys

2011-04-13 20:46 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-04-13 20:46 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-04-13 20:46 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-04-13 20:46 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-04-13 20:46 . 2011-02-23 04:56 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-13 20:46 . 2011-02-23 04:56 411648 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-13 20:46 . 2011-02-23 04:55 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-13 20:46 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll

2011-04-13 20:46 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-04-13 20:46 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-04-13 20:46 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-04-13 20:43 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll

2011-04-13 20:43 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll

2011-04-13 20:43 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll

2011-04-13 20:43 . 2010-11-20 13:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll

2011-04-13 20:43 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-04-13 20:43 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe

2011-04-13 20:43 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-13 20:43 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-13 20:43 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-13 20:43 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-04-02 12:22 . 2011-04-02 12:22 -------- d-----w- c:\users\Hasse\AppData\Roaming\Malwarebytes

2011-04-02 12:22 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-02 12:22 . 2011-04-02 12:22 -------- d-----w- c:\programdata\Malwarebytes

2011-04-02 12:22 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-02 12:22 . 2011-04-02 12:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-04-01 14:16 . 2011-04-02 12:24 -------- d-----w- c:\programdata\mDj01804aBkEa01804

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-22 11:46 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-04-22 11:46 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-02-19 12:05 . 2011-03-09 12:22 1139200 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 12:04 . 2011-03-09 12:22 1544192 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 12:04 . 2011-03-09 12:22 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 06:30 . 2011-03-09 12:22 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-02-19 06:30 . 2011-03-09 12:22 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-02-02 16:11 . 2010-02-09 15:17 270720 ------w- c:\windows\system32\MpSigStub.exe

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-16 39408]

"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-02-28 427008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-01 1157128]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"F-Secure Manager"="c:\program files (x86)\Bredbandsbolaget Security Services\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files (x86)\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

.

c:\users\Hasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Telia Mobilt bredband.lnk - c:\program files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe [2009-7-31 2406400]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-16 708608]

Adobe Gamma Loader.exe.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-7 113664]

BankID s„kerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2011-1-19 1086288]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]

R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs51.sys [x]

R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Bredbandsbolaget Security Services\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Bredbandsbolaget Security Services\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Bredbandsbolaget Security Services\HIPS\drivers\fshs.sys [2009-08-05 57920]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Bredbandsbolaget Security Services\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]

S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Bredbandsbolaget Security Services\Anti-Virus\minifilter\fsgk.sys [2010-11-30 194728]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Bredbandsbolaget Security Services\ORSP Client\fsorsp.exe [2010-12-20 63992]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Innehållet i mappen 'Schemalagda aktiviteter':

.

2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 14:46]

.

2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 14:46]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.leta.se/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5538&r=273602105125l04h4z1l5t4442v942

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

LSP: c:\program files (x86)\Bredbandsbolaget Security Services\FSPS\program\FSLSP.DLL

Trusted Zone: unifaun.se\po

.

.

------- Filassociationer -------

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

URLSearchHooks-{067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Global Registration - c:\program files (x86)\Acer\Registration\GREG.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

WebBrowser-{067F6FB8-19BA-4AB6-B7BB-2D6270691A20} - (no file)

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu

.

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_USERS\S-1-5-21-2363530107-3367565956-1712306078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2363530107-3367565956-1712306078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Sluttid: 2011-04-24 00:25:40

ComboFix-quarantined-files.txt 2011-04-23 22:25

.

Före genomsökningen: 221 831 262 208 byte ledigt

Efter genomsökningen: 222 014 230 528 byte ledigt

.

- - End Of File - - 91B4D3A5CB3B5E8EA8BDCD7517EA65B9

Link to comment
Share on other sites

Hej,

kommer att gå igenom denna logg under dagen.

Men ställ indatorn på att visa dolda filer och leta reda på detta:

c:\programdata\mDj01804aBkEa01804

(Gör så här, klicka på Windowsknappen, välj sedan Dator och sedan Lokal disk, C:, klicka på den.

Bibliotek öppnas.

Tryck nu på Alt tangenten, och en ny menyrad öppnas, välj Verktyg sedan Mappalternativ och fliken Visning.

Markera i Visa dolda filer och mappar.

Nu ska du t.ex kunna se de "dimmade" mapparna, Prgram Data t.ex.

Nu kan du klicka dig vidare och hitta den jag nämnde.

Återställ sedan visning av dolda mappar på samma sätt som du valde att visa dem.)

 

Hur fungerar datorn nu efter Combofix körningen?

Mvh

Mats H

Link to comment
Share on other sites

Hej,

 

Har suttit och väntat på ett svar men såg först nu att det har blivit en sidan 2 i den här tråden :blink:

 

 

I den där mappen finns det en fil med samma namn med storleken 1 kb och skapad 1/4-11.

 

Vet inte om det har blivit någon skillnad efter ComboFix-körningen, den fungerade nog lika bra som innan.

Link to comment
Share on other sites

Hej,

ta bort mappen med filen.

c:\programdata\mDj01804aBkEa01804.

 

Sedan dags att städa.

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

http://windows.microsoft.com/sv-SE/windows-vista/System-Restore-frequently-asked-questions

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

 

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

http://windows.micro...a-restore-point

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och de olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn. Ta bort DDS-programmet och dess loggar. Om något är kvar efter det så fråga hur du ska ta bort det.

 

3. Ta bort alla tillfälliga filer genom att ladda ner TFC-Cleaner på Skrivbordet:

http://www.geekstogo...er-by-oldtimer/

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på TFC-Cleaner.exe för att starta programmet.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

 

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot...iggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

http://sites.google....lstockholm/home

 

Återkom givetvis om du har frågor!

Mvh

Mats H

Link to comment
Share on other sites

Hej igen,

 

Nu har jag gjort enl dina instruktioner. De "fix-program" som finns kvar är de här nedan men det kanske inte gör något om de finns kvar eller ska jag avinstallera de manuellt?

 

HiJack This

MBAM

 

Sen finns det McAfee Security Scan Plus, NetSpy Protector och ESET Online scanner installerat också, behöver jag göra något åt dessa?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...