Just nu i M3-nätverket
Jump to content

"Seeg dator"


Sosso

Recommended Posts

Startar en ny tråd här för min kompis dator..

Jag fick rycka ut, satte mej vid datorn, de tog typ huur länge som helst, hände INGENTING, bara att öppna Internet Explorer tog en hel evighet..

 

Kollade CPU:n, och som jag misstänkte så låg den på nästintill 100% och tuggade utan att något var igång.

Jag fick mina misstankar om att det var något program som låg och smög i bakgrunden.

Rensade bort lite div program som han inte använde..

Den slutade då fundera en hel massa iaf..

 

Körde en snabbsökning i Malwarebytes Antimalware..

Den som typ inte brukar ta mer än några minuter, tog 48 min.

6 Infekterade filer hittades då, lite trojaner mm..

HÄR nedanför finns den loggen

 

Nu har jag lånat hem datorn hem till mej över dagen, och har genomsökt en fullständig antivirussökning, en fullständig MBAM sökning, samt en DDS sökning.

Bifogar dessa i 3 nya skilda inlägg

 

 

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Databasversion: 3934

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-03-30 22:33:03

mbam-log-2010-03-30 (22-33-03).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 120804

Förfluten tid: 48 minut(er), 23 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 2

Infekterade registervärden: 2

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 2

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1} (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (IM.Worm) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\v0400cvw.dll (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Documents and Settings\Pelle&Cammi\Application Data\Microsoft\profile.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\V0400Cvw.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

Norton Antivirus:

 

Sökningsstatistik:

Söktid: 3522 sekunder

Sökningsalternativ:

Sökningsmål: C:\

Antal gånger:

Totalt antal sökta: 441 784

– Filer och kataloger: 434 192

– Registerposter: 469

– Processer och startobjekt: 4 928

– Nätverks- och webbläsarobjekt: 2 186

– Övriga: 4

– Pålitliga filer: 5 653

– Filer som hoppats över: 2 106

 

Totalt antal upptäckta säkerhetsrisker: 21

Totalt antal lösta: 21

Totalt antal som behöver åtgärdas: 0

 

lösta hot:

21 spårnings-cookie-filer

Typ: Anomali

Risk: Låg (Låg Smyg, Låg Borttagning, Låg Prestanda, Låg Sekretess)

Kategorier: Cookie

Status: Helt åtgärdad

-----------

21 Spårnings-cookies

Cookie:pelle&cammi@bs.serving-sys.com/ - Togs bort

Cookie:pelle&cammi@doubleclick.net/ - Togs bort

Cookie:pelle&cammi@imrworldwide.com/cgi-bin - Togs bort

Cookie:pelle&cammi@msnportal.112.2o7.net/ - Togs bort

Cookie:pelle&cammi@serving-sys.com/ - Togs bort

Cookie:pelle&cammi@research-int.se/ - Togs bort

Cookie:pelle&cammi@mediaplex.com/ - Togs bort

Cookie:pelle&cammi@adtech.de/ - Togs bort

Cookie:pelle&cammi@adbrite.com/ - Togs bort

Cookie:pelle&cammi@atdmt.com/ - Togs bort

Cookie:pelle&cammi@track.adform.net/ - Togs bort

Cookie:pelle&cammi@statistik-gallup.net/ - Togs bort

Cookie:pelle&cammi@apmebf.com/ - Togs bort

Cookie:pelle&cammi@zedo.com/ - Togs bort

Cookie:pelle&cammi@ad.zanox.com/ - Togs bort

Cookie:pelle&cammi@quantserve.com/ - Togs bort

Cookie:pelle&cammi@tradedoubler.com/ - Togs bort

Cookie:pelle&cammi@tv4.122.2o7.net/ - Togs bort

Cookie:pelle&cammi@revsci.net/ - Togs bort

Cookie:pelle&cammi@tribalfusion.com/ - Togs bort

- Togs bort

 

 

 

 

olösta hot:

Inga risker som inte har åtgärdats

Link to comment
Share on other sites

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Databasversion: 3934

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-04-01 13:31:09

mbam-log-2010-04-01 (13-31-09).txt

 

Skanningstyp: Fullständig skanning (C:\|)

Antal skannade objekt: 214128

Förfluten tid: 1 timme(ar), 16 minut(er), 35 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP569\A0054266.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by Pelle&Cammi at 13:42:27,21 on 2010-04-01

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.766.181 [GMT 2:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\system32\HPZipm12.exe

svchost.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\mHotkey.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Apps\Softex\OmniPass\scureapp.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

C:\WINDOWS\V0400Mon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\My Documents\Downloads\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://google.atcomet.com/b/

uSearch Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

uWindow Title = Packard Bell

uSearch Bar = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=sv-SE&FORM=MICVE5

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\program files\macrogaming\sweetimbarforie\toolbar.dll

mWinlogon: System=c:\windows\system32\svcnost.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SWEETIE Class: {1a0aadcd-3a72-4b5f-900f-e3bb5a838e2a} - c:\progra~1\macrog~1\sweeti~1\toolbar.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.10.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.5.0.127\IPSBHO.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\program files\macrogaming\sweetimbarforie\toolbar.dll

uRun: [smpcSys] c:\apps\smp\SmpSys.exe

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [sweetIM] c:\program files\macrogaming\sweetim\SweetIM.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Google Update] "c:\documents and settings\pelle&cammi\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SIMBAR={8D01CDF4-9024-4076-A901-030CEA3FC887}; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.lunarstorm.se/set/set_presentation_editor.aspx"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NECHotkey] mHotkey.exe

mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run

mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [OmniPass] c:\apps\softex\omnipass\scureapp.exe

mRun: [sweetIM] c:\program files\macrogaming\sweetim\SweetIM.exe

mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [symLnch] "c:\documents and settings\pelle&cammi\application data\symantec\layouts\norton internet security\15.0\symalllanguages\nis_retail\20070829\support\symlnch\symlnch.exe" "c:\documents and settings\pelle&cammi\application data\symantec\layouts\norton internet security\15.0\symalllanguages\nis_retail\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: La&dda ner allt med BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: Ladda ner alla &videor med BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: Ladda ner med &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.1.10.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D79BD4AB-C8E1-48C7-9A86-DF163C340383} - hxxp://starker.liber.se/sametime/STMeetingRoomClient/STJNILoader.cab

Notify: OPXPGina - c:\apps\softex\omnipass\opxpgina.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

 

============= SERVICES / DRIVERS ===============

 

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1105000.07f\symds.sys [2010-2-18 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1105000.07f\symefa.sys [2010-2-18 172592]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1105000.07f\cchpx86.sys [2010-2-18 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1105000.07f\ironx86.sys [2010-2-18 116272]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.5.0.127\ccsvchst.exe [2010-2-18 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20100326.001\IDSXpx86.sys [2010-3-26 329592]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100331.048\NAVENG.SYS [2010-4-1 84912]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100331.048\NAVEX15.SYS [2010-4-1 1324720]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program files\symantec\liveupdate\aluschedulersvc.exe" --> c:\program files\symantec\liveupdate\ALUSchedulerSvc.exe [?]

S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]

S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2009-6-7 142656]

S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2009-6-7 7424]

S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2009-6-7 166720]

 

=============== Created Last 30 ================

 

2010-03-30 19:42:35 0 d-----w- c:\docume~1\pelle&~1\applic~1\Malwarebytes

2010-03-30 19:42:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 19:42:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-30 19:42:05 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-30 19:42:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-11 05:28:37 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-05 14:46:47 293376 ------w- c:\windows\system32\browserchoice.exe

 

==================== Find3M ====================

 

2010-03-30 20:32:20 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-25 09:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-02-18 14:00:54 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-02-18 14:00:54 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-02-18 14:00:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-02-18 14:00:54 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2007-05-12 14:20:06 2867 -c----w- c:\program files\INSTALL.LOG

2009-10-15 01:32:44 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-10-08 01:08:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat

 

============= FINISH: 13:43:08,42 ===============

Attach.txt

Link to comment
Share on other sites

HookProcess

En del skräp här och där faktiskt :)

 

Börja med att avinstallera/uppdatera dessa:

 

BitComet 1.18 - Ändrar startsida osv, bättre att köra en klient som bara ägnar sig åt att ladda hem via torrent-nätet :) µTorrent tycker jag om, den finner du här

Macrogaming SweetIM 2.1 - Ta bort! Se mer info här

Macromedia Flash Player 8 - Gammal

Macromedia Shockwave Player - Gammal

SweetIM For Internet Explorer 3.0b - Se ovan :)

VideoLAN VLC media player 0.8.6a - Installera senaste versionen 1.0.5. Den hittar du här

Java™ SE Runtime Environment 6 Update 1 - Ta bort

Ta bort de som inte används av dessa:

CometBird (3.6) (variant av Firefox som följde med BitComet)

Google Chrome

Safari

 

Efter att du avinstallerat, uppdaterat och kanske installerat alternativ, startar du om datorn och svarar med nya DDS-loggar ;)

 

OBS! Datorn är troligtvis fortfarande infekterad (ett par filer jag är bekymrad över), det är just det jag kommer se lite om i DDS :)

Link to comment
Share on other sites

Ok, snabbsvarar..

Google Chrome används nu.. Utorrent gillar jag åxå, använder det själv..

 

ska uppdatera program, och ta bort program.. återkommer..

Link to comment
Share on other sites

Sådär..

Innan jag klistrar in loggen så ska jag passa på att fråga vad Omnipass är för nåt?

Vad jag kan se så används de inte.....

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Pelle&Cammi at 22:19:59,68 on 2010-04-01

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.766.215 [GMT 2:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\system32\HPZipm12.exe

svchost.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\mHotkey.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Apps\Softex\OmniPass\scureapp.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\V0400Mon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\My Documents\Downloads\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://google.atcomet.com/b/

uSearch Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

uWindow Title = Packard Bell

uSearch Bar = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=sv-SE&FORM=MICVE5

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

mWinlogon: System=c:\windows\system32\svcnost.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.5.0.127\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [smpcSys] c:\apps\smp\SmpSys.exe

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Google Update] "c:\documents and settings\pelle&cammi\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SIMBAR={8D01CDF4-9024-4076-A901-030CEA3FC887}; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.lunarstorm.se/set/set_presentation_editor.aspx"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NECHotkey] mHotkey.exe

mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run

mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [OmniPass] c:\apps\softex\omnipass\scureapp.exe

mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRunOnce: [symLnch] "c:\documents and settings\pelle&cammi\application data\symantec\layouts\norton internet security\15.0\symalllanguages\nis_retail\20070829\support\symlnch\symlnch.exe" "c:\documents and settings\pelle&cammi\application data\symantec\layouts\norton internet security\15.0\symalllanguages\nis_retail\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D79BD4AB-C8E1-48C7-9A86-DF163C340383} - hxxp://starker.liber.se/sametime/STMeetingRoomClient/STJNILoader.cab

Notify: OPXPGina - c:\apps\softex\omnipass\opxpgina.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

 

============= SERVICES / DRIVERS ===============

 

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1105000.07f\symds.sys [2010-2-18 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1105000.07f\symefa.sys [2010-2-18 172592]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1105000.07f\cchpx86.sys [2010-2-18 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1105000.07f\ironx86.sys [2010-2-18 116272]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.5.0.127\ccsvchst.exe [2010-2-18 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20100326.001\IDSXpx86.sys [2010-3-26 329592]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100401.002\NAVENG.SYS [2010-4-1 84912]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100401.002\NAVEX15.SYS [2010-4-1 1324720]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program files\symantec\liveupdate\aluschedulersvc.exe" --> c:\program files\symantec\liveupdate\ALUSchedulerSvc.exe [?]

S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]

S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2009-6-7 142656]

S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2009-6-7 7424]

S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2009-6-7 166720]

 

=============== Created Last 30 ================

 

2010-04-01 19:57:11 0 d-----w- c:\program files\uTorrent

2010-04-01 19:56:09 0 d-----w- c:\docume~1\pelle&~1\applic~1\uTorrent

2010-03-30 19:42:35 0 d-----w- c:\docume~1\pelle&~1\applic~1\Malwarebytes

2010-03-30 19:42:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 19:42:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-30 19:42:05 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-30 19:42:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-11 05:28:37 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-05 14:46:47 293376 ------w- c:\windows\system32\browserchoice.exe

 

==================== Find3M ====================

 

2010-03-30 20:32:20 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-25 09:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-02-18 14:00:54 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-02-18 14:00:54 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-02-18 14:00:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-02-18 14:00:54 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2007-05-12 14:20:06 2867 -c----w- c:\program files\INSTALL.LOG

2009-10-15 01:32:44 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-10-08 01:08:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat

 

============= FINISH: 22:21:58,23 ===============

 

Attach.txt

Link to comment
Share on other sites

HookProcess

Okej, vi får köra en ComboFix på den ;)

Ladda hem ComboFix här och spara på skrivbordet.

 

Inaktivera Norton Antivirus

Hur du gör kan du se här

 

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

 

Loggen klistrar du in här, utan någon Kod-tagg eller Log-tagg. Om loggen inte dyker upp automatiskt finner du den i C:\ComboFix.txt

 

När det är klart, glöm inte att aktivera Norton Antivirus ;)

Link to comment
Share on other sites

ComboFix 10-03-29.04 - Pelle&Cammi 2010-04-02 2:08.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.766.260 [GMT 2:00]

Körs från: c:\documents and settings\Pelle&Cammi\My Documents\Downloads\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

c:\documents and settings\Pelle&Cammi\Local Settings\Temporary Internet Files\lsn_6FBA808F-2580-48c3-8C6B-C08BBB800B8E.xml

c:\program files\INSTALL.LOG

c:\recycler\S-1-5-21-2831333321-3159724999-439646536-500

c:\windows\eSellerateEngine.dll

c:\windows\system32\Thumbs.db

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-03-02 till 2010-04-02 ))))))))))))))))))))))))))))))

.

 

2010-04-01 19:57 . 2010-04-01 19:57 -------- d-----w- c:\program files\uTorrent

2010-04-01 19:56 . 2010-04-01 19:59 -------- d-----w- c:\documents and settings\Pelle&Cammi\Application Data\uTorrent

2010-04-01 18:18 . 2010-02-18 14:18 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100401.002\NAVENG.SYS

2010-04-01 18:18 . 2010-02-18 14:18 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100401.002\EECTRL.SYS

2010-04-01 18:18 . 2010-02-18 14:18 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100401.002\CCERASER.DLL

2010-04-01 18:18 . 2010-02-18 14:18 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100401.002\ECMSVR32.DLL

2010-04-01 18:18 . 2010-02-18 14:18 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100401.002\NAVENG32.DLL

2010-04-01 18:18 . 2010-02-18 14:18 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100401.002\NAVEX32A.DLL

2010-04-01 18:18 . 2010-02-18 14:18 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100401.002\NAVEX15.SYS

2010-04-01 18:18 . 2010-02-18 14:18 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100401.002\ERASER.SYS

2010-03-30 20:33 . 2010-03-30 20:33 503808 ----a-w- c:\documents and settings\Pelle&Cammi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63fc3542-n\msvcp71.dll

2010-03-30 20:33 . 2010-03-30 20:33 499712 ----a-w- c:\documents and settings\Pelle&Cammi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63fc3542-n\jmc.dll

2010-03-30 20:33 . 2010-03-30 20:33 348160 ----a-w- c:\documents and settings\Pelle&Cammi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63fc3542-n\msvcr71.dll

2010-03-30 20:33 . 2010-03-30 20:33 61440 ----a-w- c:\documents and settings\Pelle&Cammi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-10583900-n\decora-sse.dll

2010-03-30 20:33 . 2010-03-30 20:33 12800 ----a-w- c:\documents and settings\Pelle&Cammi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-10583900-n\decora-d3d.dll

2010-03-30 19:42 . 2010-03-30 19:42 -------- d-----w- c:\documents and settings\Pelle&Cammi\Application Data\Malwarebytes

2010-03-30 19:42 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 19:42 . 2010-03-30 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-30 19:42 . 2010-03-30 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-30 19:42 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-30 19:38 . 2010-04-01 07:38 -------- d-----w- c:\documents and settings\Pelle&Cammi\Local Settings\Application Data\Temp

2010-03-30 19:38 . 2010-03-30 19:38 -------- d-----w- c:\documents and settings\Pelle&Cammi\Local Settings\Application Data\Deployment

2010-03-26 05:21 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100326.001\Scxpx86.dll

2010-03-26 05:21 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSxpx86.dll

2010-03-26 05:21 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSviA64.sys

2010-03-26 05:21 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvix86.sys

2010-03-26 05:21 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSXpx86.sys

2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys

2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHRules.dll

2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHEngine.dll

2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys

2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\bbRGen.dll

2010-03-23 23:51 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100317.002\Scxpx86.dll

2010-03-23 23:51 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100317.002\IDSxpx86.dll

2010-03-23 23:51 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100317.002\IDSviA64.sys

2010-03-23 23:51 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100317.002\IDSvix86.sys

2010-03-23 23:51 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100317.002\IDSXpx86.sys

2010-03-15 00:23 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100312.001\Scxpx86.dll

2010-03-15 00:23 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100312.001\IDSxpx86.dll

2010-03-15 00:23 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100312.001\IDSviA64.sys

2010-03-15 00:23 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100312.001\IDSvix86.sys

2010-03-15 00:23 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100312.001\IDSXpx86.sys

2010-03-11 05:28 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-10 19:38 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\Scxpx86.dll

2010-03-10 19:38 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\IDSxpx86.dll

2010-03-10 19:38 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\IDSviA64.sys

2010-03-10 19:38 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\IDSvix86.sys

2010-03-10 19:38 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\IDSXpx86.sys

2010-03-08 20:05 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100305.002\Scxpx86.dll

2010-03-08 20:05 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100305.002\IDSxpx86.dll

2010-03-08 20:05 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100305.002\IDSviA64.sys

2010-03-08 20:05 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100305.002\IDSvix86.sys

2010-03-08 20:05 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100305.002\IDSXpx86.sys

2010-03-05 14:46 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-01 20:07 . 2007-11-18 19:45 -------- d-----w- c:\program files\Macrogaming

2010-04-01 20:04 . 2007-03-27 00:04 -------- d-----w- c:\program files\Java

2010-04-01 20:04 . 2007-03-27 00:04 -------- d-----w- c:\program files\Common Files\Java

2010-04-01 20:01 . 2010-02-14 21:06 -------- d-----w- c:\program files\CometBird

2010-04-01 20:00 . 2010-02-14 21:04 -------- d-----w- c:\program files\BitComet

2010-04-01 20:00 . 2010-02-14 21:04 -------- d-----w- c:\documents and settings\Pelle&Cammi\Application Data\BitComet

2010-04-01 11:36 . 2009-06-21 07:31 -------- d-----w- c:\documents and settings\Pelle&Cammi\Application Data\Skype

2010-03-30 20:35 . 2010-02-09 16:26 -------- d-----w- c:\program files\Bandoo

2010-03-30 20:32 . 2009-03-14 14:40 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-30 20:27 . 2007-05-09 11:59 -------- d-----w- c:\program files\Common Files\Adobe

2010-03-30 20:19 . 2007-03-27 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-30 20:13 . 2007-08-15 10:09 -------- d-----w- c:\program files\HP

2010-02-25 06:24 . 2004-09-10 14:57 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-18 15:19 . 2007-03-27 00:04 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-02-18 14:01 . 2009-04-01 10:35 -------- d-----w- c:\program files\NortonInstaller

2010-02-18 14:00 . 2010-02-18 14:00 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-02-18 14:00 . 2010-02-18 14:00 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-02-18 14:00 . 2010-02-18 14:00 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-02-18 14:00 . 2010-02-18 14:00 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-02-18 14:00 . 2010-02-18 14:00 -------- d-----w- c:\program files\Symantec

2010-02-18 13:59 . 2010-02-18 13:59 -------- d-----w- c:\program files\Windows Sidebar

2010-02-18 13:59 . 2010-02-18 13:59 -------- d-----w- c:\program files\Norton AntiVirus

2010-02-18 13:59 . 2009-04-01 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-02-18 13:46 . 2010-02-18 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2010-02-18 13:46 . 2009-04-01 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-01-10 22:44 . 2010-01-10 22:44 0 ----a-w- c:\windows\nsreg.dat

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"Skype"="c:\apps\skype\phone\Skype.exe" [2006-01-18 19417640]

"Google Update"="c:\documents and settings\Pelle&Cammi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-30 136176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]

"nwiz"="nwiz.exe" [2006-10-06 1617920]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-06 86016]

"NECHotkey"="mHotkey.exe" [2006-01-11 548864]

"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]

"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2005-08-12 1859584]

"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-06-03 32768]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BankID s„kerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2009-3-24 939536]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2005-08-12 17:01 49152 ------w- c:\apps\Softex\OmniPass\OPXPGina.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\APPS\\skype\\phone\\Skype.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12783:TCP"= 12783:TCP:BitComet 12783 TCP

"12783:UDP"= 12783:UDP:BitComet 12783 UDP

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"26765:TCP"= 26765:TCP:BitComet 26765 TCP

"26765:UDP"= 26765:UDP:BitComet 26765 UDP

 

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1105000.07F\symds.sys [2010-02-18 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1105000.07F\symefa.sys [2010-02-18 172592]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [2010-03-24 536112]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1105000.07F\cchpx86.sys [2010-02-18 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1105000.07F\ironx86.sys [2010-02-18 116272]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.5.0.127\ccsvchst.exe [2010-02-18 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-24 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSXpx86.sys [2010-03-26 329592]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]

S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2009-06-07 142656]

S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2009-06-07 7424]

S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2009-06-07 166720]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3945487706-323880237-3896350577-1005Core.job

- c:\documents and settings\Pelle&Cammi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 19:38]

 

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3945487706-323880237-3896350577-1005UA.job

- c:\documents and settings\Pelle&Cammi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 19:38]

 

2010-04-01 c:\windows\Tasks\User_Feed_Synchronization-{AEC3D9F5-02DD-46A9-BA23-4B3F28B0C9EB}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://google.atcomet.com/b/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {D79BD4AB-C8E1-48C7-9A86-DF163C340383} - hxxp://starker.liber.se/sametime/STMeetingRoomClient/STJNILoader.cab

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

HKLM-RunOnce-SymLnch - c:\documents and settings\Pelle&Cammi\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe

AddRemove-Active WebCam - c:\program files\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam

AddRemove-FG_2.4 - c:\levande\FG\DeIsL1.isu

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-02 02:16

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-3945487706-323880237-3896350577-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(656)

c:\apps\Softex\OmniPass\opxpgina.dll

.

Sluttid: 2010-04-02 02:19:26

ComboFix-quarantined-files.txt 2010-04-02 00:19

 

Före genomsökningen: 192 808 685 568 bytes free

Efter genomsökningen: 198 519 549 952 bytes free

 

- - End Of File - - DDB56E58E903A55934CC052CF14961B6

Link to comment
Share on other sites

HookProcess

Ett snabbsvar angående OmniPass; Det är en form av klientmjukvara för att logga in på t.ex. websidor på ett säkert sätt. Har även tilläggsfunktioner som fingeravtrycksigenkänning. Om datorn använder sig av inloggning via fingeravtryck, bör omnipass vara kvar såvitt jag förstår. Programmet är inte skadligt, men tar ju upp en del systemresurser :)

 

Om du vet med dig att det inte används, tycker jag vi tar bort det också. Ring gärna och fråga polaren om du är osäker ;)

Link to comment
Share on other sites

Hittade inte Omnipass i listan, blir osäker om jag har tagit bort de redan eller ej.. hmm... spela roll..

här är HJT loggen iaf..

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:36:24, on 2010-04-02

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\mHotkey.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\WINDOWS\V0400Mon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Pelle&Cammi\My Documents\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe

O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\APPS\skype\phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SIMBAR={8D01CDF4-9024-4076-A901-030CEA3FC887}; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.lunarstorm.se/set/set_presentation_editor.aspx"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=SE&range=AD&phase=7&key=IESTART

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D79BD4AB-C8E1-48C7-9A86-DF163C340383} (JNILoader Control) - http://starker.liber.se/sametime/STMeetingRoomClient/STJNILoader.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

 

--

End of file - 9891 bytes

Link to comment
Share on other sites

Hur mår datorn?

Mvh

Mats H

 

Jag har återställt datorn, han saknade den för mkt ;) så jag lät han ta hem den.. Men jag har inte hört nån klagovisa iaf..

Så än så länge verkar den funka ordentligt..

Ska jag göra nåt mer efter att jag tagit bort programmet?? =)

 

//Sofia.

Link to comment
Share on other sites

Hej!

Nej bara att "Deleta"!

Rensa tempfilerna och starta om!

 

Hoppas att allt ska fungera framledes, om du/ni har några frågor, kom gärna tillbaka!

 

Mvh

Mats H

Link to comment
Share on other sites

  • 2 weeks later...

Hejsan...

Har tagit bort programmet Omnipass via "Lägg till/ta bort program" på kontrollpanelen..

Dock ser jag nu att det fortfarande ligger kvar..

Gjorde en sökning efter eventuella filer, hittade en mapp och en genväg, men kunde inte ta bort det, pga nån dll fil..

 

Vad göra?? *?*

 

MVH

//Sofia.

Link to comment
Share on other sites

Hej,

vad ligger kvar, kan du lista upp vad som är kvar, och var, gärna med sökväg!

Kom ihåg att att öppna program mapparna så att du kan se dolda filer, samt kontrollera att programmet inte har någon process i Aktivitetshanteraren.

Återkom om du får något problem med detta!

Mvh

Mats H

Link to comment
Share on other sites

Hejsan...

Har tagit bort programmet Omnipass via "Lägg till/ta bort program" på kontrollpanelen..

Dock ser jag nu att det fortfarande ligger kvar..

Gjorde en sökning efter eventuella filer, hittade en mapp och en genväg, men kunde inte ta bort det, pga nån dll fil..

 

Vad göra?? *?*

 

MVH

//Sofia.

Gäller det här samma dator som resten av tråden? Eller ska jag flytta dagens inlägg så att de hamnar i en egen tråd?

Link to comment
Share on other sites

Gäller det här samma dator som resten av tråden? Eller ska jag flytta dagens inlägg så att de hamnar i en egen tråd?

 

Japp de gäller samma dator... :) men tack ändå för att du frågar :)

Link to comment
Share on other sites

Hej!

"Gjorde en sökning efter eventuella filer,

hittade en mapp och en genväg, men kunde inte ta bort det, pga nån dll fil.."

 

Tydligen så har du inte blivit av med allt.

Vart heter mappen, vad heter .dll filen och vart är den placerad.

Genvägens sökväg, ses i egenskaper för genvägen.

Skriv ut hela sökvägen för mappen och genvägen här i din tråd.

Mvh

Mats H

Link to comment
Share on other sites

ska be ägaren söka rätt på genvägarna, eftersom jag inte var så smart och gjorde det medan jag ändå var där...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...