Delad tråd - Polistrojan

[fejlejp]

Hej!

 

Jag har detta problem just nu. Felsäkert läge funkar inte, systemåterställning funkar inte.

 

Jag följde dina instruktioner men visste inte vad jag skulle göra efter att jag hade fått upp notepad med massa systemtext.

 

Har du möjlighet att hjälpa mig därifrån?

 

Tack på förhand

[Cecilia]

Hej fejlejp!

 

Du kopierar allt som står notepad och klistrar in i ditt inlägg här. Dock kommer jag inom ett par minuter att flytta ditt inlägg och detta svar till en ny tråd för det är risk för misstag om två datorer hanteras i samma tråd. Vänta därför med att klistra in innehållet i loggen tills efter flytten.

 

Cecilia

Moderator

[fejlejp]

Tack!!

 

Men hur ska jag kunna kopiera texten och få den hit? Via USB-minnet? Krävs två datorer alltså? (skriver från iphone).

 

Tack på förhand

[fejlejp]

Never mind, förstår nu. Skapas en logg på usb-minnet.

Jag ska försöka få tag i en dator idag, annars fixar jag det imorgon på jobbet!

[fejlejp]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013
Ran by SYSTEM on MININT-ATI94NH on 29-09-2013 15:54:43
Running from G:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-03] (Synaptics Incorporated)
HKLM\...\Run: [RotateImage] - C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-11-16] (Lenovo Group Limited)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-17] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3089720 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [337256 2009-12-11] (Lenovo.)
HKLM\...\Run: [PWMTRV] - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\Chilo\...\Run: [AdobeBridge] - [x]
HKU\Chilo\...\Run: [spotify Web Helper] - C:\Users\Chilo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2013-07-31] (Spotify Ltd)
HKU\Chilo\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2013-01-08] (DT Soft Ltd)
HKU\Chilo\...\Winlogon: [shell] explorer.exe,C:\Users\Chilo\AppData\Roaming\data.dat [ 2013-07-08] () <==== ATTENTION
HKU\Default\...\RunOnce: [] -
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~1\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [ 2009-03-24] ()
HKU\Default User\...\RunOnce: [] -
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~1\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [ 2009-03-24] ()
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\Users\Chilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2010-03-01] (Lenovo)
S2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [259432 2010-03-01] (Lenovo)
S2 LENOVO.CAMMUTE; C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe [54632 2009-11-08] (Lenovo Group Limited)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [44984 2009-11-17] (Lenovo Group Limited)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [28672 2010-02-10] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-07] (DT Soft Ltd)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [816792 2010-05-06] ()
S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-27 11:01 - 2013-09-27 11:01 - 00000000 ____D C:\FRST
2013-09-26 10:58 - 2013-09-27 05:33 - 00000004 _____ C:\Users\Chilo\AppData\Roaming\settings.ini
2013-09-25 09:05 - 2013-09-25 09:05 - 00212374 _____ C:\Users\Chilo\Downloads\SonsofAnarchyS02E01-E13HDTVXviD-SYSFQM.rar
2013-09-24 09:52 - 2013-09-24 09:52 - 00000000 ____D C:\Users\Chilo\AppData\Roaming\Ashampoo
2013-09-15 10:43 - 2013-09-15 10:44 - 00207741 _____ C:\Users\Chilo\Downloads\sons.of.anarchy.s01.dvdrip.xvid-reward.rar
2013-09-12 08:18 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-12 08:18 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-12 08:18 - 2013-08-09 19:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-12 08:18 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-12 08:18 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-12 08:18 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-12 08:18 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-12 08:18 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-12 08:18 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-12 08:18 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-12 08:18 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-12 08:18 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-12 08:18 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-12 08:18 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-12 08:18 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-12 08:18 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-11 05:19 - 2013-08-07 17:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-11 05:19 - 2013-08-01 17:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-11 05:19 - 2013-08-01 17:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-11 05:19 - 2013-08-01 17:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 16:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-11 05:19 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 05:19 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 05:19 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-11 05:19 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-07 05:03 - 2013-09-13 10:58 - 00000000 ____D C:\Users\Chilo\Desktop\LINA

==================== One Month Modified Files and Folders =======

2013-09-27 14:44 - 2013-02-07 14:20 - 00000000 ____D C:\users\Chilo
2013-09-27 14:44 - 2013-02-07 13:01 - 00000000 ____D C:\Users\Chilo\AppData\Roaming\vlc
2013-09-27 14:44 - 2013-02-07 11:44 - 00000000 ____D C:\Users\Chilo\AppData\Roaming\uTorrent
2013-09-27 14:44 - 2010-05-06 18:03 - 00000000 ____D C:\ProgramData\Lenovo
2013-09-27 14:44 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-09-27 14:44 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-09-27 11:01 - 2013-09-27 11:01 - 00000000 ____D C:\FRST
2013-09-27 05:33 - 2013-09-26 10:58 - 00000004 _____ C:\Users\Chilo\AppData\Roaming\settings.ini
2013-09-27 05:33 - 2010-05-06 17:51 - 01249334 _____ C:\Windows\WindowsUpdate.log
2013-09-27 05:08 - 2013-02-13 09:29 - 00000000 ____D C:\Users\Chilo\AppData\Local\Adobe
2013-09-27 05:05 - 2009-07-20 21:30 - 00844518 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-27 05:05 - 2009-07-13 20:34 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-27 05:05 - 2009-07-13 20:34 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-27 04:58 - 2013-03-26 12:07 - 00000000 ____D C:\Users\Chilo\AppData\Roaming\Dropbox
2013-09-27 04:58 - 2009-07-13 20:39 - 00067359 _____ C:\Windows\setupact.log
2013-09-26 11:36 - 2013-03-26 12:10 - 00000000 ___RD C:\Users\Chilo\Dropbox
2013-09-25 09:05 - 2013-09-25 09:05 - 00212374 _____ C:\Users\Chilo\Downloads\SonsofAnarchyS02E01-E13HDTVXviD-SYSFQM.rar
2013-09-25 06:05 - 2013-02-07 12:01 - 00000000 ____D C:\Users\Chilo\Downloads\Filmer
2013-09-25 05:48 - 2013-02-07 11:59 - 00000000 ____D C:\Users\Chilo\Downloads\uTorrent
2013-09-24 09:52 - 2013-09-24 09:52 - 00000000 ____D C:\Users\Chilo\AppData\Roaming\Ashampoo
2013-09-24 09:52 - 2013-07-14 09:34 - 00000000 ____D C:\Users\Chilo\AppData\Local\ashampoo
2013-09-22 12:58 - 2013-03-07 05:26 - 00000000 ____D C:\Users\Chilo\AppData\Roaming\Spotify
2013-09-22 06:45 - 2013-03-23 08:24 - 00000000 ____D C:\Users\Chilo\Documents\iRinger Tones
2013-09-22 06:13 - 2013-03-23 08:22 - 00000000 ____D C:\ProgramData\iRinger
2013-09-21 03:02 - 2013-03-07 05:29 - 00000000 ____D C:\Users\Chilo\AppData\Local\Spotify
2013-09-21 00:52 - 2013-02-11 07:24 - 00000000 ____D C:\Users\Chilo\Downloads\Musik
2013-09-19 09:30 - 2013-02-07 12:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-09-19 09:30 - 2013-02-07 12:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-19 09:11 - 2010-05-06 17:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-19 09:08 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-09-19 06:58 - 2013-08-26 12:20 - 00000000 ____D C:\Users\Chilo\Desktop\True Velocity MASTER
2013-09-15 12:43 - 2013-02-07 12:02 - 00000000 ____D C:\Users\Chilo\Downloads\Serier
2013-09-15 10:44 - 2013-09-15 10:43 - 00207741 _____ C:\Users\Chilo\Downloads\sons.of.anarchy.s01.dvdrip.xvid-reward.rar
2013-09-13 10:58 - 2013-09-07 05:03 - 00000000 ____D C:\Users\Chilo\Desktop\LINA
2013-09-13 08:25 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-09-12 08:53 - 2009-07-13 20:33 - 03806600 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 08:24 - 2010-05-06 18:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 08:14 - 2013-07-19 17:01 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 08:11 - 2013-02-17 10:12 - 76725432 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-01 12:11 - 2013-02-07 12:20 - 00000000 ____D C:\ProgramData\Adobe
2013-09-01 10:28 - 2013-02-07 14:27 - 00000000 ____D C:\Users\Chilo\AppData\Roaming\Adobe

Files to move or delete:
====================
C:\Users\Chilo\AppData\Roaming\data.dat
C:\Users\Chilo\AppData\Roaming\settings.ini
C:\Users\Chilo\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\Chilo\AppData\Local\Temp\rootsupd.exe
C:\Users\Chilo\AppData\Local\Temp\yvdpfwnweukvrioaree.bfg


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-09-25 12:58:47

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 1907.67 MB
Available physical RAM: 1402.01 MB
Total Pagefile: 1907.67 MB
Available Pagefile: 1405.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.1 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:28.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.64 GB) NTFS
Drive g: (KINGSTON) (Removable) (Total:14.94 GB) (Free:14.94 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.5 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: D71FE197)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-09-20 14:04

==================== End Of Log ============================

[Cecilia]

På den fungerandedator
Starta Anteckningar.
Kopiera alla rader i rutan:

C:\Users\Chilo\AppData\Roaming\data.dat
C:\Users\Chilo\AppData\Roaming\settings.ini
C:\Users\Chilo\AppData\Roaming\i.ini

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på USB-minnet med namnet fixlist.txt.

På den infekterade datorn
Starta FRST på samma sätt som sist.
Klicka på knappen Fix.
Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på USB-minnet.
Klistra in innehållet i den i ditt svar.

 

Kontrollera om den infekterade datorn nu kan starta. I så fall följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så gott det går för fortsatt rensning.

[fejlejp]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2013
Ran by SYSTEM at 2013-09-29 16:06:41 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
C:\Users\Chilo\AppData\Roaming\data.dat
C:\Users\Chilo\AppData\Roaming\settings.ini
C:\Users\Chilo\AppData\Roaming\i.ini
*****************

C:\Users\Chilo\AppData\Roaming\data.dat => Moved successfully.
C:\Users\Chilo\AppData\Roaming\settings.ini => Moved successfully.
"C:\Users\Chilo\AppData\Roaming\i.ini" => File/Directory not found.

==== End of Fixlog ====

[fejlejp]

"Beskriv noga vad du har för problem med datorn, varför du tror eller vet att det finns skadliga program i datorn."

-Detta har jag gjort, till dig, eller hur?

"Om något antivirus- eller antispionprogram har hittat något skadligt så klistra in en logg där det framgår vad som har hittats och vilka filer och mappar som är inblandade.

Klistra in loggen/resultatet från programmet DDS:
Spara DDS på Skrivbordet från en av dessa länkar:
http://download.blee...om/sUBs/dds.scr
http://download.blee...om/sUBs/dds.com
http://www.forospyware.com/sUBs/dds"

-För tillfället scannar jag datorn (yes, den gick att starta!) med Windows Essentials. Om jag har förstått det rätt så ska jag, när den har scannat klart, klistra in resultatloggen i ett inlägg i denna tråd?
Det jag inte hajjar är stycket om "DDS". Ska jag laddar ner ett program som heter DDS och sedan klistra in loggen från Windows Essentials-scanningen i DDS-programmet?

[Cecilia]

Japp, klicka på en av de tre länkarna så kommer DDS-programmet att laddas ner. Spara det på skrivbordet. Det har inget med loggen från Microsoft Security Essentials att göra.

 

Om Microsoft Security Essentials hittar något skriv (klistra in) i ditt svar vad som hittades.

 

Kör DDS och två loggar skapas. Klistra in dem också i svaret.

[fejlejp]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.21.2
Run by Chilo at 16:51:54 on 2013-09-29
Microsoft Windows 7 Professional   6.1.7601.1.1252.46.1033.18.1908.713 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Users\Chilo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Chilo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=119529&babsrc=HP_ss&mntrId=D2D30026C733B4A4
uDefault_Page_URL = hxxp://lenovo.msn.com
uWinlogon: Shell = explorer.exe,c:\users\chilo\appdata\roaming\data.dat
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\chilo\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\chilo\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TCP: NameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{18BDEB6C-767D-476A-A2EE-C711EADD9736} : DHCPNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{18BDEB6C-767D-476A-A2EE-C711EADD9736}\255746B62716E647A7 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{18BDEB6C-767D-476A-A2EE-C711EADD9736}\341627F6C696E6163702960586F6E656 : DHCPNameServer = 130.244.127.161 130.244.127.169
TCP: Interfaces\{18BDEB6C-767D-476A-A2EE-C711EADD9736}\4435027457563747 : DHCPNameServer = 192.168.2.66 192.168.2.34
TCP: Interfaces\{18BDEB6C-767D-476A-A2EE-C711EADD9736}\6496C696073702960586F6E656 : DHCPNameServer = 130.244.127.161 130.244.127.169
TCP: Interfaces\{7ED5EC82-7529-4C59-913C-AA945298C57A} : DHCPNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{93E9B436-DC77-4BC3-8328-CDB5A32D2CE0} : DHCPNameServer = 130.244.127.161 130.244.127.169
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages =  scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chilo\appdata\roaming\mozilla\firefox\profiles\o98pdfow.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\chilo\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - d2d32a930000000000000026c733b4a4
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15787
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.017:34:16
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-5-7 24304]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-2-7 242240]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-12-10 13480]
R1 MpKsl2909275f;MpKsl2909275f;c:\programdata\microsoft\microsoft antimalware\definition updates\{aefb18c6-73de-4eb4-be45-d1b83aac20a0}\MpKsl2909275f.sys [2013-9-29 40392]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-5-7 132456]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\hotkey\cammute.exe [2009-12-10 54632]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-12-10 44984]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-31 100328]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-5-7 48640]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-12-10 62904]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-30 13752]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-5-7 2320920]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-5-7 126080]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-5-7 214696]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-7 125696]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-5-7 209920]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-9 38336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-7 29472]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-9-10 18432]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-5-7 816792]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-5-7 75112]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-2-9 52224]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-30 99768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-9 1343400]
.
=============== Created Last 30 ================
.
2013-09-29 14:51:14    40392    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{aefb18c6-73de-4eb4-be45-d1b83aac20a0}\MpKsl2909275f.sys
2013-09-29 14:26:58    7328304    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{aefb18c6-73de-4eb4-be45-d1b83aac20a0}\mpengine.dll
2013-09-27 19:01:16    --------    d-----w-    C:\FRST
2013-09-26 19:16:13    7328304    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-24 17:52:18    --------    d-----w-    c:\users\chilo\appdata\roaming\Ashampoo
2013-09-07 12:49:52    718712    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{13c122e7-09db-4678-b510-a99a17a9b59a}\gapaengine.dll
2013-09-03 10:40:31    90624    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\LXKPTPRC.DLL
.
==================== Find3M  ====================
.
2013-09-19 17:30:25    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 17:30:25    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-10 03:59:10    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-08-10 03:58:09    2876928    ----a-w-    c:\windows\system32\jscript9.dll
2013-08-10 03:58:06    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-08-10 03:58:06    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-08-10 03:07:50    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-08-10 02:17:19    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-08-08 01:03:07    2348544    ----a-w-    c:\windows\system32\win32k.sys
2013-08-02 01:50:36    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-08-02 01:49:19    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57    271360    ----a-w-    c:\windows\system32\conhost.exe
2013-08-02 00:43:05    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41:01    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-09 05:03:34    3968960    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-07-09 04:52:10    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-09 04:50:42    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-07-09 04:46:31    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    c:\windows\system32\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-07-06 05:05:35    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 16:52:03,61 ===============
 

attach.txt

[fejlejp]

Jag avbröt Windows Essential-scanningen. Tog extremt lång tid. Ca 15% klart på 30min.
Kanske räcker om jag kör en "snabbscan" ?

[Cecilia]

Jag avbröt Windows Essential-scanningen. Tog extremt lång tid. Ca 15% klart på 30min.

Kanske räcker om jag kör en "snabbscan" ?

Du kan låta den stå på i bakgrunden. Återkommer lite senare när jag gått igenom DDS-loggen.

[Cecilia]

1. Kopiera FRST från USB-minnet till skrivbordet.

Starta Anteckningar.
Kopiera alla rader i rutan:

HKU\Chilo\...\Winlogon: [Shell] explorer.exe,C:\Users\Chilo\AppData\Roaming\data.dat [ 2013-07-08] () <==== ATTENTION

och klistra in i Anteckningar. Kontrollera att det bara är en rad.
Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST genom att dubbelklicka på den.
Klicka på knappen Fix.
Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.

 

2. Avinstallera:

Java 7 Update 21

 

Eftersom det är en gammal programversion med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida, t ex med polistrojanen. De flesta klarar sig bra utan att ha Java installerat men om du måste ha det är det väldigt viktigt att alltid hålla Java uppdaterad. Låt Secunias Software Inspector kolla upp om där finns fler program med kända säkerhetshål i datorn. Fixa de problem som den rapporterar. Den engelska sidan http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ beskriver hur man installerar och använder programmet.

 

3. Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på Report-knappen.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt

[fejlejp]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2013 01
Ran by Chilo at 2013-09-29 19:23:59 Run:2
Running from C:\Users\Chilo\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\Chilo\...\Winlogon: [shell] explorer.exe,C:\Users\Chilo\AppData\Roaming\data.dat [ 2013-07-08] () <==== ATTENTION
*****************

HKU\Chilo\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.

==== End of Fixlog ====

[fejlejp]

# AdwCleaner v3.005 - Report created 29/09/2013 at 19:45:01
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Chilo - LIFI
# Running from : C:\Users\Chilo\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Users\Chilo\AppData\Roaming\Mozilla\Firefox\Profiles\o98pdfow.default\\invalidprefs.js
File Found : C:\Users\Chilo\AppData\Roaming\Mozilla\Firefox\Profiles\o98pdfow.default\searchplugins\delta.xml
File Found : C:\Users\Chilo\AppData\Roaming\Mozilla\Firefox\Profiles\o98pdfow.default\user.js
File Found : C:\Windows\system32\roboot.exe
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\DSearchLink
Folder Found C:\ProgramData\IBUpdaterService
Folder Found C:\ProgramData\Search Protection
Folder Found C:\Users\Chilo\AppData\LocalLow\adawaretb
Folder Found C:\Users\Chilo\AppData\Roaming\Babylon
Folder Found C:\Users\Chilo\AppData\Roaming\Mozilla\Firefox\Profiles\o98pdfow.default\adawaretb
Folder Found C:\Users\Chilo\AppData\Roaming\PerformerSoft

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\f48adab66de542
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\Software\DomaIQ
Key Found : HKLM\SOFTWARE\f48adab66de542
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_iringer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_iringer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_origin_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_origin_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Found : HKLM\Software\PIP
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (sv-SE)

[ File : C:\Users\Chilo\AppData\Roaming\Mozilla\Firefox\Profiles\o98pdfow.default\prefs.js ]

Line Found : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119529&babsrc=HP_ss&mntrId=D2D30026C733B4A4");
Line Found : user_pref("avg.install.userSPSettings", "Delta Search");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "sv");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "d2d32a930000000000000026c733b4a4");
Line Found : user_pref("extensions.delta.instlDay", "15977");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.617:54:06");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=120522&tsp=5020");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[R0].txt - [5704 octets] - [29/09/2013 19:41:42]
AdwCleaner[R1].txt - [5624 octets] - [29/09/2013 19:45:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5684 octets] ##########





Nu står det "Pending. Please uncheck elements you don't want to remove."

[Cecilia]

Om du använder programmet MyPC Backup tar du bort bockarna på raderna:

 

Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup

 

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s1].txt
 

[fejlejp]

# AdwCleaner v3.005 - Report created 29/09/2013 at 21:50:35
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Chilo - LIFI
# Running from : C:\Users\Chilo\Desktop\pc\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Users\Chilo\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Chilo\AppData\Roaming\PerformerSoft
File Deleted : C:\END
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\Chilo\AppData\Roaming\Mozilla\Firefox\Profiles\o98pdfow.default\\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Chilo\AppData\Roaming\Mozilla\Firefox\Profiles\o98pdfow.default\searchplugins\delta.xml
File Deleted : C:\Users\Chilo\AppData\Roaming\Mozilla\Firefox\Profiles\o98pdfow.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\f48adab66de542
Key Deleted : HKLM\SOFTWARE\f48adab66de542
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_iringer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_iringer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_origin_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_origin_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (sv-SE)

[ File : C:\Users\Chilo\AppData\Roaming\Mozilla\Firefox\Profiles\o98pdfow.default\prefs.js ]

Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119529&babsrc=HP_ss&mntrId=D2D30026C733B4A4");
Line Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "sv");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "d2d32a930000000000000026c733b4a4");
Line Deleted : user_pref("extensions.delta.instlDay", "15977");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.617:54:06");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=120522&tsp=5020");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[R0].txt - [5704 octets] - [29/09/2013 19:41:42]
AdwCleaner[R1].txt - [5764 octets] - [29/09/2013 19:45:01]
AdwCleaner[R2].txt - [5039 octets] - [29/09/2013 21:36:51]
AdwCleaner[R3].txt - [5097 octets] - [29/09/2013 21:50:04]
AdwCleaner[s0].txt - [5045 octets] - [29/09/2013 21:50:35]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5105 octets] ##########
 

[Cecilia]

Bra!

 

Hur fungerar datorn nu?

 

Förutom skanningen med Microsoft Security Essentials är det bra att göra följande skanning. Men kör inte båda samtidigt utan efter varandra.

 

Skanna datorn online på http://www.eset.com/onlinescan/
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet Remove found threats
Bocka för Scan Archives

Klicka på Advanced Settings
Bocka för:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Klicka på Scan

När skanningen är klar klicka på List of threats found, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

[fejlejp]

Scannar för tillfället, den verkar hitta en del skit. Tex ask toolbar som jag har försökt få bort och även massa babylon-filer, vilket är något jag har upplevt problem med tidigare. Framförallt i webläsaren.

Yes den funkar, tack så oerhört för hjälpen!

[fejlejp]

C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\PF\APNIC.dll.vir    a variant of Win32/Bundled.Toolbar.Ask application
C:\FRST\Quarantine\data.dat    a variant of Win32/Kryptik.BLIS trojan
C:\Program Files\Uninstaller\Uninstall.exe    a variant of MSIL/DomaIQ.A application
C:\Users\Chilo\AppData\Local\Temp\yvdpfwnweukvrioaree.bfg    a variant of Win32/Kryptik.BLIS trojan
C:\Users\Chilo\AppData\Local\Temp\AVG-Anti-Virus-Free-Edition-2013.exe\cf213051b29e4088a264d24bad564de3\AVG-Anti-Virus-Free-Edition-2013.exe    a variant of MSIL/DomaIQ.E application
C:\Users\Chilo\AppData\Local\Temp\AVG-Anti-Virus-Free-Edition-2013.exe\cf213051b29e4088a264d24bad564de3\installer.exe\AVG-Anti-Virus-Free-Edition-2013.exe    a variant of MSIL/DomaIQ.E application
C:\Users\Chilo\AppData\Local\Temp\AVG-Anti-Virus-Free-Edition-2013.exe\cf213051b29e4088a264d24bad564de3\software\Delta Babylon.exe    a variant of Win32/Toolbar.Babylon.F application
C:\Users\Chilo\AppData\Local\Temp\AVG-Anti-Virus-Free-Edition-2013.exe\cf213051b29e4088a264d24bad564de3\software\speedupmypc.exe    Win32/SpeedUpMyPC.A application
C:\Users\Chilo\AppData\Local\Temp\E1040DEA-BAB0-7891-8669-9B32FC789DCC\Latest\BExternal.dll    a variant of Win32/Toolbar.Babylon.F application
C:\Users\Chilo\AppData\Local\Temp\E1040DEA-BAB0-7891-8669-9B32FC789DCC\Latest\IEHelper.dll    Win32/Toolbar.Babylon.E application
C:\Users\Chilo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3cc660d4-329844af    a variant of Java/Exploit.CVE-2013-2460.M trojan
C:\Users\Chilo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3cc660d4-43729dd2    a variant of Java/Exploit.CVE-2013-2460.M trojan
C:\Users\Chilo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5b59281c-57a53abb    a variant of Win32/Kryptik.BLIS trojan
C:\Users\Chilo\Downloads\AVG-Anti-Virus-Free-Edition-2013.exe    a variant of MSIL/DomaIQ.E application
C:\Users\Chilo\Downloads\Installationsfiler\PFPortChecker.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Chilo\Downloads\Installationsfiler\winrar.exe    Win32/Toggle.H application
 

[Cecilia]

1. Den Ask-fil som hittades ligger i AdwCleaners karantän och är alltså redan "oskadliggjord". Det som gäller Babylon är tillfälliga filer som användes under installationen och inte är aktiva i datorn.

 

Har du hämtat AVG från deras egen webbplats?

Det verkar inte normalt att installationen ska innehålla något med Speedupmypc.

 

C:\Users\Chilo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3cc660d4-329844af    a variant of Java/Exploit.CVE-2013-2460.M trojan
C:\Users\Chilo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3cc660d4-43729dd2    a variant of Java/Exploit.CVE-2013-2460.M trojan
C:\Users\Chilo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5b59281c-57a53abb    a variant of Win32/Kryptik.BLIS trojan

Där ser man tydligt att polistrojanen (Kryptik.BLIS) har kommit in genom att utnyttja (Exploit) säkerhetshål i Java.

 

C:\Users\Chilo\Downloads\AVG-Anti-Virus-Free-Edition-2013.exe    a variant of MSIL/DomaIQ.E application
C:\Users\Chilo\Downloads\Installationsfiler\PFPortChecker.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Chilo\Downloads\Installationsfiler\winrar.exe    Win32/Toggle.H application

Ovanstående filer är installationsfiler som du har laddat ner själv. De ligger i mappen "Hämtade filer" och du kan ta bort dem själv om du vill.

 

Kopiera FRST från USB-minnet till skrivbordet eller ladda ned den på nytt till skrivbordet.

Starta Anteckningar.
Kopiera alla rader i rutan:

C:\Users\Chilo\AppData\Local\Temp\E1040DEA-BAB0-7891-8669-9B32FC789DCC\Latest\BExternal.dll
C:\Users\Chilo\AppData\Local\Temp\E1040DEA-BAB0-7891-8669-9B32FC789DCC\Latest\IEHelper.dll
C:\Users\Chilo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3cc660d4-329844af
C:\Users\Chilo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3cc660d4-43729dd2
C:\Users\Chilo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5b59281c-57a53abb

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST genom att dubbelklicka på den.
Klicka på knappen Fix.
Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.