Solved Trojan horse PSW Agent

September 22, 2012 at 01:24:49
Specs: Windows 7
So my AVG free anti virus 2013 detected a trojan horse called PSW agent.

How do I get rid off this agent?
It definitely slows down my laptop.

Best regards


See More: Trojan horse PSW Agent

Report •

✔ Best Answer
September 24, 2012 at 15:32:24
bimse ,
Anytime I see trojan I recommend trying
Trojan Remover
http://www.simplysup.com/tremover/d...
Hitman Pro
http://www.surfright.nl/en/downloads
Run them both till they run clean.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds



#1
September 22, 2012 at 04:37:39
AVG say they block it, before it infects the comp.

http://www.avgthreatlabs.com/webthr...

To get a second opinion, use ESET.

Run ESET & post the log please.
http://www.eset.eu/online-scanner
http://www.eset.com/us/online-scanner
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
How can I view the log file from ESET Online Scanner?
http://www.eset.eu/eset-online-scan...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.


Report •

#2
September 24, 2012 at 00:43:43
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35c7a2c528c25546a0fc6a17b17f5d1b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-23 11:57:42
# local_time=2012-09-24 01:57:42 (+0100, Rom, sommertid)
# country="Denmark"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 590294 590294 0 0
# compatibility_mode=5893 16776574 100 94 774118 100053608 0 0
# compatibility_mode=8192 67108863 100 0 109000 109000 0 0
# scanned=509855
# found=0
# cleaned=0
# scan_time=20924

Report •

#3
September 24, 2012 at 00:52:47
It looks as though you are clean, here is a very good guide, you can run more checks, maybe it is hiding in System Restore.

http://www.selectrealsecurity.com/m...

http://www.selectrealsecurity.com/o...


Report •

Related Solutions

#4
September 24, 2012 at 03:46:31
AVG still detects the "PSW.Agent.AS.JX" in the temp. files. But I'll check the guide.

Report •

#5
September 24, 2012 at 04:52:42
"AVG still detects the "PSW.Agent.AS.JX" in the temp"

Run TFC
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Report •

#6
September 24, 2012 at 15:32:24
✔ Best Answer
bimse ,
Anytime I see trojan I recommend trying
Trojan Remover
http://www.simplysup.com/tremover/d...
Hitman Pro
http://www.surfright.nl/en/downloads
Run them both till they run clean.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#7
September 27, 2012 at 01:49:42
Norton 360 is a suit of powerful antivirus software by Symantec Corporation. It can protect your computer from tens of thousands of known or unknown virus and Trojan programs.In the event the software programme detects a virus which is attempting to attack your computer it should act to block the attack and then report the details to you automatically. Alternatively, some programmes will inform you that it has detected what it considers to be a virus or other malicious attempt to attack your computer and ask you whether you wish to clear this from your device. So, if you are considering purchasing an anti virus programme, such as Norton 360 antivirus by Norton Internet Security, to protect your computer which one should you choose? When all is said and done all antivirus programmes operate in basically the same way.

Report •

#8
October 7, 2012 at 02:00:29
I'm pretty sure that temp cleaner did the trick, JohnW.

AVG hasn't detected it since reboot.

Thanks!


Report •

#9
October 7, 2012 at 03:19:29
Fingers crossed bimse.

Report •

#10
October 11, 2012 at 04:24:29
But it did re-detect the Trojan again a few hours after my last post here

So what to do? Any suggestions?

I've noticed a funny thing that AVG only pops up with the detection everytime, I use Google Chrome. When I got the trojan at first it slowed down my Mozilla (mostly Facebook!), so I tried installing Chrome to see if it would help. And Facebook runs a lot more smooth in Chrome than Mozilla somehow.


Report •

#11
October 11, 2012 at 05:21:00

Report •

#12
October 11, 2012 at 10:26:45
XpUser4Real, I had already tried Trojan Remover on my and Hitman through the guide John linked. But then they didn't find any malware.

So I tried Hitman (and finishing of with the TFC) again just now and kaboom -.got it!

Seems like I'm free. Will return in a few days and give feedback wether it's helped or not.

So far, thanks! Grateful.


Report •

#13
October 11, 2012 at 15:06:13
Thanks for posting back....hope you are fine now...

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#14
October 12, 2012 at 09:57:00
It's back again... so what to do?

Report •

#15
October 12, 2012 at 14:47:37
You can try combofix....be sure to follow the website instructions carefully and you will be fine:
http://www.bleepingcomputer.com/com...

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#16
October 22, 2012 at 13:02:57
ComboFix 12-10-22.02 - Simon Ruben Hansen 22-10-2012 21:44:22.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.3002.1772 [GMT 2:00]
Kører fra: c:\users\Simon Ruben Hansen\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\emachines.ico
c:\programdata\Windows
c:\programdata\windows\lmbd.dll
c:\programdata\Windows\msxx.dat
c:\programdata\Windows\vvve.dat
c:\programdata\Windows\wjdj.dat
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-09-22 til 2012-10-22 )))))))))))))))))))))))))))))))))))
.
.
2012-10-22 19:56 . 2012-10-22 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 09:09 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-17 09:08 . 2012-10-17 09:08 -------- d-----w- c:\program files\iPod
2012-10-17 09:08 . 2012-10-17 09:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-17 09:08 . 2012-10-17 09:09 -------- d-----w- c:\program files\iTunes
2012-10-11 17:13 . 2012-10-11 17:13 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-10-10 07:02 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 07:02 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 07:02 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 07:02 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 07:02 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 07:02 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 07:02 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 07:02 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 07:02 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 07:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-05 01:26 . 2012-10-05 01:26 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 01:30 . 2012-10-02 01:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-28 07:54 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D91E6BDC-510F-4414-9D46-715CB6721D1D}\mpengine.dll
2012-09-26 10:42 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 13:20 . 2012-09-24 13:20 -------- d-----w- c:\users\Simon Ruben Hansen\AppData\Local\Macromedia
2012-09-24 13:19 . 2012-10-09 10:45 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-24 12:51 . 2012-10-11 17:13 -------- d-----w- c:\programdata\HitmanPro
2012-09-24 12:44 . 2012-09-24 12:44 -------- d-----w- c:\users\Simon Ruben Hansen\AppData\Roaming\Malwarebytes
2012-09-24 12:43 . 2012-09-24 12:43 -------- d-----w- c:\programdata\Malwarebytes
2012-09-24 12:43 . 2012-09-24 12:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-24 12:43 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 22:39 . 2010-03-06 10:14 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 10:45 . 2011-11-07 09:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-22 10:11 . 2012-09-22 10:11 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-22 10:11 . 2012-08-17 13:03 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-22 10:11 . 2010-07-08 14:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-21 01:46 . 2012-09-21 01:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 01:46 . 2012-09-21 01:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-21 01:45 . 2012-09-21 01:45 61792 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-09-14 01:05 . 2012-09-14 01:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-09-13 01:11 . 2012-09-13 01:11 151904 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-08-24 11:15 . 2012-09-22 10:03 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 10:03 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 10:03 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 10:03 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 10:03 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 10:03 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 10:03 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 10:03 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 10:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 10:03 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 10:03 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 10:03 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 10:03 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 10:04 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 10:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 10:03 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 10:03 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 10:03 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 10:03 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 10:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 10:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 10:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 07:59 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 07:59 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 07:59 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 07:59 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2010-03-13 14:02 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2010-03-13 14:02 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 07:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 07:59 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 07:59 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-03 06:09 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Simon Ruben Hansen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Simon Ruben Hansen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Simon Ruben Hansen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Simon Ruben Hansen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Simon Ruben Hansen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-22 1199576]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-20 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Simon Ruben Hansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Simon Ruben Hansen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R0 sptd;sptd; [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-02 5783672]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1255736]
R4 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-09-30 844320]
R4 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Tjenesten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 135664]
R4 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 135664]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-11-03 332272]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-06-15 737016]
R4 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-21 61792]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-09-13 151904]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-02 193568]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
.
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 10:45]
.
2012-10-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1145211543-1349949822-2103375769-1002Core.job
- c:\users\Simon Ruben Hansen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-02 19:55]
.
2012-10-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1145211543-1349949822-2103375769-1002UA.job
- c:\users\Simon Ruben Hansen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-02 19:55]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 16:10]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 16:10]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145211543-1349949822-2103375769-1002Core.job
- c:\users\Simon Ruben Hansen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 09:59]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145211543-1349949822-2103375769-1002UA.job
- c:\users\Simon Ruben Hansen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 09:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-03 06:09 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Simon Ruben Hansen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Simon Ruben Hansen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Simon Ruben Hansen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Simon Ruben Hansen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
------- Yderligere scanning -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0406&m=e525&r=273603101715l03c4z145r49024149
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0406&m=e525&r=273603101715l03c4z145r49024149
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0406&m=e525&r=273603101715l03c4z145r49024149
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.254.1
TCP: Interfaces\{63BD4572-6B55-4755-A237-18F25C58A92A}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{63BD4572-6B55-4755-A237-18F25C58A92A}\149627C496E6B65393330303: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{63BD4572-6B55-4755-A237-18F25C58A92A}\3545554454E445E45445: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{63BD4572-6B55-4755-A237-18F25C58A92A}\B49627374756E63784F64756C6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{63BD4572-6B55-4755-A237-18F25C58A92A}\C69667F676D616279616: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{63BD4572-6B55-4755-A237-18F25C58A92A}\D4162796E656C6C6F6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{63BD4572-6B55-4755-A237-18F25C58A92A}\E416B6B6562756E6: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Simon Ruben Hansen\AppData\Roaming\Mozilla\Firefox\Profiles\aqa7fswo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://skema.ku.dk/SUND1213/reporting/individual?objectclass=student+set&idtype=id&identifier=%23SPLUSDBC8D7&t=SWSCUST2+student+set+individual&days=1-5&weeks=&periods=5-44&template=SWSCUST2+student+set+individual
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dd72498&i=23&tp=ab&nt=1&q=
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2012-10-22 22:01:15
ComboFix-quarantined-files.txt 2012-10-22 20:01
.
Pre-Kørsel: 92.772.573.184 byte ledig
Post-Kørsel: 92.719.464.448 byte ledig
.
- - End Of File - - 25FCAC91D88884876EBE640082EFB163

Report •

#17
Report •

#18
October 24, 2012 at 06:17:04
RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/file...
Website: http://tigzy.geekstogo.com/roguekil...
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Simon Ruben Hansen [Admin rights]
Mode : Scan -- Date : 10/24/2012 15:15:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[TASK][SUSP PATH] {6332418D-34BD-4FBF-B940-4C12E28EBFA2} : C:\Windows\system32\pcalua.exe -a C:\Windows\Temp\SETUP.EXE -d C:\Windows\Temp -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] fb222bf19eca8becdd1aafa1fff003c8
[BSP] 62d69f4ea3897887cf4a6e60f6569c04 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 292850 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


Report •

#19
October 24, 2012 at 08:26:34
1: Download & run Unhide
http://www.bleepingcomputer.com/vir...
http://download.bleepingcomputer.co...
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

2: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

3: Reboot

4: How is it running?


Report •

Ask Question