[gallstax]

Jag får upp ett program som vill scanna min dator. Den hittar en massa fel och säger på slutet "I need a heuristic program", som man kan få köpa för runt 90 dollar.
Vet inte hur jag skall göra eftersom det är svårt att få bort eller komma förbi programmet.
Här följer en DDS-rapport om det kan vara till hjälp?


DDS (Ver_10-10-10.03) - NTFSx86
Run by Bj”rn at 21:10:55,97 on 2010-10-17
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1790.1131 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Björn\Documents\Setup\DDS\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.se/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
uWinlogon: Shell=c:\users\björn\appdata\roaming\hotfix.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Power2GoExpress]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Skytel] Skytel.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\progra~1\flashget\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\flashget\jc_link.htm
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\FlashGet.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldsv-se.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101015.003\IDSvix86.sys [2010-10-13 353840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67656]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-2-3 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2006-12-19 81408]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-2-3 48688]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-5 42368]
S2 gupdate1c9b773b1434e9a;Tjänsten Google Update (gupdate1c9b773b1434e9a);c:\program files\google\update\GoogleUpdate.exe [2009-4-7 133104]
S3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2008-12-19 120960]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]
S4 DAHIDI;DAHIDI;c:\windows\system32\drivers\iMON_SS.sys [2008-12-19 24714]
S4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-12-19 150568]
S4 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2008-12-19 272424]
S4 sertouch;sertouch;c:\windows\system32\drivers\sertouch.sys [2008-12-19 107264]
S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2008-12-19 110128]
S4 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-12-19 21048]
S4 xtouch;xtouch;c:\windows\system32\drivers\xtouch.sys [2008-12-19 103936]

=============== Created Last 30 ================

2010-10-17 17:33:41 522240 ----a-w- c:\users\bjrn~1\appdata\roaming\hotfix.exe
2010-10-17 17:33:41 322 ----a-w- c:\users\bjrn~1\appdata\roaming\40768.bat
2010-10-15 09:56:30 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-15 09:56:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-05 13:56:51 133 ----a-w- c:\users\bjrn~1\appdata\roaming\srsf.bat
2010-10-05 10:20:12 -------- d-----w- c:\program files\Personal
2010-10-05 10:19:13 42368 ----a-w- c:\windows\system32\drivers\shbecr.sys
2010-10-05 10:18:34 -------- d-----w- c:\users\bjrn~1\appdata\local\Handelsbanken
2010-10-05 10:18:15 -------- d-----w- c:\users\bjrn~1\appdata\roaming\TiFiC
2010-10-05 10:18:15 -------- d-----w- c:\users\bjrn~1\appdata\local\TiFiC
2010-10-05 10:17:57 -------- d-----w- c:\program files\TiFiC
2010-10-05 10:17:43 -------- d-----w- c:\program files\common files\TiFiC
2010-10-01 08:53:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-01 08:52:45 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-27 07:22:03 -------- d-----w- c:\program files\iPod
2010-09-27 07:22:02 -------- d-----w- c:\program files\iTunes
2010-09-22 16:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-09-22 07:55:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-22 07:55:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-22 07:55:02 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-22 07:49:23 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-09-12 14:03:17 203776 --sh--w- c:\progra~2\unrar.exe
2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2010-07-27 16:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 16:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 21:11:18,73 ===============

[Mats H]

Hej,
saknar Attach.txt som också skapas i samband med körningen av DDS.
Kan du posta den med, endera bifoga genom att använda Full Redigerare, eller klistra in som du gjorde med DDS.txt
Mvh
Mats H

[Mats H]

Hej,
du kan köra Malwarebytes,
hittas här:
Malwarebytes' Anti-Malware
Kör en snabbskanner och följ programmets instruktioner om ngt hittas. Återkom med loggar, som du klistrar in i din tråd. De hittas under fliken loggar.
Glöm inte Attach.txt.
Mvh
Mats H

[gallstax]

Hej Mats H!

Jag körde Anti-Malware redan igår, utan problem.
Här kommer dagens Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 2008-12-19 09:10:30
System Uptime: 2010-10-18 15:27:11 (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7501
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+ | CPU 1 | 2594/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 165,536 GiB free.
D: is CDROM ()
E: is Removable
G: is FIXED (FAT32) - 76 GiB total, 8,916 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP191: 2010-05-26 21:51:22 - Windows Update
RP192: 2010-06-03 22:18:32 - Windows Update
RP194: 2010-06-09 11:46:18 - Installationsprogram för Windows-moduler
RP195: 2010-06-09 11:46:51 - Installationsprogram för Windows-moduler
RP196: 2010-06-09 11:47:38 - Installationsprogram för Windows-moduler
RP197: 2010-06-09 11:48:34 - Installationsprogram för Windows-moduler
RP198: 2010-06-16 11:48:51 - Windows Säkerhetskopiering
RP199: 2010-06-23 12:17:10 - Windows Update
RP200: 2010-07-17 14:07:33 - Windows Update
RP201: 2010-07-18 15:20:36 - Windows Säkerhetskopiering
RP202: 2010-08-03 11:52:52 - Windows Update
RP203: 2010-08-15 18:04:07 - Windows Update
RP204: 2010-08-20 17:28:08 - Windows Säkerhetskopiering
RP205: 2010-09-09 08:37:44 - Windows Update
RP206: 2010-09-09 12:37:50 - Installed Java™ 6 Update 21
RP207: 2010-09-15 16:44:07 - Removed LimeWire Toolbar.
RP208: 2010-09-15 19:56:03 - Removed Java™ 6 Update 7
RP209: 2010-09-15 19:57:56 - Removed Java™ 6 Update 18
RP210: 2010-09-16 11:26:12 - Windows Update
RP211: 2010-09-17 14:20:49 - Schemalagd kontrollpunkt
RP212: 2010-09-21 14:47:18 - Windows Säkerhetskopiering
RP213: 2010-09-22 09:49:42 - Installation av enhetsdrivrutinspaket: Apple, Inc. USB-styrenheter
RP214: 2010-09-22 09:50:23 - Installation av enhetsdrivrutinspaket: Apple Nätverkskort
RP215: 2010-10-02 14:02:00 - Windows Update
RP216: 2010-10-05 12:19:15 - Installation av enhetsdrivrutinspaket: Todos Data System AB Smartkortsläsare
RP217: 2010-10-07 17:45:13 - Windows Update
RP218: 2010-10-09 11:32:33 - Windows Update
RP219: 2010-10-15 13:33:37 - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0 - Svenska
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI Catalyst Install Manager
BankID säkerhetsprogram 4.10.4
Bonjour
Business Contact Manager för Outlook 2007 SP2
Canon CanoScan Toolbox 5.0
CanoScan 4400F
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
CATraxx 2000
ccc-core-static
ccc-utility
CCC Help English
CCleaner
CleanMem
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Suite
DX-Ball 1.09
Easy Bridge
EO Video 1.36
FlashGet 1.9.6.1073
Free Tetrix
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
getPlus® for Adobe
Google Chrome
Google Earth
Google Update Helper
Handelsbanken Installationsguide
HandyBits File Shredder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Indeo® Software
Intel A/V Codecs V2.0
IrfanView (remove only)
iTunes
Java Auto Updater
Java™ 6 Update 21
LightScribe System Software 1.12.33.2
LimeWire 5.5.14
Malwarebytes' Anti-Malware
MediaShow
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
miFiles - My Internet Files
MosChip Multi-IO Controller
Move Networks Media Player for Internet Explorer
MP4 Player
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicTime Deluxe 3.5.5
Nero 8 Essentials
neroxml
Norton Internet Security
Norton Security Scan
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PhotoNow!
Power2Go 5.0
PowerBackup
PowerDirector Express
PowerDVD
PowerDVD Copy
PowerProducer
Presto! PageManager 7.15.13
QuickTime
RealPlayer
Realtek High Definition Audio Driver
ReNamer
Samsung CLP-310 Series
ScanSoft OmniPage SE 4.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sibelius Scorch (ActiveX Only)
SIW version 2009-09-09
Skins
Spelling Dictionaries Support For Adobe Reader 9
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Startprogram för installationen av Microsoft Works 2001
SUPERAntiSpyware Free Edition
Symantec Technical Support Web Controls
TweakNow RegCleaner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Windows Driver Package - Todos Data System AB (Tdsshbecr) SmartCardReader (05/30/2008 1.0.9.2)
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Messenger
Windows Live Upload Tool
WinRAR archiver
VLC media player 1.1.4
Works-synkronisering
Works Suite OS-paket
Xvid 1.1.3 final uninstall

[Cecilia]

Hittade MBAM något igår? För det brukar kunna åtgärda åtminstone en av de misstänkta filer som syns i DDS-loggen. Har du kommit ihåg att uppdatera MBAM?

[gallstax]

Jag kör MBAM version 1.46 2010-04-30. Det finns ingen senare vad jag kan se...
SÅ här ser rapporten ut, helt ok tycker jag:

Björn


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databasversion: 4621

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

2010-10-18 17:24:24
mbam-log-2010-10-18 (17-24-24).txt

Skanningstyp: Snabbskanning
Antal skannade objekt: 134421
Förfluten tid: 4 minut(er), 58 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)

[Mats H]

He,
kan du köra om Malwarebytes en gång till, när du startat programmet se efter fliken Uppdatera, 3: från vänster.
Tryck på den och låt Malwarebytes uppdatera, kör sedan en ny skanner.
Återkom med logg.
Mvh
Mats H

[gallstax]

Hej!

Idag kom inte ThinkPoint upp när jag startade datorn, märkligt nog.
Kanske MBAM fixade det igår?
Har uppdaterat MBAM, som du sa, och här ser du resultatet:

Björn

Den hittade en infekterad fil, som jag tog bort!!
Vet du möjligen vad det är för typ av virus?



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databasversion: 4880

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

2010-10-19 13:44:55
mbam-log-2010-10-19 (13-44-55).txt

Skanningstyp: Snabbskanning
Antal skannade objekt: 136540
Förfluten tid: 5 minut(er), 14 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 1

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Users\Björn\AppData\Roaming\srsf.bat (Malware.Trace) -> Quarantined and deleted successfully.

[Mats H]

Hej,
jag föreslår att vi fortsätter och tar en en titt till i din dator.
Den hittade filen, har ofta en eller annan följeslagare.
Kör en DDS till, så får vi se.
Mvh
Mats H

[gallstax]

Ursäkta dröjsmålet, har varit på en liten resa.

Här kommer dds.txt:

--------------------------------------------------------------------------------------
DDS (Ver_10-10-10.03) - NTFSx86
Run by Bj”rn at 16:44:50,46 on 2010-10-21
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1790.906 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Björn\Documents\Setup\DDS\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.se/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Power2GoExpress]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\progra~1\flashget\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\flashget\jc_link.htm
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\FlashGet.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldsv-se.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101020.001\IDSvix86.sys [2010-10-19 353840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67656]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-2-3 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2006-12-19 81408]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-2-3 48688]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-5 42368]
S2 gupdate1c9b773b1434e9a;Tjänsten Google Update (gupdate1c9b773b1434e9a);c:\program files\google\update\GoogleUpdate.exe [2009-4-7 133104]
S3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2008-12-19 120960]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]
S4 DAHIDI;DAHIDI;c:\windows\system32\drivers\iMON_SS.sys [2008-12-19 24714]
S4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-12-19 150568]
S4 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2008-12-19 272424]
S4 sertouch;sertouch;c:\windows\system32\drivers\sertouch.sys [2008-12-19 107264]
S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2008-12-19 110128]
S4 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-12-19 21048]
S4 xtouch;xtouch;c:\windows\system32\drivers\xtouch.sys [2008-12-19 103936]

=============== Created Last 30 ================

2010-10-17 17:33:41 322 ----a-w- c:\users\bjrn~1\appdata\roaming\40768.bat
2010-10-15 09:56:30 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-15 09:56:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-05 10:20:12 -------- d-----w- c:\program files\Personal
2010-10-05 10:19:13 42368 ----a-w- c:\windows\system32\drivers\shbecr.sys
2010-10-05 10:18:34 -------- d-----w- c:\users\bjrn~1\appdata\local\Handelsbanken
2010-10-05 10:18:15 -------- d-----w- c:\users\bjrn~1\appdata\roaming\TiFiC
2010-10-05 10:18:15 -------- d-----w- c:\users\bjrn~1\appdata\local\TiFiC
2010-10-05 10:17:57 -------- d-----w- c:\program files\TiFiC
2010-10-05 10:17:43 -------- d-----w- c:\program files\common files\TiFiC
2010-10-01 08:53:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-01 08:52:45 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-27 07:22:03 -------- d-----w- c:\program files\iPod
2010-09-27 07:22:02 -------- d-----w- c:\program files\iTunes
2010-09-22 16:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-09-22 08:01:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-09-22 07:55:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-22 07:55:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-22 07:55:02 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-22 07:49:23 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-09-12 14:03:17 203776 --sh--w- c:\progra~2\unrar.exe
2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2010-07-27 16:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 16:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 16:45:29,29 ===============


Och här kommer DDS-attach.txt

--------------------------------------------------------------------------------------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 2008-12-19 09:10:30
System Uptime: 2010-10-21 16:19:06 (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7501
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+ | CPU 1 | 2594/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 164,979 GiB free.
D: is CDROM ()
E: is Removable
G: is FIXED (FAT32) - 76 GiB total, 8,916 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0 - Svenska
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI Catalyst Install Manager
BankID säkerhetsprogram 4.10.4
Bonjour
Business Contact Manager för Outlook 2007 SP2
Canon CanoScan Toolbox 5.0
CanoScan 4400F
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
CATraxx 2000
ccc-core-static
ccc-utility
CCC Help English
CCleaner
CleanMem
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Suite
DX-Ball 1.09
Easy Bridge
EO Video 1.36
FlashGet 1.9.6.1073
Free Tetrix
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
getPlus® for Adobe
Google Chrome
Google Earth
Google Update Helper
Handelsbanken Installationsguide
HandyBits File Shredder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Indeo® Software
Intel A/V Codecs V2.0
IrfanView (remove only)
iTunes
Java Auto Updater
Java™ 6 Update 21
LightScribe System Software 1.12.33.2
LimeWire 5.5.14
Malwarebytes' Anti-Malware
MediaShow
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
miFiles - My Internet Files
MosChip Multi-IO Controller
Move Networks Media Player for Internet Explorer
MP4 Player
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicTime Deluxe 3.5.5
Nero 8 Essentials
neroxml
Norton Internet Security
Norton Security Scan
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PhotoNow!
Power2Go 5.0
PowerBackup
PowerDirector Express
PowerDVD
PowerDVD Copy
PowerProducer
Presto! PageManager 7.15.13
QuickTime
RealPlayer
Realtek High Definition Audio Driver
ReNamer
Samsung CLP-310 Series
ScanSoft OmniPage SE 4.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sibelius Scorch (ActiveX Only)
SIW version 2009-09-09
Skins
Spelling Dictionaries Support For Adobe Reader 9
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Startprogram för installationen av Microsoft Works 2001
SUPERAntiSpyware Free Edition
Symantec Technical Support Web Controls
TweakNow RegCleaner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Windows Driver Package - Todos Data System AB (Tdsshbecr) SmartCardReader (05/30/2008 1.0.9.2)
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Messenger
Windows Live Upload Tool
WinRAR archiver
VLC media player 1.1.4
Works-synkronisering
Works Suite OS-paket
Xvid 1.1.3 final uninstall

==== End Of File ===========================

[Mats H]

Hej,
en följeslagare kanske.
c:\users\bjrn~1\appdata\roaming\40768.bat
Ladda upp på Virustotal, hittas här:
http://www.virustotal.com/index.html
Klicka på fliken Upload a File, leta reda på den med hjälp av Bläddraknappen, tryck Send File.
Återkom med svarslänken färdiganalyserad här i din tråd.
Mvh
Mats H

[gallstax]

Hej!

Här kommer resultatet:
Vad jag, som amatör, kan utläsa så finns det inga konstigheter...

Björn
--------------------------------------------------------------------------------------

File name: 40768.bat
Submission date: 2010-10-22 08:34:31 (UTC)
Current status: queued (#4) queued (#4) analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.10.22.01 2010.10.22 -
AntiVir 7.10.13.16 2010.10.22 -
Antiy-AVL 2.0.3.7 2010.10.22 -
Authentium 5.2.0.5 2010.10.22 -
Avast 4.8.1351.0 2010.10.21 -
Avast5 5.0.594.0 2010.10.21 -
AVG 9.0.0.851 2010.10.21 -
BitDefender 7.2 2010.10.22 -
CAT-QuickHeal 11.00 2010.10.22 -
ClamAV 0.96.2.0-git 2010.10.22 -
Comodo 6473 2010.10.22 -
DrWeb 5.0.2.03300 2010.10.22 -
Emsisoft 5.0.0.50 2010.10.22 -
eSafe 7.0.17.0 2010.10.21 -
eTrust-Vet 36.1.7926 2010.10.22 -
F-Prot 4.6.2.117 2010.10.22 -
F-Secure 9.0.16160.0 2010.10.22 -
Fortinet 4.2.249.0 2010.10.22 -
GData 21 2010.10.22 -
Ikarus T3.1.1.90.0 2010.10.22 -
Jiangmin 13.0.900 2010.10.22 -
K7AntiVirus 9.66.2805 2010.10.21 -
Kaspersky 7.0.0.125 2010.10.22 -
McAfee 5.400.0.1158 2010.10.22 -
McAfee-GW-Edition 2010.1C 2010.10.22 -
Microsoft 1.6301 2010.10.22 -
NOD32 5554 2010.10.22 -
Norman 6.06.10 2010.10.22 -
nProtect 2010-10-22.01 2010.10.22 -
Panda 10.0.2.7 2010.10.21 -
PCTools 7.0.3.5 2010.10.22 -
Prevx 3.0 2010.10.22 -
Rising 22.70.03.01 2010.10.22 -
Sophos 4.58.0 2010.10.22 -
Sunbelt 7115 2010.10.22 -
SUPERAntiSpyware 4.40.0.1006 2010.10.22 -
Symantec 20101.2.0.161 2010.10.22 -
TheHacker 6.7.0.1.064 2010.10.21 -
TrendMicro 9.120.0.1004 2010.10.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.22 -
VBA32 3.12.14.1 2010.10.21 -
ViRobot 2010.9.25.4060 2010.10.22 -
VirusBuster 12.69.11.0 2010.10.21 -
Additional informationShow all
MD5 : 43324e1525994637c265dcb6c9f925ad
SHA1 : 09efd577303522286fc5e6184b90bb410f495108
SHA256: 48042d5a1c8c7379b16dd43fb115ce138810c0c1cfa423496761b1bfde1131b7

[Mats H]

Hej!
Bra att det inte var ngt infekterat där.
Vill kolla med ComboFix också. Spara ComboFix på Skrivbordet:
http://download.blee...Bs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.
Hur? Se http://www.bleepingc...opic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.
Mvh
Mats H

[gallstax]

Hej igen Mats!

Det var lite trixigt att stänga av alla säkerhetsfunktioner, men det gick bra till sist.
Jag körde ComboFix enl. reglerna och det verkar också ha gått bra.
Här kommer loggfilen:


ComboFix 10-10-23.01 - Björn 2010-10-24 14:06:19.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1790.1212 [GMT 2:00]
Körs från: c:\users\Björn\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu571349741v4
c:\programdata\SysWoW32\mu571349741v4.kwd
c:\programdata\SysWoW32\mu571349741v5
c:\programdata\SysWoW32\mu571349741v5.kwd
c:\programdata\SysWoW32\mu571349741v6
c:\programdata\SysWoW32\mu571349741v6.kwd
c:\programdata\SysWoW32\mu571349741v7
c:\programdata\SysWoW32\mu571349741v7.kwd
c:\programdata\SysWoW32\wu571349741v0
c:\programdata\SysWoW32\wu571349741v0.kwd
c:\programdata\SysWoW32\wu571349741v1
c:\programdata\SysWoW32\wu571349741v1.kwd
c:\programdata\SysWoW32\wu571349741v2
c:\programdata\SysWoW32\wu571349741v2.kwd
c:\programdata\SysWoW32\wu571349741v3
c:\programdata\SysWoW32\wu571349741v3.kwd
c:\programdata\unrar.exe

.
(((((((((((((((((((((((( Filer Skapade från 2010-09-24 till 2010-10-24 ))))))))))))))))))))))))))))))
.

2010-10-24 12:15 . 2010-10-24 12:16 -------- d-----w- c:\users\Björn\AppData\Local\temp
2010-10-24 12:15 . 2010-10-24 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-23 14:25 . 2010-10-24 09:18 -------- d-----w- c:\users\Björn\AppData\Local\Windows Live
2010-10-23 14:23 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-17 17:33 . 2010-10-17 17:33 322 ----a-w- c:\users\Björn\AppData\Roaming\40768.bat
2010-10-15 09:56 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 09:56 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-05 10:20 . 2010-10-05 10:20 -------- d-----w- c:\program files\Personal
2010-10-05 10:19 . 2010-10-05 10:19 -------- d-----w- c:\program files\DIFX
2010-10-05 10:19 . 2009-10-22 09:49 42368 ----a-w- c:\windows\system32\drivers\shbecr.sys
2010-10-05 10:18 . 2010-10-05 10:21 -------- d-----w- c:\users\Björn\AppData\Local\Handelsbanken
2010-10-05 10:18 . 2010-10-05 10:18 -------- d-----w- c:\users\Björn\AppData\Local\TiFiC
2010-10-05 10:18 . 2010-10-05 10:18 -------- d-----w- c:\users\Björn\AppData\Roaming\TiFiC
2010-10-05 10:17 . 2010-10-05 10:17 -------- d-----w- c:\program files\TiFiC
2010-10-05 10:17 . 2010-10-05 10:17 -------- d-----w- c:\program files\Common Files\TiFiC
2010-10-01 08:53 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-01 08:52 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-27 07:22 . 2010-09-27 07:22 -------- d-----w- c:\program files\iPod
2010-09-27 07:22 . 2010-09-27 07:22 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-17 17:33 . 2010-10-17 17:33 322 ----a-w- c:\users\Björn\AppData\Roaming\40768.bat
2010-10-17 17:33 . 2010-10-17 17:33 322 ----a-w- c:\users\Björn\AppData\Roaming\40768.bat
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-15 13:56 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-01 2424560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-05-07 524288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID s„kerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2010-10-5 939920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-01 09:13 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Personal.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Personal.lnk
backup=c:\windows\pss\Personal.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Påminnelser för Kalendern i Microsoft Works.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Påminnelser för Kalendern i Microsoft Works.lnk
backup=c:\windows\pss\Påminnelser för Kalendern i Microsoft Works.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 23:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service]
2009-02-24 11:25 19456 --s-a-w- c:\progra~1\COMMON~1\TEKNUM~1\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1c9b773b1434e9a;Tjänsten Google Update (gupdate1c9b773b1434e9a);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 133104]
R3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2008-05-19 120960]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-04-01 12872]
R4 DAHIDI;DAHIDI;c:\windows\system32\drivers\imon_ss.sys [2004-04-26 24714]
R4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-10 150568]
R4 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2008-09-01 272424]
R4 sertouch;sertouch;c:\windows\system32\drivers\sertouch.sys [2008-05-19 107264]
R4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2007-02-01 110128]
R4 UGURU;UGURU;c:\windows\system32\drivers\uguru.sys [2006-10-02 21048]
R4 xtouch;xtouch;c:\windows\system32\drivers\xtouch.sys [2008-05-20 103936]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101021.003\IDSvix86.sys [2010-10-19 353840]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-04-01 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2006-12-19 81408]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys [2009-10-22 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 11:26]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 11:26]

2010-10-02 c:\windows\Tasks\Norton Security Scan for Björn.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-11 07:48]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Power2GoExpress - (no file)
MSConfigStartUp-359F5809-00B8-4455-A73A-9EA62A51101B - c:\programdata\3CF08698.exe
MSConfigStartUp-371413122 - c:\programdata\816534143\371413122.exe
MSConfigStartUp-Microsoft Works Portfolio - c:\program files\Microsoft Works\WksSb.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-WorksFUD - c:\program files\Microsoft Works\wkfud.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 14:16
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
Sluttid: 2010-10-24 14:18:49
ComboFix-quarantined-files.txt 2010-10-24 12:18

Före genomsökningen: 177 226 227 712 byte ledigt
Efter genomsökningen: 177 374 105 600 byte ledigt

- - End Of File - - 38D7FC1D127A644EB54EFFCA8EE11B7F

[Mats H]

Hej,
hur fungerar din dator nu?
Vad denna .bat används till vet jag inte, men tycker att du kan ta bort den.
c:\users\Björn\AppData\Roaming\40768.bat
Efter att du tagit bort och förutsatt att datorn nu funkar som den ska, starta om och städa enligt följande:

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.
Börja med att skapa en ny systemåterställningspunkt:

• Öppna System genom att klicka på Start, Kontrollpanelen, System och underhåll och sedan på System.
• Klicka på Systemskydd i den vänstra fönsterrutan. Om du uppmanas att ange administratörslösenord eller bekräftelse, följer du uppmaningen.
• Klicka på fliken Systemskydd och sedan på Skapa.
• Skriv en beskrivning i dialogrutan Systemskydd och klicka sedan på Skapa.

Vista: http://windows.micro...asked-questions


Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.
Läs bifogad länk, se:
Fliken Fler alternativ är tillgänglig om du väljer att rensa filer från alla användare på datorn.
Den här fliken inkluderar ytterligare två metoder som du kan använda för att frigöra ännu mer diskutrymme:
Systemåterställning och skuggkopior.
Uppmanar dig att ta bort alla utom den senaste återställningspunkten på disken.
http://windows.micro...ng-Disk-Cleanup

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.
http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och de olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn. Ta bort DDS-programmet och dess loggar. Om något är kvar efter det så fråga hur du ska ta bort det.

3. Spara TFC av OldTimer på Skrivbordet.
http://oldtimer.geekstogo.com/TFC.exe

Stäng alla program och fönster.
Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).
Klicka på Start-knappen för att starta städningen.
Det kan ta några minuter och låt datorn vara ifred under tiden.

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv.


4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.
http://mnin.blogspot...iggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

http://sites.google....lstockholm/home

Att uppdatera:
Java™ 6 Update 21 till Java™ 6 Update 22.

Återkom med frågor om något är oklart eller om något problem kvarstår.
Mvh
Mats H

Inlägget är redigerat av Mats H: 24 okt 2010, 14:15.

[gallstax]

Hej MAts!

Först och främst, datorn verkar frisk och funkar bra!!! Mycket tack!

Jag tog bort filen 40768.bat!

Sedan blir jag lite kluven och törs inte fortsätta.
Det finns inget "System och underhåll" på kontrollpanelen???
Menar du kanske "System", som innehåller dom fyra funktionerna:
Enhetshanteraren
Fjärrinställningar
Systemskydd
Avancerade systeminställningar

?

Björn

[Mats H]

Hej,
tog texten direkt från MS länken
trodde nog att det stämde på Vista.
Menar du kanske "System"?
Ja absolut och sedan Systemskydd.

Kul att datorn fungerar igen!
Bra jobbat!
Mvh
Mats H

Inlägget är redigerat av Mats H: 26 okt 2010, 20:14.

[Cecilia]

Om man ser "System och underhåll" i Kontrollpanelen beror på om man har ställt in Klassisk vy eller inte i Kontrollpanelen.

[gallstax]

Hej Mats!

Det var fånigt av mig att inte begripa skillnaden mellan klassisk och ny vy....

Jag skapade en ny återställningspunkt och tog bort de gamla inkl. skuggkopior.
Tog bort DDS + loggen! Varför?
Körde programmen OTC och FTC utan problem.
Även Java är uppdaterad!

Jag såg på nätet att THINKPOINT redan ställt till en massa tråkigheter se:
http://se.pcthreat.c...id-13022se.html

Ser nu fram mot en bekymmers- och virusfri datorframtid!

TACK!! ännu en gång!

Björn

[Cecilia]

pcthreat.com ska du inte besöka, se omdömena på http://www.mywot.com...se.pcthreat.com

Men det är riktigt att Thinkpoint infekterar många datorer.