Hijackthis log

Hej!

Wow har blivit hackat och efter det har vi kört lite datorstädning med Norton, Adaware. Men det verkar vara nåt skit kvar, vad är det och hur ska man få bort?

Malware:
Malwarebytes' Anti-Malware 1.40
Databasversion: 2670
Windows 5.1.2600 Service Pack 3

2009-08-21 16:31:37
mbam-log-2009-08-21 (16-31-37).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 96888
Förfluten tid: 10 minute(s), 13 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 7
Infekterade registervärden: 1
Infekterade registerdataposter: 2
Infekterade mappar: 0
Infekterade filer: 1

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\Program\Delade filer\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Program\Delade filer\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.


Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:42, on 2009-08-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program\CyberLink\PowerCinema\PCMService.exe
C:\Program\HP\HP Software Update\HPwuSchd2.exe
C:\Program\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\MarkAny\ContentSafer\MAAgent.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\MySpace\IM\MySpaceIM.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleTool barNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Panasonic\LUMIXSimpleViewer\PhLeAutoRun .exe
C:\Program\Philips\SPC 300NC PC Camera\TrayMin300.exe
C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSv c.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTSer vice\CLMLServer.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched .exe
C:\Program\MySpace\IM\MySpaceIM.exe
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\HP\KBD\KBD.EXE
C:\Program\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\WINDOWS\system32\WgaTray.exe
c:\windows\system\hpsysdrv.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program\ToggleEN\tbTog1.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program\ToggleEN\tbTog1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.1.1309.1 5642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin. dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program\ToggleEN\tbTog1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\CyberLink\PowerCinema\PCMService.e xe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleTool barNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: *."atg.se"
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1208458183187
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: Automatisk LiveUpdate-schemaläggare - Unknown owner - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSv c.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched .exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTSer vice\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program\MioNet\MioNetManager.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--

Hmm, säger mig inte så mycket.

Hijackthis, är det samma som combofix? För då jag har virus och jag startar igång combofix så löser den problemen.

HJT loggen bra ut, menar du att problemet återkommer?
ibland måste man inaktivera teatimer i spybot för att registerändringarna ska kunna åtgärdas

Näe, det har inte hänt nåt igen, vill bara vara säker på att jag fått bort allt skit. Bliz sa att om jag blev hackad igen skulle dom inte hjälpa mig.....

Vet inte hur man avaktiverar tea timer. Om jag deletar Spy bot istället? Kan ju bara ladda ner på nytt efteråt....

Vad ska jag göra sen? Om det nu behövs göras nåt mer?

Jag har kört Norton, Malwarebytes, Spy Bot, Adaware.

Combofix vet jag inte vad d är...

dyker registerposterna upp i loggen igen vid en ny malwarebytes scan, då kan vi börja ändra i spybot