Spywarefri Forum

MEGET sl�v pc +

2007-09-13T12:46:52+01:00

Hej,
Jeg har da f�et et problem der vil noget, som skrevet er min pc blevet meget langsom, det er ikke l�nge siden jeg var her sidst men kort tid efter blev min pc meget sl�v, men s� nu hvor jeg vil gemme HijackThis og de andre kommer der en fejlmelding med “The filepicker was unexpectedly closed by windows”, det kommer n�r jeg vil gemme dem p� skrivebordet?, det har jeg aldrig set f�r, jeg har pr�vet at genstarte men der kommer det samme op, h�ber i kender problemet.

Mvh,
Henrik

System

2008-08-05T11:19:23+01:00

HJ�LP ! ! !
Jeg har haft en virus/orm inde p� min computer, selv om jeg har et virus program, ( Avast antivirus ).
Jeg har vist f�et fjernet det hele.
Jeg kan dog ikke komme i: Registrerings databasen, Ms config, Joblisten, eller f� lov til at rette noget som helst i sk�rm menuen, bliver hele tiden mindet om at Administrator har forhindret brug af disse menuer, Jeg har pr�vet at oprette mig selv som adninistrator men det hj�lper ikke.
S� mit sp�rgsm�l g�r ud p�:
Kan jeg rette fejlen uden at skulle formatere hele harddisken
Venlig hilsen
Bruno AHlgren

Kernel-Rootkit

2008-11-15T13:06:45+01:00

Hejsa! Jeg sad og researchede lidt om hj�lp til spyware, og fandt dette forum. Jeg er ikke den helt store computer ekspert, men er rimelig sikker p� jeg har f�et et Kernel-Rootkit. I mappen ‘Acer Arcade Deluxe’ som er et helt almindelig Windows Vista multimedie program ligger mappen ‘PlayMovie’ og filen ‘PCMGUIDs’ som �bnes med notesblok. Inde i den st�r:

[GUID List]
{aa4bf92b-2aaf-11da-9d78-000129760d75}
{a450831d-25f6-4f42-9662-d000b25e0d82}
{2637C347-9DAD-11D6-9EA2-00055D0CA761}

Ved ikke om det har noget med et rootkit at g�re, men jeg pr�vede ihvertfald at �bne mappen ‘PlayMovie’. Inde i den ligger der overnaturligt mange mapper / filer en af dem hedder ‘Kernel’. Inde i den ligger yderlige 3 mapper, en af dem ved navnet ‘KoanBox’. Derinde ligger der filer som ‘KoanBox.dll’, ‘psycho.rar’ og alle mulige andre mystiske og umystiske filer. Idet jeg ikke er den store computer ekspert, ville det v�re rart med noget hj�lp! Skal jeg tage det her alvorligt, eller ikke? Jeg pr�vede at k�re en Spyware Doctor skan, men Spyware Doctor gjorde mit system utroligt langsomt, og slet ikke til at v�re p�. Den fandt imidlertidigt 5 trusler, heraf 2 ‘Mellemalvorlige-Trusler’, men kunne ikke g�re noget idet det er et k�be program. Jeg uninstallede det derfor igen, og nu er min computer hurtig som lynet.

Hj�lp mig, tak!

Svchost problem

2008-11-28T13:55:12+01:00

Hej Jeg har et problem, med at min svchost.exe bruger 100.000 KB Hukommelse, og ofte rimelig meget CPU forbrug, selvom den lige er startet op og jeg intet laver. Jeg har v�ret her inde og l�se nogen ting om svchost. Men jeg kan ikke rigtigt finde synderen til den er s� h�j. [xx(]

Jeg har skannet den med Bullguard og Spybot S&D. Og jeg har diskdefragmenteret den. Og jeg har brugt Process Explorer til at finde synderen, Men den viser bare at det eneste der k�rer over svchost.exe er wuauclt.exe.

Jeg har ogs� brugt CCleaner til at ryde op her p�, men det hjalp heller ik.

Er der nogen der ved hvad jeg kan g�re? Eller skal den bare formateres igen?

Mvh Kasper

Combofix finder rootkit efter webhancer removal

2008-10-05T15:51:01+01:00

Hej Team spywarefri

Jeg har fjernet Webhancer med MalwareByte og LSPFix. N�r jeg k�rer Combofix, meddeles at:
“Combofix has found .. presens og af rootkit and need to restart”.
Efter genstart kommer samme fejl igen igen, n�r jeg k�rer combofix
Der bliver aldrig lavet en logfil. Computeren er ikke p� netv�rket og opdaterer ikke combifix.

wallpaper1

2008-09-17T21:16:40+01:00

Hej.
da jeg �bnede en mail den anden dag v�ltede det ind med virus, og min norman opfangede en del af det. Der blev dog ved med at v�re en meddelelse p� sk�rmen om virus, det fandt jeg senere ud af var en ny skrivebordsbaggrund der hed wallpaper1?? Underligt, men jeg er i tvivl om alt er v�k, s� vil i kigge p� disse logs?

Malwarebytes’ Anti-Malware 1.28
Database version: 1164
Windows 5.1.2600 Service Pack 3

17-09-2008 18:54:05
mbam-log-2008-09-17 (18-54-05).txt

Skan type: Fuldst�ndig skanning (C:|)
Objekter skannet: 81847
Tid tilbagelagt: 16 minute(s), 33 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase N�gler: 0
Inficerede Registeringsdatabase V�rdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mist�nkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mist�nkelige filer fundet)

Inficerede Registeringsdatabase N�gler:
(Ingen mist�nkelige filer fundet)

Inficerede Registeringsdatabase V�rdier:
(Ingen mist�nkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mist�nkelige filer fundet)

Inficerede Mapper:
(Ingen mist�nkelige filer fundet)

Inficerede Filer:
(Ingen mist�nkelige filer fundet)

ComboFix 08-09-16.05 - niels peter 2008-09-17 18:55:28.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.199 [GMT 2:00]
Running from: C:Documents and Settingsniels peterSkrivebordSpywarefriComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:Documents and SettingsAll UsersMenuen StartProgrammerPCPrivacyCleaner
C:Documents and SettingsAll UsersMenuen StartProgrammerPCPrivacyCleanerPCPrivacyCleaner.lnk
C:Documents and SettingsAll UsersMenuen StartProgrammerPCPrivacyCleanerUninstall PCPrivacyCleaner.lnk
C:WINDOWSsystem32160281.exe
C:WINDOWSsystem32vyIjSvut.ini
C:WINDOWSsystem32vyIjSvut.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-Legacy_NSESVC
———-Legacy_TDSSSERV
———-Service_nsesvc
———-Service_TDSSserv

((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.

2008-09-17 18:35 . 2008-09-17 18:35 <DIR> d————C:ProgrammerMalwarebytes’ Anti-Malware
2008-09-17 18:35 . 2008-09-10 00:04 38,528—a———C:WINDOWSsystem32driversmbamswissarmy.sys
2008-09-17 18:35 . 2008-09-10 00:03 17,200—a———C:WINDOWSsystem32driversmbam.sys
2008-09-17 18:29 . 2008-09-17 18:29 <DIR> d————C:ProgrammerCCleaner
2008-09-16 16:12 . 2008-09-16 16:12 61,440—a———C:WINDOWSsystem32driversatbymz.sys
2008-08-25 17:28 . 2008-08-25 18:45 144—ahs——C:WINDOWSsystem32688789246.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 10:48 19,512——a-w C:WINDOWSsystem32driversnvcw32mf.sys
2008-07-18 20:10 94,920——a-w C:WINDOWSsystem32dllcachecdm.dll
2008-07-18 20:10 94,920——a-w C:WINDOWSsystem32cdm.dll
2008-07-18 20:10 53,448——a-w C:WINDOWSsystem32wuauclt.exe
2008-07-18 20:10 53,448——a-w C:WINDOWSsystem32dllcachewuauclt.exe
2008-07-18 20:10 45,768——a-w C:WINDOWSsystem32wups2.dll
2008-07-18 20:10 36,552——a-w C:WINDOWSsystem32wups.dll
2008-07-18 20:10 36,552——a-w C:WINDOWSsystem32dllcachewups.dll
2008-07-18 20:09 563,912——a-w C:WINDOWSsystem32wuapi.dll
2008-07-18 20:09 563,912——a-w C:WINDOWSsystem32dllcachewuapi.dll
2008-07-18 20:09 325,832——a-w C:WINDOWSsystem32wucltui.dll
2008-07-18 20:09 325,832——a-w C:WINDOWSsystem32dllcachewucltui.dll
2008-07-18 20:09 205,000——a-w C:WINDOWSsystem32wuweb.dll
2008-07-18 20:09 205,000——a-w C:WINDOWSsystem32dllcachewuweb.dll
2008-07-18 20:09 1,811,656——a-w C:WINDOWSsystem32wuaueng.dll
2008-07-18 20:09 1,811,656——a-w C:WINDOWSsystem32dllcachewuaueng.dll
2008-07-18 20:07 270,880——a-w C:WINDOWSsystem32mucltui.dll
2008-07-18 20:07 210,976——a-w C:WINDOWSsystem32muweb.dll
2008-07-07 20:29 253,952——a-w C:WINDOWSsystem32es.dll
2008-07-07 20:29 253,952———w C:WINDOWSsystem32dllcachees.dll
2008-06-24 16:44 74,240——a-w C:WINDOWSsystem32mscms.dll
2008-06-24 16:44 74,240———w C:WINDOWSsystem32dllcachemscms.dll
2008-06-24 16:12 295,936———w C:WINDOWSsystem32wmpeffects.dll
2008-06-24 08:33 3,592,192——a-w C:WINDOWSsystem32dllcachemshtml.dll
2008-06-23 09:20 13,824———w C:WINDOWSsystem32dllcacheieudinit.exe
2008-06-23 09:19 70,656———w C:WINDOWSsystem32dllcacheie4uinit.exe
2008-06-23 09:19 625,664———w C:WINDOWSsystem32dllcacheiexplore.exe
2008-06-21 05:23 161,792——a-w C:WINDOWSsystem32dllcacheieakui.dll
2008-06-20 17:48 246,784——a-w C:WINDOWSsystem32mswsock.dll
2008-06-20 17:48 246,784———w C:WINDOWSsystem32dllcachemswsock.dll
2008-06-20 17:48 147,968———w C:WINDOWSsystem32dllcachednsapi.dll
2008-06-20 11:51 361,600———w C:WINDOWSsystem32dllcachetcpip.sys
2008-06-20 11:40 138,496———w C:WINDOWSsystem32dllcacheafd.sys
2008-06-20 11:08 225,856———w C:WINDOWSsystem32dllcachetcpip6.sys
2001-07-26 14:58 47——a-w C:ProgrammerACMonitor_X73.ini
2001-07-05 10:46 8,116——a-w C:ProgrammerOSLO3071b2.USB
2001-05-11 09:39 53,248——a-w C:ProgrammerACMonitor_X73.exe
2001-05-08 14:36 114,688——a-w C:Programmerlxarscan.dll
2001-04-23 12:22 1,437——a-w C:Programmergtx73.ini
2001-02-22 07:54 768——a-w C:Programmerx73_lut.dat
2008-05-11 19:12 32,768—sha-w C:WINDOWSsystem32configsystemprofileLokale indstillingerOversigtHistory.IE5MSHist012008051120080512index.dat
.

———- Sigcheck———-

2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:WINDOWSsystem32driverstcpip.sys
2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:WINDOWSsystem32dllcachetcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:WINDOWS$NtUninstallKB913446$tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:WINDOWS$NtUninstallKB893066$tcpip.sys
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:WINDOWS$hf_mig$KB893066SP2QFEtcpip.sys
2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:WINDOWS$hf_mig$KB913446SP2QFEtcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:WINDOWS$hf_mig$KB917953SP2QFEtcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:WINDOWS$hf_mig$KB941644SP2QFEtcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:WINDOWS$hf_mig$KB951748SP3QFEtcpip.sys
2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:WINDOWS$NtUninstallKB917953$tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:WINDOWS$NtServicePackUninstall$tcpip.sys
2008-04-13 21:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:WINDOWSServicePackFilesi386tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:WINDOWS$NtUninstallKB941644$tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:WINDOWS$NtUninstallKB951748$tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
“CTFMON.EXE”=“C:WINDOWSsystem32ctfmon.exe” [2008-04-14 15360]
“swg”=“C:ProgrammerGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe” [2008-04-08 68856]
“updateMgr”=“C:ProgrammerAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe” [2006-03-30 313472]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
“SunJavaUpdateSched”=“C:ProgrammerJavaj2re1.4.2_01binjusched.exe” [2003-08-19 32873]
“PrinTray”=“C:WINDOWSSystem32spoolDRIVERSW32X863printray.exe” [2001-10-12 36864]
“hcenter”=“C:ProgrammerSupport.combintgcmd.exe” [2003-07-07 1916928]
“PaperPort PTD”=“C:ProgrammerScanSoftPaperPortpptd40nt.exe” [2005-03-18 57393]
“Norman ZANDA”=“C:NormanNpmBinZLH.EXE” [2008-06-02 277616]
“Disk Monitor”=“C:ProgrammerGenericUSB Card Reader Driver v1.9e3Disk_Monitor.exe” [2003-06-18 466944]
“IndexSearch”=“C:ProgrammerScanSoftPaperPortIndexSearch.exe” [2005-03-18 40960]
“SoundMan”=“SOUNDMAN.EXE” [2003-09-23 C:WINDOWSSOUNDMAN.EXE]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
“CTFMON.EXE”=“C:WINDOWSSystem32CTFMON.EXE” [2008-04-14 15360]
“NvMediaCenter”=“C:WINDOWSSystem32NVMCTRAY.DLL” [2003-07-23 49152]

C:Documents and SettingsAll UsersMenuen StartProgrammerStart
Adobe Reader Hurtigstart.lnk - C:ProgrammerAdobeAcrobat 7.0Readerreader_sl.exe [2005-09-23 29696]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
“NoDispSettingPage”= 1 (0x1)

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “C:ProgrammerSUPERAntiSpywareSASSEH.DLL” [2006-02-16 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifySASWinLogon]
2006-03-08 11:32 258048 C:ProgrammerSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimallpS14.sys]
@=“Driver”

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalnqT81.sys]
@=“Driver”

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalquX71.sys]
@=“Driver”

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalruX13.sys]
@=“Driver”

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvyC24.sys]
@=“Driver”

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvyC47.sys]
@=“Driver”

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalydF57.sys]
@=“Driver”

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
“AntiVirusDisableNotify”=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
“%windir%\system32\sessmgr.exe”=
“C:\Programmer\Messenger\MSMSGS.EXE”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Programmer\Support.com\TDCKabel\hcenter.exe”=
“C:\Programmer\Support.com\BIN\TGCMD.EXE”=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:WINDOWSsystem32DRIVERSmsikbd2k.sys [2006-09-24 6656]
R2 Ndiskio;Ndiskio;C:NormanNsebinNDISKIO.SYS [2007-01-02 20448]
R2 nhksrv;Netropa NHK Server;C:ProgrammerOffice keyboard utility1.1nhksrv.exe [2006-09-24 28672]
R2 NVOY;Norman’s Very Own supplY of resources;C:Normannpmbinnvoy.exe [2008-02-07 121912]
R3 C4C_BSC2;C4C_BSC2;C:WINDOWSsystem32DRIVERSC4C_BSC2.sys [2002-07-08 84788]
R3 NvcMFlt;NvcMFlt;C:WINDOWSsystem32DRIVERSnvcw32mf.sys [2008-09-02 19512]
R3 nvcoas;Norman Virus Control on-access component;C:NormanNvcbinnvcoas.exe [2008-04-30 191544]
R3 NVCScheduler;Norman Virus Control Scheduler;C:NormanNpmbinNVCSCHED.EXE [2007-09-18 154680]
S3 nvcfsr;nvcfsr;C:NormanNvcbinnvcfsr.sys [2007-01-09 6712]
S3 nvcoafl51;nvcoafl51;C:NormanNvcbinnvcoafl51.sys [2007-01-09 30264]
S3 nvcoaft51;nvcoaft51;C:NormanNvcbinnvcoaft51.sys [2007-01-09 129848]
S3 nvcoarc51;nvcoarc51;C:NormanNvcbinnvcoarc51.sys [2007-01-09 23224]
.
Contents of the ‘Scheduled Tasks’ folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{1329689F-1D87-41A5-80B9-B5D0377707D1} - (no file)
HKLM-Run-SSBkgdUpdate - C:ProgrammerF�lles filerScansoft SharedSSBkgdUpdateSSBkgdupdate.exe

.
———- Supplementary Scan———-
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKCU-Main,Start Page = hxxp://tv2.dk/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

O16 -: Microsoft XML Parser for Java - file://C:WINDOWSJavaclassesxmldso.cab
C:WINDOWSDownloaded Program FilesMicrosoft XML Parser for Java.osd

O16 -: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.himmerland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
C:WINDOWSDownloaded Program Filescomp.inf
C:WINDOWSDownloaded Program FilesEBJSecurity_2.dll
C:WINDOWSDownloaded Program FilesActiveXSikkerhedssoftware.ocx
C:WINDOWSDownloaded Program FilesEBJSecurity_3.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 19:00:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
————————————Other Running Processes————————————
.
C:NORMANNPMBINELOGSVC.EXE
C:NORMANNPMBINZANDA.EXE
C:WINDOWSSYSTEM32LEXBCES.EXE
C:WINDOWSSYSTEM32BRSS01A.EXE
C:PROGRAMMEREWIDOSECURITY SUITEEWIDOCTRL.EXE
C:NORMANNPMBINNJEEVES.EXE
C:NormanNvcBinNip.exe
C:NormanNvcBincclaw.exe
.
**************************************************************************
.
Completion time: 2008-09-17 19:02:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-17 17:02:46

Pre-Run: 149,372,928,000 byte ledig
Post-Run: 149,398,683,648 byte ledig

202—- E O F—- 2008-09-10 17:14:45

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:07, on 17-09-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:NormanNpmbinELOGSVC.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:NormanNpmBinZanda.exe
C:Normannpmbinnvoy.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32brss01a.exe
C:WINDOWSsystem32spoolsv.exe
C:ProgrammerOffice keyboard utility1.1nhksrv.exe
C:Programmerewidosecurity suiteewidoctrl.exe
C:WINDOWSSystem32svchost.exe
C:NormanNpmbinNVCSCHED.EXE
C:NormanNpmbinNJEEVES.EXE
C:WINDOWSSystem32alg.exe
C:NormanNvcbinnvcoas.exe
C:WINDOWSSOUNDMAN.EXE
C:ProgrammerJavaj2re1.4.2_01binjusched.exe
C:ProgrammerSupport.combintgcmd.exe
C:ProgrammerScanSoftPaperPortpptd40nt.exe
C:NormanNpmBinZLH.EXE
C:ProgrammerGenericUSB Card Reader Driver v1.9e3Disk_Monitor.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgrammerGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:NormanNvcBinNip.exe
C:NormanNvcBincclaw.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32notepad.exe
C:ProgrammerInternet Exploreriexplore.exe
C:Documents and Settingsniels peterSkrivebordSpywarefriHijackThis.exe
C:WINDOWSSystem32wbemwmiprvse.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://tv2.dk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programmergooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgrammerGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programmergooglegoogletoolbar1.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_01binjusched.exe
O4 - HKLM..Run: [PrinTray] C:WINDOWSSystem32spoolDRIVERSW32X863printray.exe
O4 - HKLM..Run: [hcenter] “C:ProgrammerSupport.combintgcmd.exe” /server /startmonitor
O4 - HKLM..Run: [PaperPort PTD] C:ProgrammerScanSoftPaperPortpptd40nt.exe
O4 - HKLM..Run: [Norman ZANDA] “C:NormanNpmBinZLH.EXE” /LOAD /SPLASH
O4 - HKLM..Run: [Disk Monitor] C:ProgrammerGenericUSB Card Reader Driver v1.9e3Disk_Monitor.exe
O4 - HKLM..Run: [IndexSearch] C:ProgrammerScanSoftPaperPortIndexSearch.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] C:ProgrammerGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [updateMgr] “C:ProgrammerAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe” AcRdB7_0_9 -reboot 1
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOKAL TJENESTE’)
O4 - HKUSS-1-5-19..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit (User ‘LOKAL TJENESTE’)
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETV�RKSTJENESTE’)
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:ProgrammerAdobeAcrobat 7.0Readerreader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.himmerland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109694989109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209663121343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O20 - Winlogon Notify: SASWinLogon - C:ProgrammerSUPERAntiSpywareSASWINLO.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:WINDOWSsystem32brsvc01a.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:NormanNpmbinELOGSVC.EXE
O23 - Service: ewido security suite control - ewido networks - C:Programmerewidosecurity suiteewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgrammerGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:ProgrammerOffice keyboard utility1.1nhksrv.exe
O23 - Service: Norman NJeeves - Norman ASA - C:NormanNpmbinNJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:NormanNpmBinZanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:NormanNvcbinnvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:NormanNpmbinNVCSCHED.EXE
O23 - Service: Norman’s Very Own supplY of resources (NVOY) - Norman ASA - C:Normannpmbinnvoy.exe

—
End of file - 6584 bytes

Rootkit i win 32 drivers

2008-09-13T14:19:39+01:00

Jeg havde p� fornemmelsen der var noget der ikke rigtig stemte,s� jeg tog en online scanning med Kaspersky,og den fandt et rootkit i system 32 drivers.
Jeg har pr�vet at fjerne det manuelt,og online scanneren siger nu den er i recycler?
Men jeg er ikke sluppet af med det vel?
her er diagnosen:
C:RECYCLERS-1-5-21-527237240-1409082233-1801674531-1003Dc32.sys Infected: Rootkit.Win32.Agent.dml

Infected with W32/Rootkit.gen7

2008-08-29T14:28:29+01:00

Hej Team Spywarefri

Jeg k�rer NIS 2008 i en fuld opdateret vers, og denne sagde pludselig: Warning rootkit/trojan, for derefter at lukke ned.
Det var ikke muligt at genstarte NIS eller geninstallere.
CCleaner vil heller ikke starte op. Jeg havde s� h�rt om jeres forum,
og kom til at t�nke p� om i kunne hj�lpe mig.

P� jeres side fandt jeg Norman virus skanner, og her er dens rapport:

Norman Malware Cleaner
Copyright � 1990 - 2008, Norman ASA. Built 2008/08/27 13:08:08

Norman Scanner Engine Version: 5.93.01
Nvcbin.def Version: 5.93.00, Date: 2008/08/27 13:08:08, Variants: 2049413

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: KONTORjj

Scan started: 28/08/2008 12:53:44

Scanning running processes and process memory…

C:WINDOWSsystem32driverssrosa.sys (Infected with W32/Rootkit.gen7)
File marked for defered cleaning (reboot required)

C:WINDOWSsystem32driverssrosa.sys (Infected with W32/Rootkit.gen7)
File marked for defered cleaning (reboot required)
Too many infections/an unexpected error (Please contact support)

Number of processes/threads found: 2054
Number of processes/threads scanned: 2054
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 2m 21s

Scanning file system…

Scanning: C:*.*

C:Documents and SettingsjjApplication Datamflec006.exe (Infected with W32/Bagle.BCO)
File marked for defered cleaning (reboot required)

C:Documents and SettingsjjLokale indstillingerTemporary Internet FilesContent.IE55QVQBGXb64_1[1].jpg (Infected with W32/Spybot.CYZP)
Deleted file

C:Documents and SettingsjjLokale indstillingerTemporary Internet FilesContent.IE5CBP7QI7Db64_1[1].jpg (Infected with W32/Spybot.CYZP)
Deleted file

C:Documents and SettingsjjLokale indstillingerTemporary Internet FilesContent.IE5CZFBMW55b64[1].jpg (Infected with W32/Bagle.BCO)
Deleted file

C:Documents and SettingsjjLokale indstillingerTemporary Internet FilesContent.IE5CZFBMW55b64_1[1].jpg (Infected with W32/Spybot.CYZP)
Deleted file

C:Documents and SettingsjjLokale indstillingerTemporary Internet FilesContent.IE5FJLRFDWWb64_1[1].jpg (Infected with W32/Spybot.CYZP)
Deleted file

C:Documents and SettingsjjLokale indstillingerTemporary Internet FilesContent.IE5WVZ3AWLXb64[1].jpg (Infected with W32/Bagle.BCO)
Deleted file

C:Documents and SettingsjjLokale indstillingerTemporary Internet FilesContent.IE5YXB4TG7Qb64_1[1].jpg (Infected with W32/Spybot.CYZP)
Deleted file

C:ProgrammerEA GAMESThe Sims 2 Glamour Life Xtra PakkeTSBinKeygen.exe (Infected with Suspicious_F.gen)
Deleted file

C:ProgrammerNeroNero8Nero BackItUpBackItUp_ImageToolroot.img/unknown0 (Error whilst scanning file: I/O Error (0x0022000A))
C:ProgrammerNeroNero8Nero BackItUpBackItUp_ImageToolroot.img (Possible archive bomb)

C:ProgrammerWindows Media Playerwmpnscfg.exe (Infected with W32/Malware.DNDS)
Removed registry value: HKCUSoftwareMicrosoftWindowsCurrentVersionRun -> WMPNSCFG = “C:ProgrammerWindows Media PlayerWMPNSCFG.exe”
Deleted file

C:WINDOWS$hf_mig$KB890859SP2QFEntoskrnl.exe (Error opening file: Not found)

C:WINDOWS$hf_mig$KB929338SP2QFEntoskrnl.exe (Error opening file: Not found)

C:WINDOWS$hf_mig$KB931784SP2QFEntoskrnl.exe (Error opening file: Not found)

C:WINDOWS$NtServicePackUninstall$ntoskrnl.exe (Error opening file: Not found)

C:WINDOWS$NtUninstallKB826939$ntoskrnl.exe (Error opening file: Not found)

C:WINDOWS$NtUninstallKB890859$ntoskrnl.exe (Error opening file: Not found)

C:WINDOWS$NtUninstallKB929338$ntoskrnl.exe (Error opening file: Not found)

C:WINDOWS$NtUninstallKB931784$ntoskrnl.exe (Error opening file: Not found)

C:WINDOWSServicePackFilesi386ntoskrnl.exe (Error opening file: Not found)

C:WINDOWSsystem32mdelk.exe (Infected with W32/Bagle.BCY)
File marked for defered cleaning (reboot required)

C:WINDOWSsystem32mdelk.exe (Infected with W32/Bagle.BCY)
File marked for defered cleaning (reboot required)
Too many infections/an unexpected error (Please contact support)

C:WINDOWSsystem32wintems.exe (Infected with W32/Bagle.BCY)
File marked for defered cleaning (reboot required)

C:WINDOWSsystem32drivershldrrr.exe (Infected with W32/Malware.DNDS)
File marked for defered cleaning (reboot required)

C:WINDOWSsystem32driversmdelk.exe (Infected with W32/Malware.DNDS)
File marked for defered cleaning (reboot required)

C:WINDOWSsystem32driversmdelk.exe (Infected with W32/Malware.DNDS)
File marked for defered cleaning (reboot required)
Too many infections/an unexpected error (Please contact support)

C:WINDOWSsystem32driverssrosa.sys (Infected with W32/Rootkit.gen7)
File marked for defered cleaning (reboot required)

C:WINDOWSsystem32driverssrosa.sys (Infected with W32/Rootkit.gen7)
File marked for defered cleaning (reboot required)
Too many infections/an unexpected error (Please contact support)

C:WINDOWSsystem32driversdownld1343453.exe (Infected with W32/Spybot.CYZP)
Deleted file

C:WINDOWSsystem32driversdownld1392015.exe (Infected with W32/Bagle.BCY)
Deleted file

C:WINDOWSsystem32driversdownld1394625.exe (Infected with W32/Bagle.BCO)
Deleted file

C:WINDOWSsystem32driversdownld155781.exe (Infected with W32/Spybot.CYZP)
Deleted file

C:WINDOWSsystem32driversdownld156531.exe (Infected with W32/Spybot.CYZP)
Deleted file

C:WINDOWSsystem32driversdownld15960625.exe (Infected with W32/Bagle.BCY)
Deleted file

C:WINDOWSsystem32driversdownld15961859.exe (Infected with W32/Bagle.BCO)
Deleted file

C:WINDOWSsystem32driversdownld169953.exe (Infected with W32/Bagle.BCO)
Deleted file

C:WINDOWSsystem32driversdownld172953.exe (Infected with W32/Spybot.CYZP)
Deleted file

C:WINDOWSsystem32driversdownld185812.exe (Infected with W32/Bagle.BCO)
Deleted file

C:WINDOWSsystem32driversdownld186656.exe (Infected with W32/Bagle.BCY)
Deleted file

C:WINDOWSsystem32driversdownld195125.exe (Infected with W32/Spybot.CYZP)
Deleted file

C:WINDOWSsystem32driversdownld207125.exe (Infected with W32/Bagle.BCY)
Deleted file

C:WINDOWSsystem32driversdownld23045250.exe (Infected with W32/Spybot.CYZP)
Deleted file

C:WINDOWSsystem32driversdownld23076609.exe (Infected with W32/Bagle.BCY)
Deleted file

C:WINDOWSsystem32driversdownld23078062.exe (Infected with W32/Bagle.BCO)
Deleted file

C:WINDOWSsystem32driversdownld37627656.exe (Infected with W32/Spybot.CYZP)
Deleted file

C:WINDOWSsystem32driversdownld37657000.exe (Infected with W32/Bagle.BCZ)
Deleted file

C:WINDOWSsystem32driversdownld52162687.exe (Infected with W32/Spybot.CYZP)
Deleted file

C:WINDOWSsystem32driversdownld52175828.exe (Infected with W32/Bagle.BCY)
Deleted file

C:WINDOWSsystem32driversdownld52178031.exe (Infected with W32/Bagle.BCO)
Deleted file

C:WINDOWSsystem32driversdownld66674890.exe (Infected with W32/Spybot.CYZP)
Deleted file

C:WINDOWSsystem32driversdownld66687156.exe (Infected with W32/Bagle.BCO)
Deleted file

Scanning: c:System Volume Information*.*

Running post-scan cleanup routine:

Number of files found: 1213625
Number of archives unpacked: 8273
Number of files scanned: 1213554
Number of files not scanned: 71
Number of files skipped due to exclude list: 0
Number of infected files found: 41
Number of infected files repaired/deleted: 34
Number of infections removed: 34
Total scanning time: 9h 40m 3s

Det hjalp ikke rigtigt, for hvis den k�res igen efter en restart
kommer n�jagtigt det samme resultat, ogs� de filer den siger den har slettet. Hvad g�r en klog (m�ske mindre klog) nu.

Jan

SVCHOST

2008-07-16T22:38:23+01:00

K�re Spywarefri Forum

Mit problem er, at min computer n�sten g�r i st�, n�r jeg connecter til internettet. Sk�rmen fryser i 10-15 sekunder ad gangen og musemark�ren flytter sig i hak hvert 10-15 sekund.

Jeg kan se i joblisten, at SVCHOST-programmer beslagl�gger min CPU med 97 - 100%. Maskinen k�rer fint indtil jeg connecter til internettet. Mens den connecter g�r den i st�. Efter 15 - 20 minutter bliver det muligt at bruge maskinen, men det foreg�r i hak.

Jeg har s�gt p� Google, og har fundet flere hints om at �rsagen kan v�re en spyware - m�ske en rootkit.

I dag installerede jeg derfor Spyware Doc Doctor fra PCTOOLS. Jeg har scannet og sat i karant�ne, men det har kun gjort problemet v�re. Nu bliver den ved med at v�re l�st, og forbindelsen til internettet falder ud af sig selv. (Jeg skriver derfor fra min kones PC).

Mine prim�re scannere er Bullguard og Webroot spy sweeper. De finder intet. Derudover har jeg scannet med Search & Destroy, Adaware og Superspyware. De har hver i s�r findet noget, som er slettet eller sat i karant�ne.

H�ber I kan hj�lpe mig.

Monster hastighedsneds�ttelse

2008-06-04T05:10:47+01:00

Har fra dd haft et seri�st problem hvor det har taget op til 2 min for min puter atreagere p� hvad jeg beder den om, det er s�rligt udpr�get n�r jeg starter IE op og har en anelse om at det m�ske ogs� h�nger sammen med Bullguard da denne ikke kommer med sin s�dvanlige “update-box” nede i hj�rnet efter de ca 2 min det normalt tager.

Har k�rt AVG i fejlsikret tilstand
Kunne ikke k�re Combofix da den siger det kun virker til 2000 og XP
Har k�rt Hijackthis som admin p� Vista

————————————————————————————-
AVG Anti-Spyware - Scan Report
————————————————————————————-

+ Created at: 02:55:31 04-06-2008

+ Scan result:

Nothing found.

::Report end

Hijackthis log…...............:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:02:50, on 04-06-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:Program Files (x86)Analog DevicesCoresmax4pnp.exe
C:Program Files (x86)Javajre1.6.0_05binjusched.exe
C:Program Files (x86)AdobeReader 8.0Readerreader_sl.exe
C:Program Files (x86)GrisoftAVG Anti-Spyware 7.5avgas.exe
C:Program Files (x86)OpenOffice.org 2.2programsoffice.exe
C:Program Files (x86)OpenOffice.org 2.2programsoffice.BIN
C:WindowsSysWOW64conime.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet ExplorerIEUser.exe
C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:UsersEjerDesktopSpywarefriHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.qnull.net/forum/index_def.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre1.6.0_05binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O4 - HKLM..Run: [SoundMAXPnP] C:Program Files (x86)Analog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SunJavaUpdateSched] “C:Program Files (x86)Javajre1.6.0_05binjusched.exe”
O4 - HKLM..Run: [QuickTime Task] “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
O4 - HKLM..Run: [Adobe Reader Speed Launcher] “C:Program Files (x86)AdobeReader 8.0ReaderReader_sl.exe”
O4 - HKLM..Run: [!AVG Anti-Spyware] “C:Program Files (x86)GrisoftAVG Anti-Spyware 7.5avgas.exe” /minimized
O4 - HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [MsnMsgr] “C:Program Files (x86)MSN MessengerMsnMsgr.Exe” /background
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [BullGuard] “C:Program FilesBullGuard LtdBullGuardbullguard.exe”
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOKAL TJENESTE’)
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOKAL TJENESTE’)
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETV�RKSTJENESTE’)
O4 - Startup: OpenOffice.org 2.2.lnk = C:Program Files (x86)OpenOffice.org 2.2programquickstart.exe
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:PROGRA~2MICROS~1Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program Files (x86)Javajre1.6.0_05binssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program Files (x86)Javajre1.6.0_05binssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program Files (x86)GrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Software - C:Program FilesBullGuard LtdBullGuardBullGuardUpdate.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

—
End of file - 6879 bytes

H�ber det giver mening, blev n�dt til at hente “pakken” i fejlsikret tilstand med netv�rk, og k�rte AVG p� samme opstart, har genstartet normalt nu efterf�lgende og pr�vet at k�re Combofix samt k�rt Hijackthis.