Just nu i M3-nätverket
Jump to content

ydro.exe, virus eller liknande?


Alban

Recommended Posts

Min dator har börjat uppföra sig oerhört märkligt på sistone och jag förstår inte vad det beror på. Med märkligt menar jag att CPU-användning ofta är 100% och att när jag skall stänga av den försöker den stänga ett program som heter ydro.exe vilket inte går...

 

Det här är väldigt störigt och jag behöver hjälp av någon.

Tack på förhand.

 

Link to comment
Share on other sites

Vi kan se om HijackThis visar något till att börja med:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 23:44:10, on 2008-09-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\acer\Acer eConsole\MediaServerService.exe

C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program\Acer\eRecovery\Monitor.exe

C:\Program\Acer\Acer eMode Management\AspireService.exe

C:\WINDOWS\AGRSMMSG.exe

D:\Program\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\Eset\nod32kui.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program\utorrent\utorrent.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program\Advanced System Optimizer\IEHelper.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Program\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AspireService] C:\Program\Acer\Acer eMode Management\AspireService.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] c:\program\delade~1\instal~1\update~1\isuspm.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [E06AXLRD_5688937] "C:\Program\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [A00F9F040.exe] C:\DOCUME~1\Tomba\LOKALA~1\Temp\_A00F9F040.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.sf-anytime.com

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.ub.gu.se/lib/gubselibrary/support/plugins/ebraryRdr.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://siirtotie.fi/Common/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Acer Media Server - Acer Inc. - C:\Program\acer\Acer eConsole\MediaServerService.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

 

[/log]

 

Link to comment
Share on other sites

Surfa till http://www.virustotal.com klistra in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här.

C:\DOCUME~1\Tomba\LOKALA~1\Temp\_A00F9F040.exe

 

Det är en gammal version av HijackThis.

 

Link to comment
Share on other sites

Ydro.exe syns inte till i loggen. Kan du hitta den om du söker i datorn?

I så fall skanna den på virustotal-sidan.

 

Link to comment
Share on other sites

en ny loggfil om det kan hjälpa

 

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:39:31, on 2008-09-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\acer\Acer eConsole\MediaServerService.exe

C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program\Acer\eRecovery\Monitor.exe

C:\Program\Acer\Acer eMode Management\AspireService.exe

C:\WINDOWS\AGRSMMSG.exe

D:\Program\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\Eset\nod32kui.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program\Advanced System Optimizer\IEHelper.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Program\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AspireService] C:\Program\Acer\Acer eMode Management\AspireService.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] c:\program\delade~1\instal~1\update~1\isuspm.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [E06AXLRD_5688937] "C:\Program\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [A00F9F040.exe] C:\DOCUME~1\Tomba\LOKALA~1\Temp\_A00F9F040.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program\Delade filer\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program\Delade filer\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016 (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.sf-anytime.com

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.ub.gu.se/lib/gubselibrary/support/plugins/ebraryRdr.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://siirtotie.fi/Common/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Acer Media Server - Acer Inc. - C:\Program\acer\Acer eConsole\MediaServerService.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 11538 bytes

[/log]

 

Som ytterligare info kan jag säga att datorn funkar i ungefär en halvtimme och sen blir den helt överbelastad och knepig.

 

Link to comment
Share on other sites

 

Jag hittade en YDRO.EXE-1308B11E.pf i en mapp som heter Windows/prefetch och när jag körde den med virustotal blev det såhär

[log]

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.9.6.0 2008.09.06 -

AntiVir 7.8.1.28 2008.09.05 -

Authentium 5.1.0.4 2008.09.06 -

Avast 4.8.1195.0 2008.09.06 -

AVG 8.0.0.161 2008.09.07 -

BitDefender 7.2 2008.09.06 -

CAT-QuickHeal 9.50 2008.09.06 -

ClamAV 0.93.1 2008.09.06 -

DrWeb 4.44.0.09170 2008.09.06 -

eSafe 7.0.17.0 2008.09.03 -

eTrust-Vet 31.6.6072 2008.09.05 -

Ewido 4.0 2008.09.06 -

F-Prot 4.4.4.56 2008.09.06 -

F-Secure 8.0.14332.0 2008.09.06 -

Fortinet 3.112.0.0 2008.09.06 -

GData 19 2008.09.07 -

Ikarus T3.1.1.34.0 2008.09.06 -

K7AntiVirus 7.10.443 2008.09.05 -

Kaspersky 7.0.0.125 2008.09.07 -

McAfee 5378 2008.09.05 -

Microsoft 1.3903 2008.09.07 -

NOD32v2 3423 2008.09.06 -

Norman 5.80.02 2008.09.05 -

Panda 9.0.0.4 2008.09.06 -

PCTools 4.4.2.0 2008.09.06 -

Prevx1 V2 2008.09.07 -

Rising 20.60.52.00 2008.09.06 -

Sophos 4.33.0 2008.09.06 -

Sunbelt 3.1.1610.1 2008.09.05 -

Symantec 10 2008.09.06 -

TheHacker 6.3.0.8.075 2008.09.06 -

TrendMicro 8.700.0.1004 2008.09.05 -

VBA32 3.12.8.5 2008.09.06 -

ViRobot 2008.9.5.1365 2008.09.06 -

VirusBuster 4.5.11.0 2008.09.06 -

Webwasher-Gateway 6.6.2 2008.09.05 -

[/log]

 

Link to comment
Share on other sites

Ser du någon skillnad mellan de två HijackThis-loggarna?

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

[log]Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

[/log]

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Link to comment
Share on other sites

[log]

ComboFix 08-09-05.02 - Tomba 2008-09-07 1:26:13.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.207 [GMT 2:00]

Running from: C:\Documents and Settings\Tomba\Skrivbord\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\28463

C:\WINDOWS\system32\28463\AKV.exe

C:\WINDOWS\system32\28463\YDRO.001

C:\WINDOWS\system32\28463\YDRO.002

C:\WINDOWS\system32\28463\YDRO.005

C:\WINDOWS\system32\28463\YDRO.006

C:\WINDOWS\system32\28463\YDRO.007

C:\WINDOWS\system32\28463\YDRO.009

C:\WINDOWS\system32\28463\YDRO.exe

C:\WINDOWS\system32\autorun.ini

C:\xcrashdump.dat

G:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_RpcApi

 

 

((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))

.

 

2008-09-07 01:23 . 2008-09-07 01:23 <KAT> d--hs---- C:\Diskeeper

2008-09-07 01:10 . 2008-09-07 01:10 <KAT> d-------- C:\Program\Diskeeper Corporation

2008-09-07 01:10 . 2008-09-07 01:10 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

2008-09-07 00:21 . 2008-09-07 00:21 <KAT> d-------- C:\Program\Trend Micro

2008-09-06 19:36 . 2008-09-06 19:36 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-09-06 19:35 . 2008-09-06 19:36 <KAT> d-------- C:\Program\SUPERAntiSpyware

2008-09-06 19:35 . 2008-09-06 19:35 <KAT> d-------- C:\Documents and Settings\Tomba\Application Data\SUPERAntiSpyware.com

2008-09-06 19:33 . 2008-09-06 19:33 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2008-08-27 08:01 . 2006-11-10 10:48 61,600 -ra------ C:\WINDOWS\system32\drivers\SE30bus.sys

2008-08-27 08:01 . 2006-11-10 10:48 5,872 -ra------ C:\WINDOWS\system32\drivers\SE30whnt.sys

2008-08-27 08:01 . 2006-11-10 10:48 5,872 -ra------ C:\WINDOWS\system32\drivers\SE30wh.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-06 23:06 --------- d-----w C:\Documents and Settings\Tomba\Application Data\uTorrent

2008-09-06 21:28 --------- d-----w C:\Program\Java

2008-08-25 13:12 --------- d--h--w C:\Program\InstallShield Installation Information

2008-08-02 13:52 --------- d-----w C:\Program\iTunes

2008-08-02 13:48 --------- d-----w C:\Program\iPod

2008-07-19 22:30 --------- d-----w C:\Program\Windows Installer Clean Up

2008-07-19 22:30 --------- d-----w C:\Program\TVUPlayer

2008-07-19 22:30 --------- d-----w C:\Program\TimeAdjuster

2008-07-19 22:30 --------- d-----w C:\Program\NimoCodec Pack

2008-07-19 22:29 --------- d-----w C:\Program\ESET

2008-07-19 22:29 --------- d-----w C:\Program\DVD Decrypter

2008-07-19 22:29 --------- d-----w C:\Program\DivXCodec

2008-07-19 22:29 --------- d-----w C:\Program\Celtx

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2008-07-13 13:52 --------- d-----w C:\Documents and Settings\Tomba\Application Data\Apple Computer

2008-07-13 13:45 --------- d-----w C:\Program\QuickTime

2008-07-13 13:45 --------- d-----w C:\Program\Bonjour

2008-07-13 13:39 --------- d-----w C:\Program\Safari

2008-07-11 17:55 --------- d-----w C:\Documents and Settings\Tomba\Application Data\dvdcss

2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll

2008-06-24 16:25 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:25 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 08:42 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 09:24 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:24 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 18:01 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-05-21 17:13 69,848 -c--a-w C:\Documents and Settings\Tomba\Application Data\GDIPFONTCACHEV1.DAT

2008-03-02 17:22 190 -c--a-w C:\Documents and Settings\Tomba\Application Data\wklnhst.dat

2007-11-10 22:24 87,608 ----a-w C:\Documents and Settings\Tomba\Application Data\ezpinst.exe

2007-11-10 22:24 47,360 ----a-w C:\Documents and Settings\Tomba\Application Data\pcouffin.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="C:\Program\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"NVMixerTray"="C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]

"eRecoveryService"="C:\Program\Acer\eRecovery\Monitor.exe" [2005-06-20 352256]

"ntiMUI"="C:\Program\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"AspireService"="C:\Program\Acer\Acer eMode Management\AspireService.exe" [2005-06-21 110592]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 5562368]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 86016]

"Acrobat Assistant 7.0"="D:\Program\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"Easy-PrintToolBox"="C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]

"nod32kui"="C:\Program\Eset\nod32kui.exe" [2007-03-19 949376]

"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"ISUSPM Startup"="c:\program\delade~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"AppleSyncNotifier"="C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"nwiz"="nwiz.exe" [2005-04-01 C:\WINDOWS\system32\nwiz.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WUAppSetup"="C:\Program\Delade filer\logishrd\WUApp32.exe" [2007-07-19 439568]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartAdobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-08-23 25214]

Adobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]

"1"= tcpipmon.exe

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Program\\Fuldc++\\DCPlusPlus.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program\\MSN Messenger\\livecall.exe"=

"C:\\Program\\utorrent\\utorrent.exe"=

"C:\\Program\\SopCast\\SopCast.exe"=

"C:\\Program\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program\\TVUPlayer\\TVUPlayer.exe"=

"C:\\Program\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=

"C:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"C:\\Program\\Bonjour\\mDNSResponder.exe"=

"C:\\Program\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2548:UDP"= 2548:UDP:fuldc++

"2548:TCP"= 2548:TCP:fuldc++2

 

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]

R2 int15.sys;int15.sys;C:\Program\Acer\eRecovery\int15.sys [2005-01-13 69632]

S2 Fcq10;Fcq10;C:\WINDOWS\system32\Fcq10.sys [ ]

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]

S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE30bus.sys [2006-11-10 61600]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]

S3 usb2vcom;DKU-5 Connectivity Adapter Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-08-06 28704]

S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\Setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\kktest2.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

\Shell\AutoRun\command - L:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e68d7e2-ff05-11dc-88f2-00016ccd31a9}]

\Shell\AutoRun\command - O:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-E06AXLRD_5688937 - C:\Program\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE

HKLM-Run-YDRO Agent - C:\WINDOWS\system32\28463\YDRO.exe

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.se/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://global.acer.com/

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O8 -: Convert link target to Adobe PDF - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 -: Convert link target to existing PDF - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 -: Convert selected links to Adobe PDF - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 -: Convert selected links to existing PDF - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 -: Convert selection to Adobe PDF - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 -: Convert selection to existing PDF - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 -: Convert to Adobe PDF - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 -: Convert to existing PDF - D:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 -: E&xportera till Microsoft Excel - C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O8 -: Easy-WebPrint Add To Print List - C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 -: Easy-WebPrint High Speed Print - C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 -: Easy-WebPrint Preview - C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 -: Easy-WebPrint Print - C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

 

O16 -: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f008.mail.spray.se/app/uploader/FileUploader.cab

C:\WINDOWS\Downloaded Program Files\FileUploader.inf

C:\WINDOWS\Downloaded Program Files\FileUploader.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 01:31:22

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program\acer\Acer eConsole\MediaServerService.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program\ESET\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2008-09-07 1:44:09 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-06 23:43:59

 

Pre-Run: 1,423,765,504 byte ledigt

Post-Run: 3,508,117,504 byte ledigt

 

244 --- E O F --- 2008-08-13 14:35:06

[/log]

 

Link to comment
Share on other sites

Så vitt jag kan förstå så är det som ComboFix tog bort en keylogger, alltså ett program som sparar allt du trycker på tangentbordet. Du behöver alltså byta alla lösenord och liknande som du använder på datorn och på internet.

 

Lägg hit en ny HijackThis-logg.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...