Polisen enheten för databrott

18 juli, 2012

Hej!

Jag har också råkat ut för denna trojan (ransomware). Jag har dock en kompis som är rätt kunnig på datorer. Genom att vid uppstarten, när skrivbordet syns d.v.s. precis före meddelandet om polisen kommer, så uppmanade han mig att trycka ctrl+shift+esc. På så sätt lyckades jag (turligt nog) direkt avsluta autostarten av programmet i aktivitetshanteraren före det att programmet startades! Jag kom därför in i datorn! Därefter letade vi efter mystiska filer i autostart (fest0r_ot.exe) Vi raderade detta programmet och efter det gjorde jag en sökning i datorn efter filer med samma begynnelse d.v.s. fest* Två filer hittades i mappen C:Windows/Prefetch med samma namn som ovan nämnt. Desa raderades.

Mina frågor till er är om jag behöver installera om Windows XP (så att det inte har blivit fel i registret som inte är åtgärdade) samt hur jag kan veta att jag fått bort allt? Vågar jag surfa? Behöver jag byta lösenord? Skapa egen inlogg och inte surfa via administratörsinloggningen?

Datorn förefaller fungera normalt nu, men man vet ju aldrig!

Jag kan säga att jag före testet med ctrl+shift+esc genomsökte datorn i felsäkert läge med antivirusprogram som t.ex. Malwarebytes utan att det hittade något som helst fel!

Inte heller nu efter att jag manuellt försökt åtgärda problemet, hittar något av virusprogrammen filer som kan vara skadliga... lurig trojan detta!

mvh

Kristofer

18 juli, 2012

Bra att ni fick bort ransom malware, de är värkligen "pain in the ass" om man inte är kunnig eller har en kunning person som dig. rekomenderar dig att köra DDS och låta "översten" Cecilia kolla igenom den och se om något är kvar

Klistra in loggen/resultatet från programmet DDS:

Spara DDS på Skrivbordet från en av dessa länkar:

http://download.blee...om/sUBs/dds.scr

18 juli, 2012

En kontroll med DDS som ePlay skriver är bra, medan en ominstallation av XP behövs nog inte. Jag har inte hört att denna trojan skulle vara ute efter att stjäla lösenord, men det är alltid bra att göra det för säkerhets skull. Det är bra att inte vara inloggad på ett admin-konto när det gäller XP, i senare Windows finns det skydd även när man är inloggad på ett admin-konto, men det kan vara besvärligt att få det att fungera bra.

18 juli, 2012

Detta blir en tråd i tråden vilket jag antar inte är okej så jag skall fatta mig kort. Till cecilia . Du skrev skydd i admin konto , jag vill veta mer om det , ska jag starta en tråd någon annanstans så tar vi den saken där? Mvh

19 juli, 2012

Hej pchb1knowfinder!

Du kan starta en tråd i avdelningen för Vista eller Windows 7, vilket det nu gäller. Men det gäller UAC/Användarkontroll.

19 juli, 2012

Här kommer mitt resultat av DDS

Kan man förresten se här om det är något som gör datorn onödigt slö? Jag tycker att IE är extremt slö på vissa sidor, t.ex. GP.se.

19 juli, 2012

Vad hände med DDS-loggarna?

19 juli, 2012

Haha jadu det kan man undra! Jag bifogade dem ju!

Är det OK att klistra in dem här istället?

19 juli, 2012

Absolut

19 juli, 2012

Here we go:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by John Doe at 0:08:46 on 2012-07-19

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2559.1351 [GMT 2:00]

.

AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\ABIT\ABIT uGuru\uGuru.exe

C:\Program\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe

C:\Program\Voddler\service\VNetManager.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\DivX\DivX Update\DivXUpdate.exe

C:\Program\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Spotify\Data\SpotifyWebHelper.exe

C:\Program\Skype\Phone\Skype.exe

svchost.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Jamcast\jamcastsvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Windows Live\Contacts\wlcomm.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.nasdaqomxnordic.com/nordic/Nordic.aspx

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program\ekort\EKortHelper.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program\ekort\EKortToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [spybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe

uRun: [spotify Web Helper] "c:\program\spotify\data\SpotifyWebHelper.exe"

uRun: [skype] "c:\program\skype\phone\Skype.exe" /minimized /regrun

mRun: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe

mRun: [ABIT uGuru] c:\program\abit\abit uguru\uGuru.exe

mRun: [GuruClock] c:\program\abit\abit uguru\GuruClock.exe

mRun: [sony Ericsson PC Suite] "c:\program\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions

mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe

mRun: [ATICustomerCare] "c:\program\ati\aticustomercare\ATICustomerCare.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [e-kort] c:\program\ekort\ekort.exe /dontopenmycards /Autostart

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [MSC] "c:\program\microsoft security client\msseces.exe" -hide -runkey

mRun: [update] c:\windows\system32\fest0r_ot.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~4\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~4\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot - search & destroy\SDHelper.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289417172515

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 81.26.226.3 81.26.228.3

TCP: Interfaces\{07499630-388D-4B08-8B63-3989AE170E7A} : DhcpNameServer = 81.26.226.3 81.26.228.3

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-2 64512]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2010-11-10 10752]

R1 MpKslabe98623;MpKslabe98623;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df800c8-cba9-4bf2-a70d-2dc9ade62ac0}\MpKslabe98623.sys [2012-7-18 29904]

R2 Jamcast;Jamcast;c:\program\jamcast\jamcastsvc.exe [2010-12-18 62704]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]

R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2011-2-22 1039640]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-2-12 100368]

S1 auwjjflh;auwjjflh;\??\c:\windows\system32\drivers\auwjjflh.sys --> c:\windows\system32\drivers\auwjjflh.sys [?]

S1 bgzrghke;bgzrghke;\??\c:\windows\system32\drivers\bgzrghke.sys --> c:\windows\system32\drivers\bgzrghke.sys [?]

S1 chefschp;chefschp;\??\c:\windows\system32\drivers\chefschp.sys --> c:\windows\system32\drivers\chefschp.sys [?]

S1 fdvvalym;fdvvalym;\??\c:\windows\system32\drivers\fdvvalym.sys --> c:\windows\system32\drivers\fdvvalym.sys [?]

S1 iqzrrhgv;iqzrrhgv;\??\c:\windows\system32\drivers\iqzrrhgv.sys --> c:\windows\system32\drivers\iqzrrhgv.sys [?]

S1 kgajuinm;kgajuinm;\??\c:\windows\system32\drivers\kgajuinm.sys --> c:\windows\system32\drivers\kgajuinm.sys [?]

S1 ljdgjqcq;ljdgjqcq;\??\c:\windows\system32\drivers\ljdgjqcq.sys --> c:\windows\system32\drivers\ljdgjqcq.sys [?]

S1 pbmbpiqp;pbmbpiqp;\??\c:\windows\system32\drivers\pbmbpiqp.sys --> c:\windows\system32\drivers\pbmbpiqp.sys [?]

S1 psepawfg;psepawfg;\??\c:\windows\system32\drivers\psepawfg.sys --> c:\windows\system32\drivers\psepawfg.sys [?]

S1 raoetaji;raoetaji;\??\c:\windows\system32\drivers\raoetaji.sys --> c:\windows\system32\drivers\raoetaji.sys [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2011-3-2 2152152]

S2 SkypeUpdate;Skype Updater;c:\program\skype\updater\Updater.exe [2012-7-3 160944]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2011-2-25 49904]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-10-9 13224]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2011-10-9 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2011-10-9 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2011-10-9 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2011-10-9 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2011-10-9 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2011-10-9 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2011-10-9 115752]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2010-11-16 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2010-11-16 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2010-11-16 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2010-11-16 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2010-11-16 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2010-11-16 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2010-11-16 90800]

S3 Sony PC Companion;Sony PC Companion;c:\program\sony\sony pc companion\PCCService.exe [2011-10-9 155320]

.

=============== Created Last 30 ================

.

2012-07-18 16:25:37 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df800c8-cba9-4bf2-a70d-2dc9ade62ac0}\offreg.dll

2012-07-18 16:25:37 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df800c8-cba9-4bf2-a70d-2dc9ade62ac0}\MpKslabe98623.sys

2012-07-18 14:15:34 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df800c8-cba9-4bf2-a70d-2dc9ade62ac0}\mpengine.dll

2012-07-17 19:30:55 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-07-15 11:14:00 -------- d-----w- c:\documents and settings\kristofer\application data\Malwarebytes

2012-07-14 20:16:10 -------- d-----w- c:\program\HitmanPro

2012-07-14 20:16:08 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

2012-07-14 18:02:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

.

==================== Find3M ====================

.

2012-06-13 13:55:19 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-12 17:46:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-12 17:46:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-06 20:41:25 81920 ----a-w- c:\windows\ALCFDRTM.VER

2012-06-06 20:41:25 81920 ----a-w- c:\windows\ALCFDRTM.EXE

2012-06-05 15:49:58 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:49:58 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:34 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19:24 23064 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 13:18:58 17648 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:03 602112 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09:37 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:44:07 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44:07 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39:29 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 03:14:59 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14:57 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 0:09:30,89 ===============

19 juli, 2012

Spara SystemLook på Skrivbordet från en av dessa länkar:

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

Dubbelklicka på SystemLook-filen för att köra den.

Kopiera alla rader i rutan

:file
c:\windows\system32\fest0r_ot.exe

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

19 juli, 2012

SystemLook 30.07.11 by jpshortstuff

Log created at 15:43 on 19/07/2012 by John Doe

Administrator - Elevation successful

========== file ==========

c:\windows\system32\fest0r_ot.exe - Unable to find/read file.

-= EOF =-

Antar att det verkar OK!

Jag har ju gjort en sökning via datorns SÖK efter denna fil också. =)

19 juli, 2012

Ville säga en sak innan du känner dig säker, såg att du hade 2 antivirus aktiverade samtidigt. de kan skapa problem, så välj antingen Microsofts eller Lavasofts.

19 juli, 2012

Antar att det verkar OK!

Jag har ju gjort en sökning via datorns SÖK efter denna fil också. =)

Japp, jag ville vara säker på att filen inte finns längre. För att få bort referensen till den i registret samt referenserna till flera drivrutiner som inte längre finns kvar men som var skadliga kan vi använda OTL.

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

Under Output högt upp så välj Minimal Output.

Tryck på Run Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

19 juli, 2012

Ville säga en sak innan du känner dig säker, såg att du hade 2 antivirus aktiverade samtidigt. de kan skapa problem, så välj antingen Microsofts eller Lavasofts.

Gratisvarianten av Ad-Aware 9, som är installerad, fungerar ihop med andra antivirusprogram, men det går inte med Ad-Aware 10.

20 juli, 2012

Well... hur ser det ut?

OTL logfile created on: 2012-07-20 12:40:37 - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Kristofer\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,50 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 71,45% Memory free

4,35 Gb Paging File | 3,72 Gb Available in Paging File | 85,56% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 931,50 Gb Total Space | 702,95 Gb Free Space | 75,46% Space Free | Partition Type: NTFS

Drive E: | 57,26 Gb Total Space | 16,19 Gb Free Space | 28,27% Space Free | Partition Type: NTFS

Computer Name: KRISTOFER | User Name: Kristofer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kristofer\Skrivbord\OTL.exe (OldTimer Tools)

PRC - C:\Program\Spotify\Data\SpotifyWebHelper.exe ()

PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

PRC - C:\Program\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program\Voddler\service\VNetManager.exe ()

PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program\ABIT\ABIT uGuru\uGuru.exe (ABIT Computer Corporation)

PRC - C:\Program\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe (ABIT Computer Corp.)

========== Modules (No Company Name) ==========

MOD - C:\Program\Spotify\Data\SpotifyWebHelper.exe ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()

MOD - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\PDFShell.SVE ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_sv_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()

MOD - C:\Program\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program\Voddler\service\VNetManager.exe ()

MOD - C:\Program\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

SRV - (SkypeUpdate) -- C:\Program\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (MsMpSvc) -- c:\Program\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (Sony PC Companion) -- C:\Program\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SRV - (odserv) -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (VoddlerNet) -- C:\Program\Voddler\service\voddler.exe (Voddler)

SRV - (Jamcast) -- C:\Program\Jamcast\jamcastsvc.exe (Software Development Solutions, Inc.)

SRV - (ose) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (IDriverT) -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (raoetaji) -- C:\WINDOWS\system32\drivers\raoetaji.sys File not found

DRV - (psepawfg) -- C:\WINDOWS\system32\drivers\psepawfg.sys File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (pbmbpiqp) -- C:\WINDOWS\system32\drivers\pbmbpiqp.sys File not found

DRV - (ljdgjqcq) -- C:\WINDOWS\system32\drivers\ljdgjqcq.sys File not found

DRV - (lbrtfdc) -- File not found

DRV - (kgajuinm) -- C:\WINDOWS\system32\drivers\kgajuinm.sys File not found

DRV - (iqzrrhgv) -- C:\WINDOWS\system32\drivers\iqzrrhgv.sys File not found

DRV - (i2omgmt) -- File not found

DRV - (fdvvalym) -- C:\WINDOWS\system32\drivers\fdvvalym.sys File not found

DRV - (chefschp) -- C:\WINDOWS\system32\drivers\chefschp.sys File not found

DRV - (Changer) -- File not found

DRV - (bgzrghke) -- C:\WINDOWS\system32\drivers\bgzrghke.sys File not found

DRV - (auwjjflh) -- C:\WINDOWS\system32\drivers\auwjjflh.sys File not found

DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)

DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)

DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)

DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)

DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)

DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)

DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)

DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)

DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\WINDOWS\system32\drivers\sea1unic.sys (MCCI)

DRV - (sea1obex) -- C:\WINDOWS\system32\drivers\sea1obex.sys (MCCI)

DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\WINDOWS\system32\drivers\sea1nd5.sys (MCCI)

DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\sea1mgmt.sys (MCCI)

DRV - (sea1mdm) -- C:\WINDOWS\system32\drivers\sea1mdm.sys (MCCI)

DRV - (sea1mdfl) -- C:\WINDOWS\system32\drivers\sea1mdfl.sys (MCCI)

DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\WINDOWS\system32\drivers\sea1bus.sys (MCCI)

DRV - (uGuru) -- C:\WINDOWS\system32\drivers\uGuru.SYS (ABIT Computer Corporation)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (Winflash) -- C:\WINDOWS\System32\drivers\WINFLASH.SYS ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nasdaqomxnordic.com/nordic/Nordic.aspx

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF - HKLM\Software\MozillaPlugins\@voddler/voddlerplugin: C:\Program\Voddler\plugin\npvoddler.dll (Voddler Sweden AB)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program\ekort [2012-03-15 22:51:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-07 22:21:32 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004-08-04 14:00:00 | 000,000,710 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program\ekort\EKortHelper.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program\ekort\EKortToolbar.dll ()

O4 - HKLM..\Run: [ABIT uGuru] C:\Program\ABIT\ABIT uGuru\uGuru.exe (ABIT Computer Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [ATICustomerCare] C:\Program\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Genväg till egenskapssida för High Definition Audio] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [GuruClock] C:\Program\ABIT\ABIT uGuru\GuruClock.exe (ABIT Computer Corp.)

O4 - HKLM..\Run: [MSC] c:\Program\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sony Ericsson PC Suite] C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [update] C:\WINDOWS\system32\fest0r_ot.exe File not found

O4 - HKLM..\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe ()

O4 - HKCU..\Run: [spotify Web Helper] C:\Program\Spotify\Data\SpotifyWebHelper.exe ()

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289417172515 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.26.226.3 81.26.228.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07499630-388D-4B08-8B63-3989AE170E7A}: DhcpNameServer = 81.26.226.3 81.26.228.3

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Min aktuella startsida) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-11-10 00:18:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008-08-16 16:03:15 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{454a180b-0664-11e1-9fc2-00508dedde65}\Shell - "" = AutoRun

O33 - MountPoints2\{454a180b-0664-11e1-9fc2-00508dedde65}\Shell\AutoRun\command - "" = F:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-07-19 23:05:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kristofer\Skrivbord\OTL.exe

[2012-07-19 00:07:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Kristofer\Skrivbord\dds.scr

[2012-07-15 14:15:55 | 150,726,432 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Kristofer\Skrivbord\kav12.0.0.374sv_se.exe

[2012-07-15 13:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristofer\Application Data\Malwarebytes

[2012-07-14 22:16:10 | 000,000,000 | ---D | C] -- C:\Program\HitmanPro

[2012-07-14 22:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2012-07-14 20:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012-06-27 18:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristofer\Application Data\dvdcss

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-07-20 12:36:50 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2012-07-20 12:36:50 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2012-07-20 12:35:47 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2012-07-20 12:35:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-07-20 12:35:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-07-19 23:05:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristofer\Skrivbord\OTL.exe

[2012-07-19 15:42:52 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Kristofer\Skrivbord\SystemLook.exe

[2012-07-19 00:08:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Kristofer\Skrivbord\dds.scr

[2012-07-16 22:15:17 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Kristofer\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-07-15 14:16:03 | 150,726,432 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Kristofer\Skrivbord\kav12.0.0.374sv_se.exe

[2012-07-15 12:50:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012-07-12 13:10:59 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012-07-12 00:52:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012-07-08 22:21:29 | 001,594,331 | ---- | M] () -- C:\Documents and Settings\Kristofer\Skrivbord\Emmelie

[2012-06-24 22:15:20 | 000,125,452 | ---- | M] () -- C:\Documents and Settings\Kristofer\Skrivbord\Gräddbebis.jpg

[2012-06-24 16:29:15 | 003,939,628 | ---- | M] () -- C:\Documents and Settings\Kristofer\Skrivbord\Changing course.pdf

[2012-06-24 16:28:49 | 000,890,134 | ---- | M] () -- C:\Documents and Settings\Kristofer\Skrivbord\Million dollars careers.pdf

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-07-19 15:42:51 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Kristofer\Skrivbord\SystemLook.exe

[2012-07-08 22:21:20 | 001,594,331 | ---- | C] () -- C:\Documents and Settings\Kristofer\Skrivbord\Emmelie

[2012-06-24 22:15:17 | 000,125,452 | ---- | C] () -- C:\Documents and Settings\Kristofer\Skrivbord\Gräddbebis.jpg

[2012-06-24 16:29:14 | 003,939,628 | ---- | C] () -- C:\Documents and Settings\Kristofer\Skrivbord\Changing course.pdf

[2012-06-24 16:28:46 | 000,890,134 | ---- | C] () -- C:\Documents and Settings\Kristofer\Skrivbord\Million dollars careers.pdf

[2012-02-15 19:26:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011-12-05 23:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll

[2011-12-05 23:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

[2011-11-13 18:32:36 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2011-05-04 19:01:49 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011-05-04 19:01:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2010-12-31 01:41:19 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\OBroker.exe

[2010-12-20 22:28:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010-11-27 22:34:15 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2010-11-11 22:28:52 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Kristofer\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-11-10 23:37:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010-11-10 23:30:37 | 000,000,280 | ---- | C] () -- C:\WINDOWS\game.ini

[2010-11-10 21:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2010-11-10 21:54:39 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2010-11-10 21:54:38 | 000,608,507 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010-11-10 21:54:38 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2010-11-10 19:12:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-11-10 01:10:25 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010-11-10 01:09:21 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-11-10 00:28:35 | 000,003,548 | ---- | C] () -- C:\WINDOWS\System32\WINFLASH.SYS

[2010-11-10 00:28:34 | 000,018,606 | ---- | C] () -- C:\WINDOWS\System32\FlashMenu.sys

[2010-11-10 00:28:34 | 000,018,606 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashMenu.sys

[2010-11-10 00:28:34 | 000,005,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\HWDRV.SYS

[2010-11-10 00:28:34 | 000,005,018 | ---- | C] () -- C:\WINDOWS\System32\drivers\HWIOCTL.SYS

[2010-11-10 00:28:34 | 000,004,047 | ---- | C] () -- C:\WINDOWS\System32\drivers\MEMCTL.SYS

[2010-11-10 00:28:34 | 000,003,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINFLASH.SYS

[2010-11-10 00:28:34 | 000,002,721 | ---- | C] () -- C:\WINDOWS\System32\drivers\AMINTSYS.SYS

[2010-11-10 00:20:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010-11-10 00:16:18 | 000,021,700 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

< End of report >

Extras.Txt

20 juli, 2012

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:OTL
DRV - (pbmbpiqp) -- C:\WINDOWS\system32\drivers\pbmbpiqp.sys File not found
DRV - (ljdgjqcq) -- C:\WINDOWS\system32\drivers\ljdgjqcq.sys File not found
DRV - (kgajuinm) -- C:\WINDOWS\system32\drivers\kgajuinm.sys File not found
DRV - (iqzrrhgv) -- C:\WINDOWS\system32\drivers\iqzrrhgv.sys File not found
DRV - (fdvvalym) -- C:\WINDOWS\system32\drivers\fdvvalym.sys File not found
DRV - (chefschp) -- C:\WINDOWS\system32\drivers\chefschp.sys File not found
DRV - (Changer) -- File not found
DRV - (bgzrghke) -- C:\WINDOWS\system32\drivers\bgzrghke.sys File not found
DRV - (auwjjflh) -- C:\WINDOWS\system32\drivers\auwjjflh.sys File not found
O4 - HKLM..\Run: [update] C:\WINDOWS\system32\fest0r_ot.exe File not found
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Reg Error: Value error. (Reg :Reg
:Commands
[CREATERESTOREPOINT]
[REBOOT]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

Kör DDS också och klistra in den loggen med.

20 juli, 2012

Här kommer OTL utan förhoppningsvis massa antivirus och liknande! Stoppade Ad-Aware, Spybot och Microsoft Security Essentials före jag körde programmet!

========== OTL ==========

Service pbmbpiqp stopped successfully!

Service pbmbpiqp deleted successfully!

File C:\WINDOWS\system32\drivers\pbmbpiqp.sys File not found not found.

Service ljdgjqcq stopped successfully!

Service ljdgjqcq deleted successfully!

File C:\WINDOWS\system32\drivers\ljdgjqcq.sys File not found not found.

Service kgajuinm stopped successfully!

Service kgajuinm deleted successfully!

File C:\WINDOWS\system32\drivers\kgajuinm.sys File not found not found.

Service iqzrrhgv stopped successfully!

Service iqzrrhgv deleted successfully!

File C:\WINDOWS\system32\drivers\iqzrrhgv.sys File not found not found.

Service fdvvalym stopped successfully!

Service fdvvalym deleted successfully!

File C:\WINDOWS\system32\drivers\fdvvalym.sys File not found not found.

Service chefschp stopped successfully!

Service chefschp deleted successfully!

File C:\WINDOWS\system32\drivers\chefschp.sys File not found not found.

Service Changer stopped successfully!

Service Changer deleted successfully!

File File not found not found.

Service bgzrghke stopped successfully!

Service bgzrghke deleted successfully!

File C:\WINDOWS\system32\drivers\bgzrghke.sys File not found not found.

Service auwjjflh stopped successfully!

Service auwjjflh deleted successfully!

File C:\WINDOWS\system32\drivers\auwjjflh.sys File not found not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07202012_153353

Här följer DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Kristofer at 15:51:09 on 2012-07-20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2559.1999 [GMT 2:00]

.

AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\ABIT\ABIT uGuru\uGuru.exe

C:\Program\Voddler\service\VNetManager.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\DivX\DivX Update\DivXUpdate.exe

C:\Program\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Spotify\Data\SpotifyWebHelper.exe

svchost.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Jamcast\jamcastsvc.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program\Skype\Updater\Updater.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter