Trojaner, dator är seg..

Har läst lite trådar med fått rådet att starta en egen, så då får det bli så..

Jag får pop-ups (winantivirs pro 2006 ), med firefox så händer det inte så ofta, men med expoler hela tiden, jag har adaware samt Nod32, men dator är sjukligt seg för vara så pass ny som den är..

Fick tipset att köra hijack, och gjorde detta, postar logen ihopp om hjälp!


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program\Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM\MOZILL~1\FIREFOX.EXE
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Protection Bar - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - C:\Program\QualityCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe " /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VirusBursters] C:\Program\VirusBursters\virusbursters.exe /h
O4 - HKLM\..\Run: [D_V_T] "C:\\dvt.exe" /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program\nordicbetMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1157543767859
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS\system32\okkmtv.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\

Förhoppningsvis ska det räcka att köra dessa två program för att få bort det

Download VundoFix.exe and save it to your desktop.
http://www.atribune.org/ccount/click.php?id=4
* Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.

Tanka hem programmet under och starta sedan om datan till felsäkert läge
Packa upp alla filer till samma mapp
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Open the SmitfraudFix folder

* Double-click smitfraudfix.cmd file to start the tool.
* Select option #2 - Clean by typing 2 and press Enter.
Warning : running option #2 on a uninfected computer will remove your Desktop background.
* Wait for the tool to complete and disk cleanup to finish.
* You will be prompted : "Registry cleaning - Do you want to clean the registry?"
o Answer Yes by typing Y
o Hit Enter.
* The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll.
o Answer Yes to the question "Replace infected file?" by typing Y
o Hit Enter.
* A reboot may be needed to finish the cleaning process. If your computer does not restart automatically please do it yourself manually.
* The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log here

Posta sedan en ny logga från Hijackthis och programmen ovanför

Måste säga att du är sjukt snäll samt grym som hjälper till ska dona med det nu, kommer snart en ny log! tack

rapport;

SmitFraudFix v2.125

Scan done at 10:55:04,85, 2006-11-28
Run from C:\Documents and Settings\Erik Hultgren\Skrivbord\fels„kert
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"

[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5 f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Documents and Settings\Erik Hultgren\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBursters 6.2.lnk Deleted
C:\DOCUME~1\ERIKHU~1\START-~1\VirusBursters 6.2.lnk Deleted
C:\DOCUME~1\ERIKHU~1\START-~1\Program\VirusBursters Deleted
C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 11:00:05, on 2006-11-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program\Arcade\PCMService.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\PROGRAM\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\srubocgk.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {4A121E92-1D8E-448B-93E5-30523C253517} - C:\WINDOWS\Fonts\loeunt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe " /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [D_V_T] "C:\\dvt.exe" /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program\nordicbetMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1157543767859
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\


Måste tillägga att redan nu känns burken som ny igen..

Loggan ser lite bättre ut


Stäng nu ner Internet Explorer, mycket viktigt!

Kör igång Hijackthis

Bocka för och fixa dessa rader

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\srubocgk.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {4A121E92-1D8E-448B-93E5-30523C253517} - C:\WINDOWS\Fonts\loeunt.dll (file missing)

O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program\VSAdd-in\VSAdd-in.dll

Starta pm datan

Gör sen en sökning med Panda, posta loggen här tillsammans med en ny från Hjt
http://www.pandasoftware.com/products/ActiveScan.htm

Logfile of HijackThis v1.99.1
Scan saved at 20:47:46, on 2006-11-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Eset\nod32krn.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program\Arcade\PCMService.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe " /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [D_V_T] "C:\\dvt.exe" /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program\nordicbetMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1157543767859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\

Panda log:

Incident Status Location

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.tradedoubler.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.advertising.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.tradedoubler.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.doubleclick.net/]
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.research-int.se/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.adtech.de/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.adrevolver.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.statcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.zedo.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.fortunecity.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[ad.yieldmanager.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.bravenet.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.2o7.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.tribalfusion.com/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.pacificpoker.com/]
Spyware:Cookie/WebtrendsLive Not

fort..

disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.com.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.ehg.hitbox.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.errorsafe.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.casalemedia.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.linksynergy.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.bluestreak.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.as-us.falkag.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.questionmarket.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.tickle.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[stats1.reliablestats.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.se.errorsafe.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.stats1.reliablestats.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.yadro.ru/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[.hotlog.ru/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Erik Hultgren\Application Data\Mozilla\Firefox\Profiles\j0tajeav.default\coo kies.txt[server.iad.liveperson.net/hc/82763522]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@com[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@errorsafe[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@mediaplex[1].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@research-int[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@se.errorsafe[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@tradedoubler[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@winantivirus[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@www.errorsafe[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@www.systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Erik Hultgren\Cookies\erik hultgren@www.winantivirus[1].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Erik Hultgren\Lokala inställningar\Temp\Cookies\erik hultgren@research-int[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Erik Hultgren\Skrivbord\felsäkert\Process.exe
Adware:Adware/SaveNow Not disinfected C:\Program\DAEMON Tools\SetupDTSB.exe
Adware:Adware/AdwareShooter Not disinfected C:\VundoFix Backups\loeunt.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\eiobryva.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\qyutoimm.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\youpyqfi.exe
Dialerialer.HVO Not disinfected C:\WINDOWS\Temp\win5F2.tmp.exe
Dialerialer.HVO Not disinfected C:\WINDOWS\Temp\win63A.tmp.exe

Nu börjar det se bättre ut

Starta om datan till felsäkert läge

Kör igång Hijackthis, bocka för och ta bort denna raden

O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program\VSAdd-in\VSAdd-in.dll

Aktivera så att du kan se gömda filer/mappar, leta upp dessa filer och mappar i fet text och ta bort dom

C:\Program\VSAdd-in\
C:\WINDOWS\system32\eiobryva.dll
C:\WINDOWS\system32\qyutoimm.dll
C:\WINDOWS\system32\youpyqfi.exe

I tempmappen under kan du ta bort alla filer men INTE själva tempmappen

C:\WINDOWS\Temp\

Starta om datan och posta en ny logga

Logfile of HijackThis v1.99.1
Scan saved at 16:18:54, on 2006-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program\Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Arcade\PCMServic

Tror inte hela loggen kom med nu så posta gärna en ny