"Seeg dator"

1 april, 2010

Startar en ny tråd här för min kompis dator..

Jag fick rycka ut, satte mej vid datorn, de tog typ huur länge som helst, hände INGENTING, bara att öppna Internet Explorer tog en hel evighet..

Kollade CPU:n, och som jag misstänkte så låg den på nästintill 100% och tuggade utan att något var igång.

Jag fick mina misstankar om att det var något program som låg och smög i bakgrunden.

Rensade bort lite div program som han inte använde..

Den slutade då fundera en hel massa iaf..

Körde en snabbsökning i Malwarebytes Antimalware..

Den som typ inte brukar ta mer än några minuter, tog 48 min.

6 Infekterade filer hittades då, lite trojaner mm..

HÄR nedanför finns den loggen

Nu har jag lånat hem datorn hem till mej över dagen, och har genomsökt en fullständig antivirussökning, en fullständig MBAM sökning, samt en DDS sökning.

Bifogar dessa i 3 nya skilda inlägg

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Databasversion: 3934

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2010-03-30 22:33:03

mbam-log-2010-03-30 (22-33-03).txt

Skanningstyp: Snabbskanning

Antal skannade objekt: 120804

Förfluten tid: 48 minut(er), 23 sekund(er)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 2

Infekterade registervärden: 2

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 2

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1} (Trojan.Agent) -> Quarantined and deleted successfully.

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (IM.Worm) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\v0400cvw.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

C:\Documents and Settings\Pelle&Cammi\Application Data\Microsoft\profile.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\V0400Cvw.dll (Trojan.Agent) -> Quarantined and deleted successfully.

1 april, 2010

Norton Antivirus:

Sökningsstatistik:

Söktid: 3522 sekunder

Sökningsalternativ:

Sökningsmål: C:\

Antal gånger:

Totalt antal sökta: 441 784

– Filer och kataloger: 434 192

– Registerposter: 469

– Processer och startobjekt: 4 928

– Nätverks- och webbläsarobjekt: 2 186

– Övriga: 4

– Pålitliga filer: 5 653

– Filer som hoppats över: 2 106

Totalt antal upptäckta säkerhetsrisker: 21

Totalt antal lösta: 21

Totalt antal som behöver åtgärdas: 0

lösta hot:

21 spårnings-cookie-filer

Typ: Anomali

Risk: Låg (Låg Smyg, Låg Borttagning, Låg Prestanda, Låg Sekretess)

Kategorier: Cookie

Status: Helt åtgärdad

-----------

21 Spårnings-cookies

Cookie:pelle&cammi@bs.serving-sys.com/ - Togs bort

Cookie:pelle&cammi@doubleclick.net/ - Togs bort

Cookie:pelle&cammi@imrworldwide.com/cgi-bin - Togs bort

Cookie:pelle&cammi@msnportal.112.2o7.net/ - Togs bort

Cookie:pelle&cammi@serving-sys.com/ - Togs bort

Cookie:pelle&cammi@research-int.se/ - Togs bort

Cookie:pelle&cammi@mediaplex.com/ - Togs bort

Cookie:pelle&cammi@adtech.de/ - Togs bort

Cookie:pelle&cammi@adbrite.com/ - Togs bort

Cookie:pelle&cammi@atdmt.com/ - Togs bort

Cookie:pelle&cammi@track.adform.net/ - Togs bort

Cookie:pelle&cammi@statistik-gallup.net/ - Togs bort

Cookie:pelle&cammi@apmebf.com/ - Togs bort

Cookie:pelle&cammi@zedo.com/ - Togs bort

Cookie:pelle&cammi@ad.zanox.com/ - Togs bort

Cookie:pelle&cammi@quantserve.com/ - Togs bort

Cookie:pelle&cammi@tradedoubler.com/ - Togs bort

Cookie:pelle&cammi@tv4.122.2o7.net/ - Togs bort

Cookie:pelle&cammi@revsci.net/ - Togs bort

Cookie:pelle&cammi@tribalfusion.com/ - Togs bort

- Togs bort

olösta hot:

Inga risker som inte har åtgärdats

1 april, 2010

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Databasversion: 3934

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2010-04-01 13:31:09

mbam-log-2010-04-01 (13-31-09).txt

Skanningstyp: Fullständig skanning (C:\|)

Antal skannade objekt: 214128

Förfluten tid: 1 timme(ar), 16 minut(er), 35 sekund(er)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP569\A0054266.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

1 april, 2010

DDS (Ver_10-03-17.01) - NTFSx86

Run by Pelle&Cammi at 13:42:27,21 on 2010-04-01

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.766.181 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\system32\HPZipm12.exe

svchost.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\mHotkey.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Apps\Softex\OmniPass\scureapp.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

C:\WINDOWS\V0400Mon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/

uSearch Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

uWindow Title = Packard Bell

uSearch Bar = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=sv-SE&FORM=MICVE5

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\program files\macrogaming\sweetimbarforie\toolbar.dll

mWinlogon: System=c:\windows\system32\svcnost.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SWEETIE Class: {1a0aadcd-3a72-4b5f-900f-e3bb5a838e2a} - c:\progra~1\macrog~1\sweeti~1\toolbar.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.10.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.5.0.127\IPSBHO.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\program files\macrogaming\sweetimbarforie\toolbar.dll

uRun: [smpcSys] c:\apps\smp\SmpSys.exe

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [sweetIM] c:\program files\macrogaming\sweetim\SweetIM.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Google Update] "c:\documents and settings\pelle&cammi\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SIMBAR={8D01CDF4-9024-4076-A901-030CEA3FC887}; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.lunarstorm.se/set/set_presentation_editor.aspx"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NECHotkey] mHotkey.exe

mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run

mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [OmniPass] c:\apps\softex\omnipass\scureapp.exe

mRun: [sweetIM] c:\program files\macrogaming\sweetim\SweetIM.exe

mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [symLnch] "c:\documents and settings\pelle&cammi\application data\symantec\layouts\norton internet security\15.0\symalllanguages\nis_retail\20070829\support\symlnch\symlnch.exe" "c:\documents and settings\pelle&cammi\application data\symantec\layouts\norton internet security\15.0\symalllanguages\nis_retail\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: La&dda ner allt med BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: Ladda ner alla &videor med BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: Ladda ner med &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.1.10.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D79BD4AB-C8E1-48C7-9A86-DF163C340383} - hxxp://starker.liber.se/sametime/STMeetingRoomClient/STJNILoader.cab

Notify: OPXPGina - c:\apps\softex\omnipass\opxpgina.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1105000.07f\symds.sys [2010-2-18 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1105000.07f\symefa.sys [2010-2-18 172592]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1105000.07f\cchpx86.sys [2010-2-18 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1105000.07f\ironx86.sys [2010-2-18 116272]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.5.0.127\ccsvchst.exe [2010-2-18 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20100326.001\IDSXpx86.sys [2010-3-26 329592]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100331.048\NAVENG.SYS [2010-4-1 84912]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100331.048\NAVEX15.SYS [2010-4-1 1324720]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program files\symantec\liveupdate\aluschedulersvc.exe" --> c:\program files\symantec\liveupdate\ALUSchedulerSvc.exe [?]

S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]

S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2009-6-7 142656]

S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2009-6-7 7424]

S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2009-6-7 166720]

=============== Created Last 30 ================

2010-03-30 19:42:35 0 d-----w- c:\docume~1\pelle&~1\applic~1\Malwarebytes

2010-03-30 19:42:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 19:42:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-30 19:42:05 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-30 19:42:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-11 05:28:37 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-05 14:46:47 293376 ------w- c:\windows\system32\browserchoice.exe

==================== Find3M ====================

2010-03-30 20:32:20 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-25 09:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-02-18 14:00:54 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-02-18 14:00:54 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-02-18 14:00:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-02-18 14:00:54 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2007-05-12 14:20:06 2867 -c----w- c:\program files\INSTALL.LOG

2009-10-15 01:32:44 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-10-08 01:08:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat

============= FINISH: 13:43:08,42 ===============

Attach.txt

1 april, 2010

En del skräp här och där faktiskt

Börja med att avinstallera/uppdatera dessa:

BitComet 1.18 - Ändrar startsida osv, bättre att köra en klient som bara ägnar sig åt att ladda hem via torrent-nätet µTorrent tycker jag om, den finner du här

Macrogaming SweetIM 2.1 - Ta bort! Se mer info här

Macromedia Flash Player 8 - Gammal

Macromedia Shockwave Player - Gammal

SweetIM For Internet Explorer 3.0b - Se ovan

VideoLAN VLC media player 0.8.6a - Installera senaste versionen 1.0.5. Den hittar du här

Java™ SE Runtime Environment 6 Update 1 - Ta bort

Ta bort de som inte används av dessa:

CometBird (3.6) (variant av Firefox som följde med BitComet)

Google Chrome

Safari

Efter att du avinstallerat, uppdaterat och kanske installerat alternativ, startar du om datorn och svarar med nya DDS-loggar

OBS! Datorn är troligtvis fortfarande infekterad (ett par filer jag är bekymrad över), det är just det jag kommer se lite om i DDS

1 april, 2010

Ok, snabbsvarar..

Google Chrome används nu.. Utorrent gillar jag åxå, använder det själv..

ska uppdatera program, och ta bort program.. återkommer..

1 april, 2010

Sådär..

Innan jag klistrar in loggen så ska jag passa på att fråga vad Omnipass är för nåt?

Vad jag kan se så används de inte.....

DDS (Ver_10-03-17.01) - NTFSx86

Run by Pelle&Cammi at 22:19:59,68 on 2010-04-01

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.766.215 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\system32\HPZipm12.exe

svchost.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\mHotkey.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Apps\Softex\OmniPass\scureapp.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\V0400Mon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Pelle&Cammi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pelle&Cammi\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/

uSearch Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

uWindow Title = Packard Bell

uSearch Bar = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=sv-SE&FORM=MICVE5

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

mWinlogon: System=c:\windows\system32\svcnost.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.5.0.127\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [smpcSys] c:\apps\smp\SmpSys.exe

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Google Update] "c:\documents and settings\pelle&cammi\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SIMBAR={8D01CDF4-9024-4076-A901-030CEA3FC887}; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.lunarstorm.se/set/set_presentation_editor.aspx"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NECHotkey] mHotkey.exe

mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run

mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [OmniPass] c:\apps\softex\omnipass\scureapp.exe

mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"