Random popups efter besök på youtube.

[Shapeless]

Tjena, skulle behöva lite hjälp med min dator, det kommer upp porr-popups lite då och då. Allt började när jag besökte en en sida på youtube, som egentligen inte borde vara harmlös alls, men när videon gick igång så började datorn krångla och plötsligt visades en massa popups. Kan ni hjälpa mig?

 

HijackThis log:

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:02:21, on 2008-10-25

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Portrait Displays\HP My Display\dthtml.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

C:\Windows\VMSnap326.exe

C:\Windows\Domino.exe

C:\Windows\System32\CTHELPER.EXE

C:\Windows\System32\CTXFIHLP.EXE

C:\Windows\SYSTEM32\CTXFISPI.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Steam\steam.exe

C:\Users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Windows\System32\mobsync.exe

C:\hp\kbd\kbd.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Guitar Pro 4\GP4.exe

C:\Program Files\DC++\DCPlusPlus.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\Applications\wcm.exe

C:\Program Files\Applications\iebtm.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Applications\iebtmm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Users\Markus\AppData\Local\Temp\xrg1.exe

C:\Program Files\Applications\wcs.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll

O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program Files\Applications\iebt.dll

O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\Windows\system32\512686\512686.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [bigDogpath326] C:\Windows\VMSnap326.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUS\S-1-5-21-1376561358-1333849890-3042836512-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-21-1376561358-1333849890-3042836512-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-21-1376561358-1333849890-3042836512-1000\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-21-1376561358-1333849890-3042836512-1000\..\RunOnce: [CTPostBootSequencer] "C:\Windows\TEMP\CTPBSeq.exe" /reglaunch /self_destruct (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: BIGDOGPATH326.lnk = C:\Windows\VMSnap326.exe

O4 - Global Startup: Domino.lnk = C:\Windows\Domino.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php'>http://www.onlyiesettings.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php (file missing)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUpldsv-se.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.se/ImageUploader4.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 16575 bytes

[/log]

 

[Laston]

Hej! Malwarebytes ska nog kunna hjäpa dig med dessa otrevligheter![log]Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg[/log] Passa även på att uppdatera den java som du har för den är full i säkerhetshål

http://www.saswsupport.se/?page_id=206

 

Mvh Laston

 

[Laston]

Förresten lugna dig med Java,datorn är så pass kraftigt ingfekterad så vi tar detta senare!Det måste nog till fler åtgärder än malwarebytes ser jag nu!!

Under tiden som datorn är infekterad så skall C:\Program Files\DC++\DCPlusPlus.exe stängas av!!!!

 

[inlägget ändrat 2010-01-01 10:02:48 av Laston]

[Shapeless]

Ok, så jag skippar malwarebytes och väntar på ytterligare besked?

 

[Laston]

Nej du ska inte skippa Malwarebytes,vi börjar med den så får vi se hur mycket den kan ta bort av dessa infektioner!! Det var Java som du skulle lugna dig med:)

 

[Shapeless]

Ok, här kommer nya loggar.

 

MBAM

[log]Malwarebytes' Anti-Malware 1.43

Databasversion: 3467

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18241

 

2010-01-01 10:35:24

mbam-log-2010-01-01 (10-35-24).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 115743

Förfluten tid: 7 minute(s), 14 second(s)

 

Infekterade minnesprocesser: 1

Infekterade minnesmoduler: 0

Infekterade registernycklar: 9

Infekterade registervärden: 1

Infekterade registerdataposter: 5

Infekterade mappar: 0

Infekterade filer: 10

 

Infekterade minnesprocesser:

C:\Users\Markus\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com'>http://windiwsfsearch.com'>http://windiwsfsearch.com'>http://windiwsfsearch.com) Good: (http://www.Google.com/'>http://www.Google.com/'>http://www.Google.com/'>http://www.Google.com/'>http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Users\Markus\AppData\Local\Temp\D5A0.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Markus\AppData\Local\Temp\ocxnarewms.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Markus\AppData\Local\Temp\ornxaeswmc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Markus\AppData\Local\Temp\owcemrxnsa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Markus\AppData\Local\Temp\Setup.tmp (Adware.Agent) -> Quarantined and deleted successfully.

C:\Users\Markus\AppData\Local\Temp\5836.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Markus\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Markus\Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

[/log]

 

 

 

HijackThis

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:02:21, on 2008-10-25

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Portrait Displays\HP My Display\dthtml.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

C:\Windows\VMSnap326.exe

C:\Windows\Domino.exe

C:\Windows\System32\CTHELPER.EXE

C:\Windows\System32\CTXFIHLP.EXE

C:\Windows\SYSTEM32\CTXFISPI.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Steam\steam.exe

C:\Users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Windows\System32\mobsync.exe

C:\hp\kbd\kbd.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Guitar Pro 4\GP4.exe

C:\Program Files\DC++\DCPlusPlus.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\Applications\wcm.exe

C:\Program Files\Applications\iebtm.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Applications\iebtmm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Users\Markus\AppData\Local\Temp\xrg1.exe

C:\Program Files\Applications\wcs.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

 

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common

 

Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program

 

Files\BitComet\tools\BitCometBHO_1.2.6.26.dll

O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program

 

Files\Applications\iebt.dll

O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\Windows\system32\512686

 

\512686.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

 

Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

 

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

 

files\google\googletoolbar2.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program

 

Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

 

files\google\googletoolbar2.dll

O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program

 

Files\Applications\iebr.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -

 

startup_folder

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-

 

Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe"

 

RCSystem * -Startup

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module

 

Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module

 

Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume

 

Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec

 

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common

 

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [bigDogpath326] C:\Windows\VMSnap326.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device

 

Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Google Update]

 

"C:\Users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

 

(User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

 

(User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

 

(User 'NÄTVERKSTJÄNST')

O4 - HKUS\S-1-5-21-1376561358-1333849890-3042836512-1000\..\Run: [sidebar] %ProgramFiles%

 

\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-21-1376561358-1333849890-3042836512-1000\..\Run: [WMPNSCFG] C:\Program

 

Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-21-1376561358-1333849890-3042836512-1000\..\Run: [Creative MediaSource Go]

 

"C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-21-1376561358-1333849890-3042836512-1000\..\RunOnce: [CTPostBootSequencer]

 

"C:\Windows\TEMP\CTPBSeq.exe" /reglaunch /self_destruct (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User

 

'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer'

 

/w:'SB Audigy' (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User

 

'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer'

 

/w:'SB Audigy' (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: BIGDOGPATH326.lnk = C:\Windows\VMSnap326.exe

O4 - Global Startup: Domino.lnk = C:\Windows\Domino.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program

 

Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program

 

Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program

 

Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} -

 

http://www.onlyiesettings.com/redirect.php'>http://www.onlyiesettings.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} -

 

http://www.onlyiesettings.com/redirect.php (file missing)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program

 

Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -

 

http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -

 

http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

 

http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUpldsv-se.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

 

http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) -

 

http://www.extrafilm.se/ImageUploader4.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

 

http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -

 

http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

 

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

 

http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support

 

Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program

 

Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

 

Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32

 

\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program

 

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program

 

Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program

 

Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program

 

Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation -

 

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common

 

Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

 

C:\Windows\system32\CTsvcCDA.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program

 

Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common

 

Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program

 

Files\Portrait Displays\HP My Display\DTSRVC.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common

 

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

 

Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation -

 

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program

 

Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation -

 

c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program

 

Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-

 

Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation -

 

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common

 

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program

 

Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program

 

Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation -

 

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common

 

Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common

 

Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec

 

Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program

 

Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 16575 bytes

[/log]

 

[Laston]

Ok där försvann en del otrevligheter iallafall!

Det är en gammal logga från hijackthis

Scan saved at 23:02:21, on 2008-10-25

Du kan behöva kasta den innan du skannar igen för att få fram en ny,glöm inte att högerklicka och köra som admin när du skannar med Hijackthis !!

 

[Shapeless]

hehe, ok då så provar vi igen.

 

HijackThis

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:02:30, on 2010-01-01

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Portrait Displays\HP My Display\dthtml.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

C:\Windows\VMSnap326.exe

C:\Windows\Domino.exe

C:\Windows\System32\CTHELPER.EXE

C:\Windows\System32\Ctxfihlp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Steam\steam.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Windows\ehome\ehmsas.exe

C:\Users\Markus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SYSTEM32\CTXFISPI.EXE

C:\Users\Markus\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\hp\kbd\kbd.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Markus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [bigDogpath326] C:\Windows\VMSnap326.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [wblogon] C:\Windows\System32\algg.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: BIGDOGPATH326.lnk = C:\Windows\VMSnap326.exe

O4 - Global Startup: Domino.lnk = C:\Windows\Domino.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 14730 bytes[/log]

 

[Laston]

Ok det ser bättre ut men det finns en del otrevligheter kvar så vi får ta till ett vassare verktyg![log]Hämta hem ComboFix från nedanstående länk:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Spara ComboFix till skrivbordet "Mycket viktigt"

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[/log]Mvh Laston

 

[Shapeless]

ComboFix Log

 

[log]ComboFix 09-12-31.08 - Markus 2010-01-01 12:05:23.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.46.1053.18.2046.1236 [GMT 1:00]

Körs från: c:\users\Markus\Desktop\ComboFix.exe

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Markus\AppData\Roaming\SystemProc

c:\windows\system32\404Fix.exe

c:\windows\system32\Data

c:\windows\system32\Data\CT0060W.DAT

c:\windows\system32\Data\ctd20x.dat

c:\windows\system32\Data\CTEAPSW.DAT

c:\windows\system32\Data\CTEDSP2W.DAT

c:\windows\system32\Data\CTEDSPHW.DAT

c:\windows\system32\Data\CTEDSPKW.DAT

c:\windows\system32\Data\CTEDSPLW.DAT

c:\windows\system32\Data\CTEDSPPW.DAT

c:\windows\system32\Data\CTEDSPTW.DAT

c:\windows\system32\Data\CTEDSPUW.DAT

c:\windows\system32\Data\CTEDSPW.DAT

c:\windows\system32\Data\CTP0060W.DAT

c:\windows\system32\Data\CTP0061W.DAT

c:\windows\system32\Data\CTP0070W.DAT

c:\windows\system32\Data\CTP0073W.DAT

c:\windows\system32\Data\CTP0090W.DAT

c:\windows\system32\Data\CTP0091W.DAT

c:\windows\system32\Data\CTP0092W.DAT

c:\windows\system32\Data\CTP0095W.DAT

c:\windows\system32\Data\CTP0100W.DAT

c:\windows\system32\Data\CTP0101W.DAT

c:\windows\system32\Data\CTP0102W.DAT

c:\windows\system32\Data\CTP0103W.DAT

c:\windows\system32\Data\CTP0105W.DAT

c:\windows\system32\Data\CTP0150W.DAT

c:\windows\system32\Data\CTP0161W.DAT

c:\windows\system32\Data\CTP0162W.DAT

c:\windows\system32\Data\CTP0170W.DAT

c:\windows\system32\Data\CTP017AW.DAT

c:\windows\system32\Data\CTP017BW.DAT

c:\windows\system32\Data\CTP017CW.DAT

c:\windows\system32\Data\CTP017DW.DAT

c:\windows\system32\Data\CTP017EW.DAT

c:\windows\system32\Data\CTP017FW.DAT

c:\windows\system32\Data\CTP017GW.DAT

c:\windows\system32\Data\CTP017HW.DAT

c:\windows\system32\Data\CTP0191W.DAT

c:\windows\system32\Data\CTP0192W.DAT

c:\windows\system32\Data\CTP0221W.DAT

c:\windows\system32\Data\CTP0222W.DAT

c:\windows\system32\Data\CTP0230W.DAT

c:\windows\system32\Data\CTP0231W.DAT

c:\windows\system32\Data\CTP0232W.DAT

c:\windows\system32\Data\CTP0238W.DAT

c:\windows\system32\Data\CTP0240W.DAT

c:\windows\system32\Data\CTP0242W.DAT

c:\windows\system32\Data\CTP0243W.DAT

c:\windows\system32\Data\CTP0244W.DAT

c:\windows\system32\Data\CTP0245W.DAT

c:\windows\system32\Data\CTP0246W.DAT

c:\windows\system32\Data\CTP0249W.DAT

c:\windows\system32\Data\CTP0280W.DAT

c:\windows\system32\Data\CTP0320W.DAT

c:\windows\system32\Data\CTP0350W.DAT

c:\windows\system32\Data\CTP0352W.DAT

c:\windows\system32\Data\CTP0355W.DAT

c:\windows\system32\Data\CTP0358W.DAT

c:\windows\system32\Data\CTP0359W.DAT

c:\windows\system32\Data\CTP0360W.DAT

c:\windows\system32\Data\CTP0380W.DAT

c:\windows\system32\Data\CTP0400W.DAT

c:\windows\system32\Data\CTP0460W.DAT

c:\windows\system32\Data\CTP0462W.DAT

c:\windows\system32\Data\CTP0463W.DAT

c:\windows\system32\Data\CTP0464W.DAT

c:\windows\system32\Data\CTP0465W.DAT

c:\windows\system32\Data\CTP0466W.DAT

c:\windows\system32\Data\CTP0468W.DAT

c:\windows\system32\Data\CTP0469W.DAT

c:\windows\system32\Data\CTP046AW.DAT

c:\windows\system32\Data\CTP046BW.DAT

c:\windows\system32\Data\CTP046CW.DAT

c:\windows\system32\Data\CTP0530L.DAT

c:\windows\system32\Data\CTP0530W.DAT

c:\windows\system32\Data\CTP0531L.DAT

c:\windows\system32\Data\CTP0531W.DAT

c:\windows\system32\Data\CTP0550W.DAT

c:\windows\system32\Data\CTP055AW.DAT

c:\windows\system32\Data\CTP0600W.DAT

c:\windows\system32\Data\CTP0610W.DAT

c:\windows\system32\Data\CTP0669W.DAT

c:\windows\system32\Data\CTP0678W.DAT

c:\windows\system32\Data\CTP0679W.DAT

c:\windows\system32\Data\CTP0730W.DAT

c:\windows\system32\Data\CTP073AW.DAT

c:\windows\system32\Data\CTP0760W.DAT

c:\windows\system32\Data\CTP0772W.DAT

c:\windows\system32\Data\CTP0773W.DAT

c:\windows\system32\Data\CTP0776W.DAT

c:\windows\system32\Data\CTP0779W.DAT

c:\windows\system32\Data\CTP1140W.DAT

c:\windows\system32\Data\CTP4620W.DAT

c:\windows\system32\Data\CTP4670W.DAT

c:\windows\system32\Data\CTP4760W.DAT

c:\windows\system32\Data\CTP4780W.DAT

c:\windows\system32\Data\CTP4790W.DAT

c:\windows\system32\Data\CTP4820W.DAT

c:\windows\system32\Data\CTP4830W.DAT

c:\windows\system32\Data\CTP4831W.DAT

c:\windows\system32\Data\CTP4832W.DAT

c:\windows\system32\Data\CTP4840W.DAT

c:\windows\system32\Data\CTP4850W.DAT

c:\windows\system32\Data\CTP4870W.DAT

c:\windows\system32\Data\CTP4871W.DAT

c:\windows\system32\Data\CTP4872W.DAT

c:\windows\system32\Data\CTP4875W.DAT

c:\windows\system32\Data\CTP4890W.DAT

c:\windows\system32\Data\CTP4891W.DAT

c:\windows\system32\Data\CTP4893W.DAT

c:\windows\system32\Data\CTPDXW.DAT

c:\windows\system32\Data\CTPM002W.DAT

c:\windows\system32\Data\cts20x.dat

c:\windows\system32\Data\CTXFICBM.RFX

c:\windows\system32\Data\CTXFICM.RFX

c:\windows\system32\Data\CTXFIEM.RFX

c:\windows\system32\Data\CTXFIGM.RFX

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

J:\autorun.inf

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-12-01 till 2010-01-01 ))))))))))))))))))))))))))))))

.

 

2010-01-01 09:25 . 2010-01-01 09:25 -------- d-----w- c:\users\Markus\AppData\Roaming\Malwarebytes

2010-01-01 09:25 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-01 09:25 . 2010-01-01 09:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-01 09:25 . 2010-01-01 09:25 -------- d-----w- c:\programdata\Malwarebytes

2010-01-01 09:25 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-31 10:00 . 2009-12-31 10:00 -------- d-----w- c:\users\Markus\AppData\Roaming\Template

2009-12-30 18:09 . 2009-12-30 18:09 -------- d-----w- c:\program files\EA Games

2009-12-30 18:09 . 2007-07-19 23:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll

2009-12-30 18:09 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll

2009-12-30 18:09 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll

2009-12-30 18:09 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2009-12-30 18:09 . 2007-07-19 23:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll

2009-12-30 18:09 . 2007-06-20 19:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll

2009-12-30 18:05 . 2009-12-30 18:06 -------- d-----w- c:\program files\AGEIA Technologies

2009-12-30 18:05 . 2009-12-30 18:05 -------- d-----w- c:\windows\system32\AGEIA

2009-12-30 18:05 . 2009-12-30 18:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-12-29 23:04 . 2009-12-29 23:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-12-29 23:04 . 2009-12-29 23:04 -------- d-----w- c:\program files\DAEMON Tools Lite

2009-12-29 23:03 . 2009-12-29 23:03 -------- d-----w- c:\users\Markus\AppData\Roaming\DAEMON Tools Lite

2009-12-29 23:03 . 2009-12-29 23:03 -------- d-----w- c:\programdata\DAEMON Tools Lite

2009-12-29 22:38 . 2009-12-29 22:44 -------- d-----w- c:\program files\MagicDisc

2009-12-28 20:48 . 2010-01-01 09:08 -------- d-----w- c:\users\Markus\AppData\Roaming\DC++

2009-12-28 20:48 . 2009-12-28 20:48 -------- d-----w- c:\users\Markus\AppData\Local\DC++

2009-12-28 20:47 . 2009-12-28 20:47 -------- d-----w- c:\program files\DC++

2009-12-22 04:08 . 2009-12-22 04:08 378632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-13 02:00 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-12-13 02:00 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll

2009-12-13 02:00 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys

2009-12-09 21:03 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll

2009-12-09 21:03 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-01 11:08 . 2007-01-20 00:07 597598 ----a-w- c:\windows\system32\perfh01D.dat

2010-01-01 11:08 . 2007-01-20 00:07 117210 ----a-w- c:\windows\system32\perfc01D.dat

2010-01-01 10:45 . 2008-05-25 18:41 -------- d-----w- c:\program files\Norton Security Scan

2010-01-01 09:43 . 2008-04-26 23:12 -------- d-----w- c:\program files\Steam

2009-12-31 14:49 . 2008-04-26 23:12 -------- d-----w- c:\program files\Common Files\Steam

2009-12-31 14:37 . 2007-01-19 15:40 -------- d-----w- c:\program files\Norton Internet Security

2009-12-31 14:37 . 2007-01-19 15:37 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-12-31 14:37 . 2007-01-19 15:37 -------- d-----w- c:\program files\Symantec

2009-12-31 14:37 . 2007-01-19 15:40 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-12-31 14:37 . 2007-01-19 15:40 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-12-31 14:37 . 2007-01-19 15:40 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-12-31 12:12 . 2007-08-05 15:53 -------- d-----w- c:\programdata\Roxio

2009-12-31 10:00 . 2009-12-31 10:00 0 ----a-w- c:\users\Markus\AppData\Roaming\wklnhst.dat

2009-12-27 17:10 . 2008-01-28 20:50 680 ----a-w- c:\users\Markus\AppData\Local\d3d9caps.dat

2009-12-10 02:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-11-17 21:14 . 2007-01-19 15:26 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-17 21:14 . 2009-11-17 21:14 -------- d-----w- c:\program files\Sierra

2009-11-12 21:12 . 2009-11-12 21:12 90112 ----a-w- c:\users\Markus\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\DXPlugin.dll

2009-11-12 21:12 . 2009-11-12 21:12 69632 ----a-w- c:\users\Markus\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\SystemInfo.dll

2009-11-12 21:12 . 2009-11-12 21:12 6656 ----a-w- c:\users\Markus\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeDiskfree.dll

2009-11-12 21:12 . 2009-11-12 21:12 61440 ----a-w- c:\users\Markus\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeUnzip.dll

2009-11-12 21:12 . 2009-11-12 21:12 59904 ----a-w- c:\users\Markus\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\zlib1.dll

2009-11-12 21:12 . 2009-11-12 21:12 57344 ----a-w- c:\users\Markus\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\DXT.dll

2009-11-12 21:12 . 2009-11-12 21:12 315392 ----a-w- c:\users\Markus\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl.dll

2009-11-12 21:12 . 2009-11-12 21:12 20480 ----a-w- c:\users\Markus\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl_awt.dll

2009-11-12 21:12 . 2009-11-12 21:12 20480 ----a-w- c:\users\Markus\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\gluegen-rt.dll

2009-11-12 21:12 . 2009-11-12 21:12 155648 ----a-w- c:\users\Markus\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeJpegDecoder.dll

2009-11-10 20:50 . 2008-03-29 12:53 -------- d-----w- c:\program files\Bullfrog

2009-11-10 20:43 . 2009-11-10 20:43 -------- d-----w- c:\program files\CCleaner

2009-11-03 00:06 . 2007-11-06 16:15 -------- d-----w- c:\program files\iTunes

2009-11-03 00:05 . 2008-12-01 16:44 -------- d-----w- c:\program files\iPod

2009-11-03 00:05 . 2007-08-14 19:28 -------- d-----w- c:\program files\Common Files\Apple

2009-11-03 00:01 . 2009-11-03 00:01 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-02 19:42 . 2009-10-02 18:08 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 09:41 . 2009-11-26 02:01 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-27 21:05 . 2009-10-27 21:05 108144 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-10-12 15:16 . 2007-08-05 13:59 93112 ----a-w- c:\users\Markus\AppData\Local\GDIPFONTCACHEV1.DAT

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"Steam"="c:\program files\Steam\Steam.exe" [2009-10-25 1217808]

"Google Update"="c:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CCUTRAYICON"="FactoryMode" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]

"DT Task"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 264704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]

"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]

"CTXFIREG"="CTxfiReg.exe" [2008-07-11 43520]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"BigDogpath326"="c:\windows\VMSnap326.exe" [2006-09-18 86016]

"Domino"="c:\windows\Domino.exe" [2006-06-28 49152]

"CTHelper"="CTHELPER.EXE" [2008-02-20 19456]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 19968]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-30 1389904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DevconDefaultDB"="c:\windows\system32\READREG" [X]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMIDI"="MIDIDEF.EXE" [2008-02-20 28672]

 

c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupAdobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-22 113664]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\StartupAdobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-22 113664]

BIGDOGPATH326.lnk - c:\windows\VMSnap326.exe [2008-8-24 86016]

Domino.lnk - c:\windows\Domino.exe [2008-8-24 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer8"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071002.003\IDSvix86.sys [2007-10-04 180272]

R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-01-20 2807936]

R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [2008-03-02 33792]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-10-05 112688]

R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-08-03 38448]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-12-30 691696]

S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]

S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-10-28 79360]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-10-11 1527900]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\System32\drivers\nordecr.sys [2007-10-30 24064]

S3 usbvm328;A4Tech USB2.0 PC Camera;c:\windows\System32\drivers\USBVM326.SYS [2008-08-23 325632]

S3 vmfilter326;326 MRD filter service;c:\windows\System32\drivers\vmfilter326.sys [2008-08-23 483072]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*NewlyCreated* - COMHOST

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1376561358-1333849890-3042836512-1001Core.job

- c:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 18:36]

 

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1376561358-1333849890-3042836512-1001UA.job

- c:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 18:36]

 

2009-11-28 c:\windows\Tasks\Norton Internet Security - Sök igenom datorn - Markus.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 09:48]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.Google.com/

uInternet Settings,ProxyOverride = *.local

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKCU-Run-wblogon - c:\windows\System32\algg.exe

HKCU-Run-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe

AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-01 12:15

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTHelper = CTHELPER.EXE?

CTxfiHlp = CTXFIHLP.EXE?

 

scanning hidden files ...

 

 

c:\windows\TEMP\TMP000000499ADB8142B156E8A7 524288 bytes executable

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-1376561358-1333849890-3042836512-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:a9,37,a6,9a,e6,d3,ca,f2,f7,8d,1d,4a,b5,77,b3,a7,00,d6,d1,6a,39,29,6c,

56,d5,55,7e,bd,60,39,3c,ca,7c,d6,ae,1a,1b,65,e9,9a,84,8e,5a,7a,ad,ea,d1,df,"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

 

[HKEY_USERS\S-1-5-21-1376561358-1333849890-3042836512-1001\Software\SecuROM\License information*]

"datasecu"=hex:cc,61,c9,e4,14,6c,51,5a,37,26,ec,e3,c5,d9,d6,88,48,db,84,53,13,

ad,16,5b,06,93,9c,bf,9b,db,a1,89,1d,30,59,4a,20,35,3e,53,09,3e,e6,bf,01,44,"rkeysecu"=hex:6d,8f,9c,4a,2c,74,c4,90,69,d5,96,70,fd,b6,5d,21

.

Sluttid: 2010-01-01 12:18:53

ComboFix-quarantined-files.txt 2010-01-01 11:18

 

Före genomsökningen: 174 366 580 736 byte ledigt

Efter genomsökningen: 174 679 916 544 byte ledigt

 

- - End Of File - - DCD5D3610DA79E0C5285AA5C22AB816E[/log]

 

[Laston]

Ok det var inte lite skit som du fått in,att detta skulle komma från en sida på Youtube har jag väldigt svårt att tro på(Detta DC++ är en höjdare på att dra in skit i datorn) men vi får fortsätta för det finns mer som måste åtgärdas!!

 

Först måste jag be dig att avinstallera DAEMON Tools Lite eftersom den stör nästa program som jag måste be dig att köra!Gå sen vidare med Gmer

 

Ladda ner Gmer till Skrivbordet från en av dessa sidor:

http://www.gmer.net/

http://www.majorgeeks.com/GMER_d5198.html

Packa upp filen till Skrivbordet.

 

Stäng alla program.

Starta programmet gmer.exe.

Välj fliken rootkit, kontrollera att allt är förbockat till höger utom Show All. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.

Tryck på Copy och klistra sedan in resultatet i ditt svar.

 

 

[Laston]

AV: Norton Internet Security *On-access scanning disabled* (Outdated)

Att sen ha ett antiviruprogram som inte är uppdaterat gör ju att skyddet egentligen inte existerar,har licensen gått ut eller varför uppdateras inte Norton?

 

[Shapeless]

DC++ använder jag endast tillsammans med en av mina bandmedlemmar, dvs. vi skickar skitstora video/audiofiler till varandra på hans egna hub där bara han och jag finns . Så jag är inte inloggad på andra hubbar. Men det kan fortfarande stömma in skit menar du?

 

Och sen angående Norton. Ja där har licensen gått ut, har egentligen inte haft råd att uppdatera den på skitlänge. Och jag har inte upplevt det som att jag skulle ha fått virus på datorn efter att licensen gått ut. Allt har funkat som det skulle fram tills att jag besökte den där youtube sidan.

 

 

Nu har jag försökt det här med Gmer, men datorn har låst sig två gånger i rad nu. Och det verkar som om mina ljuduppspelningsenheter har avinstallerats. Skumt.

 

Ska försöka Gmern igen nu direkt. Jag återkommer med eventuell logglista om det nu funkar.

 

[Cecilia]

att detta skulle komma från en sida på Youtube har jag väldigt svårt att tro på

Det håller jag med om men det kan ju ha varit en falsk youtube-sida, sådana finns det ju många. De tas ju fram bara för att lura folk så att det går att få in skadliga program i deras datorer.

 

[Shapeless]

Det här var länken som jag var på då allt det här inträffade, kollade igenom den nu, men nu hände ingenting. Måste ha varit något helt annat som råkade utlösa pop-uppen samtidigt. Oh well.

 

Försökte Gmern igen, men samma sak hände. Den verkar hänga upp sig på något som heter \Device\Harddisk\VolumeShadowCopy1

 

Tips? Och har ni nån aning om varför ljuduppspelningsenheterna avinstallerats?

 

[Cecilia]

Se om det här sättet att köra Gmer funkar bättre:

 

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta programmet gmer.exe.

Om det kommer upp en fråga om "scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

 

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.

 

[Laston]

Tips? Och har ni nån aning om varför ljuduppspelningsenheterna avinstallerats?

Är det crackade program,kan vara så att dessa infekterats och då blivit obrukbara när comboFix rensat( Du kanske måste installera om dessa i såna fall)

Jag ser att du har en extern enhet som är infekterad

J:\autorun.inf

Se till att hålla denna enhet ifrånkopplad så länge om det kan hjälpa förutom Cecilias instruktioner!

 

Mvh Laston