Spywarefri Forum | Langsomt internet

Langsomt internet

[ Ignorer ] brk
08.02.2010 21:40:25 Junior medlem Antal indlæg: 41	Hej med jer.. har i lang tid haft lidt problemer med et langsomt internet.. kører med XP, har en 6/6 forbindelse,har bullquard inst. og spyswepper, bullquard har ved nogle scanninger fundet nogle rootkits, ved ikke om det der er problemet, outlook er også længe om at downloade post, ved ikke om det bare er sådan.. vedlægger et par locs. Malwarebytes’ Anti-Malware 1.44 Database version: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 08-02-2010 19:04:57 mbam-log-2010-02-08 (19-04-57).txt Skan type: Fuldstændig skanning (C:\\|) Objekter skannet: 178117 Tid tilbagelagt: 1 hour(s), 33 minute(s), 1 second(s) Inficerede Hukommelses Processer: 0 Inficerede Hukommelses Moduler: 0 Inficerede Registeringsdatabase Nøgler: 0 Inficerede Registeringsdatabase Værdier: 0 Inficerede Registeringsdatabase Filer: 0 Inficerede Mapper: 0 Inficerede Filer: 1 Inficerede Hukommelses Processer: (Ingen mistænkelige filer fundet) Inficerede Hukommelses Moduler: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Nøgler: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Værdier: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Filer: (Ingen mistænkelige filer fundet) Inficerede Mapper: (Ingen mistænkelige filer fundet) Inficerede Filer: C:\System Volume Information\_restore{E8A02305-D1FD-44C5-8574-CC839C8C7C43}\RP429\A0044655.sys (Malware.Trace) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:15:55, on 08-02-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programmer\Webroot\WebrootSecurity\WRConsumerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe C:\Programmer\Portrait Displays\Pivot Software\wpctrl.exe C:\Programmer\Java\jre6\bin\jusched.exe C:\Programmer\Webroot\WebrootSecurity\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe C:\Programmer\Philips Display\SmartControl II\DTHtml.exe C:\Programmer\Portrait Displays\Pivot Software\floater.exe C:\Programmer\Fælles filer\Portrait Displays\Shared\HookManager.exe C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe C:\Programmer\Java\jre6\bin\jqs.exe C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Programmer\Fælles filer\Portrait Displays\Drivers\pdisrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\Webroot\WebrootSecurity\SpySweeper.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programmer\Internet Explorer\IEXPLORE.EXE C:\Programmer\Internet Explorer\IEXPLORE.EXE C:\Programmer\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [GrooveMonitor] “C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM\..\Run: [TkBellExe] “C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe” -osboot O4 - HKLM\..\Run: [PivotSoftware] “C:\Programmer\Portrait Displays\Pivot Software\wpctrl.exe” O4 - HKLM\..\Run: [DT PHL] “C:\Programmer\Fælles filer\Portrait Displays\Shared\DT_startup.exe” -PHL O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” O4 - HKLM\..\Run: [Adobe ARM] “C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre6\bin\jusched.exe” O4 - HKLM\..\Run: [BullGuard] “C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe” -boot O4 - HKLM\..\Run: [SpySweeper] C:\Programmer\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [Google Update] “C:\Documents and Settings\Bjarne\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe” /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BullGuard] “C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe” O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: Add to Google Photos Screensa&ver; - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.vbstress.dk/auth/controls/IlosoftImageUpload.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\support\bgrasvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe O23 - Service: Google Update Service (gupdate1c986fa1a96e554) (gupdate1c986fa1a96e554) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Programmer\Fælles filer\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Programmer\Webroot\WebrootSecurity\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Programmer\Webroot\WebrootSecurity\WRConsumerService.exe — End of file - 10249 bytes Håber det kan bruges. Vh bjarne
[ Ignorer ] [ # 1 ] Magic Spywarefri
09.02.2010 05:18:33 Administrator Team Spywarefri Antal indlæg: 26199	Hej Afinstaller Spysweeper fra tilføj/fjern programmer i kontrolpanel, da det konflikter med Bullguard. Genstart. Hent og installer Ccleaner her: http://www.filehippo.com/download_ccleaner.html Klik på Download Latest Version Fjern flueben ved - Installer Yahoo toolbar Når du åbner programmet for første gang, vil der være flueben i alle felter. Hvis du ønsker at bevare cookies, kan du fjerne dette flueben. Klik på Kør Cleaner, for at få renset din computer. Du vil nu få en advarsel, om at disse filer slettes fuldstændigt fra dit system, og om du ønsker at fortsætte. Klik på Ok for at svare ja til det. Sæt flueben ved -> Vis mig ikke denne besked igen. Genstart. Hent Malwarebytes Anti-Malware herfra: http://www.spywarefri.dk/downloads1/mbam-setup.exe Eller her -> http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968 Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren). Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen. NB Hvis Malwarebytes Anti-Malware vil genstarte computeren for at fuldføre rensningen så lad den genstarte. Send malwarebyte loggen herind, sammen med en ny hijackthis log og fortæl hvordan tingene kører nu ? Signatur Medlem af: Alliance of Security Analysis Professionals
[ Ignorer ] [ # 2 ] brk
10.02.2010 19:44:50 Junior medlem Antal indlæg: 41	Hej igen.. Har nu slettet spyswepper, det var iøvrigt jer jeg spurgte til råds om jeg kunne have begge programmer install. og fik at vide dengang at så var man da godt dækket ind, lidt ærgeligt når man nu betaler for programmet, men anyway her er loc kørslerne efter sletning med CCleaner, Malwarebytes’ Anti-Malware 1.44 Database version: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09-02-2010 18:43:57 mbam-log-2010-02-09 (18-43-57).txt Skan type: Fuldstændig skanning (C:\\|) Objekter skannet: 177050 Tid tilbagelagt: 1 hour(s), 26 minute(s), 15 second(s) Inficerede Hukommelses Processer: 0 Inficerede Hukommelses Moduler: 0 Inficerede Registeringsdatabase Nøgler: 0 Inficerede Registeringsdatabase Værdier: 0 Inficerede Registeringsdatabase Filer: 0 Inficerede Mapper: 0 Inficerede Filer: 0 Inficerede Hukommelses Processer: (Ingen mistænkelige filer fundet) Inficerede Hukommelses Moduler: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Nøgler: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Værdier: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Filer: (Ingen mistænkelige filer fundet) Inficerede Mapper: (Ingen mistænkelige filer fundet) Inficerede Filer: (Ingen mistænkelige filer fundet) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46:43, on 09-02-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe C:\Programmer\Portrait Displays\Pivot Software\wpctrl.exe C:\Programmer\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe C:\Programmer\Philips Display\SmartControl II\DTHtml.exe C:\Programmer\Fælles filer\Portrait Displays\Shared\HookManager.exe C:\Programmer\Portrait Displays\Pivot Software\floater.exe C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe C:\Programmer\Java\jre6\bin\jqs.exe C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Programmer\Fælles filer\Portrait Displays\Drivers\pdisrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE C:\Programmer\Internet Explorer\IEXPLORE.EXE C:\Programmer\Internet Explorer\IEXPLORE.EXE C:\Programmer\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [GrooveMonitor] “C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM\..\Run: [TkBellExe] “C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe” -osboot O4 - HKLM\..\Run: [PivotSoftware] “C:\Programmer\Portrait Displays\Pivot Software\wpctrl.exe” O4 - HKLM\..\Run: [DT PHL] “C:\Programmer\Fælles filer\Portrait Displays\Shared\DT_startup.exe” -PHL O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” O4 - HKLM\..\Run: [Adobe ARM] “C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre6\bin\jusched.exe” O4 - HKLM\..\Run: [BullGuard] “C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe” -boot O4 - HKLM\..\RunOnce: [Malwarebytes’ Anti-Malware] C:\Programmer\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Google Update] “C:\Documents and Settings\Bjarne\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe” /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BullGuard] “C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe” O4 - HKCU\..\Run: [DWQueuedReporting] “C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe” -t O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: Add to Google Photos Screensa&ver; - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.vbstress.dk/auth/controls/IlosoftImageUpload.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\support\bgrasvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe O23 - Service: Google Update Service (gupdate1c986fa1a96e554) (gupdate1c986fa1a96e554) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Programmer\Fælles filer\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe — End of file - 9884 bytes Synes ikke at der er det store fremskridt at spore, comp. er 2,5min om at downloade 16 medd. i outlook… og det er ikke hurtige skift når man er på internettet, er loc. ok. Vh Bjarne og den tænker stadig
[ Ignorer ] [ # 3 ] Magic Spywarefri
11.02.2010 05:10:11 Administrator Team Spywarefri Antal indlæg: 26199	Ok. Hent Combofix, og gem den på dit skrivebord, som alg.exe: ComboFix Luk alle andre vinduer ned. Kør så combofix.exe, og følg anvisningerne. Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix txt Indholdet af denne fil må du gerne lægge herind NB. Før du sender logfilerne, beder vi dig om at fjerne enhvert P2P/fildelings program, hvis du har nogen, og dette inkluderer Torrent software, før vi renser computeren. Signatur Medlem af: Alliance of Security Analysis Professionals
[ Ignorer ] [ # 4 ] brk
11.02.2010 21:18:31 Junior medlem Antal indlæg: 41	Hej igen.. Her er så kørslen med Combofix.. mener ikke selv at jeg skulle have nogle fildelingsprogrammer på comp.. ComboFix 10-02-11.02 - Bjarne 11-02-2010 21:01:22.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1015.644 [GMT 1:00] Kører fra: c:\documents and settings\Bjarne\Skrivebord\ComboFix.exe AV: BullGuard Antivirus On-access scanning disabled (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard Firewall disabled {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !! . ((((((((((((((((((((((((((((( Filer skabt fra 2010-01-11 til 2010-02-11 ))))))))))))))))))))))))))))))))))) . 2010-02-09 16:13 . 2010-02-09 16:13 5115823 ——a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\mbam-setup.exe 2010-02-09 16:12 . 2010-01-07 15:07 19160 ——a-w- c:\windows\system32\drivers\mbam.sys 2010-02-09 16:12 . 2010-01-07 15:07 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-09 16:12 . 2010-02-09 16:13 ———— d——-w- c:\programmer\Malwarebytes’ Anti-Malware 2010-02-08 18:15 . 2010-02-08 18:15 ———— d——-w- c:\programmer\Trend Micro 2010-02-04 15:20 . 2010-02-04 15:20 ———— d——-w- c:\windows\Downloaded Installations 2010-01-24 14:07 . 2009-01-23 13:48 55504 ——a-w- c:\windows\system32\drivers\BdFileSpy.sys 2010-01-24 14:07 . 2010-01-24 14:07 ———— d——-w- c:\programmer\BullGuard Ltd . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-11 19:43 . 2009-02-04 18:52 ———— d——-w- c:\documents and settings\All Users\Application Data\Google Updater 2010-02-11 17:18 . 2008-09-27 11:47 ———— d——-w- c:\documents and settings\All Users\Application Data\BullGuard 2010-02-10 18:37 . 2008-05-15 11:23 ———— d——-w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-02-10 15:27 . 2009-02-02 16:16 ———— d——-w- c:\programmer\Google 2010-02-09 18:59 . 2008-08-26 09:08 ———— d——-w- c:\programmer\Fælles filer\Adobe 2010-02-04 15:20 . 2008-09-29 12:09 ———— d——-w- c:\programmer\Fælles filer\InstallShield 2010-01-28 14:54 . 2009-03-09 14:21 ———— d——-w- c:\programmer\PartyGaming 2010-01-21 16:51 . 2010-01-09 14:24 ———— d——-w- c:\programmer\Microsoft Silverlight 2010-01-11 16:34 . 2008-12-22 15:21 ———— d——-w- c:\programmer\Windows Live Safety Center 2010-01-09 22:33 . 2008-11-13 20:30 0 ——a-w- c:\documents and settings\Bjarne\temp.dat 2009-12-31 16:50 . 2004-08-27 12:00 353792 ——a-w- c:\windows\system32\drivers\srv.sys 2009-12-29 15:21 . 2009-12-29 15:21 ———— d——-w- c:\documents and settings\Bjarne\Application Data\AVG8 2009-12-21 19:08 . 2004-08-27 12:00 916480 ——a-w- c:\windows\system32\wininet.dll 2009-12-21 10:29 . 2009-03-09 18:43 ———— d——-w- c:\programmer\Java 2009-12-21 10:27 . 2009-11-18 21:09 152576 ——a-w- c:\documents and settings\Bjarne\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-21 10:27 . 2009-11-18 21:08 79488 ——a-w- c:\documents and settings\Bjarne\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-17 07:41 . 2008-08-08 14:22 344576 ——a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:09 . 2004-08-27 12:00 33280 ——a-w- c:\windows\system32\csrsrv.dll 2009-12-11 09:10 . 2004-08-27 12:00 91848 ——a-w- c:\windows\system32\perfc006.dat 2009-12-11 09:10 . 2004-08-27 12:00 482074 ——a-w- c:\windows\system32\perfh006.dat 2009-12-09 10:10 . 2004-08-27 12:00 2147840 ———w- c:\windows\system32\ntoskrnl.exe 2009-12-09 10:10 . 2004-08-26 17:50 2026496 ———w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 2004-08-27 12:00 455424 ——a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-01 18:24 . 2009-11-01 22:12 164 ——a-w- c:\windows\install.dat 2009-11-27 17:13 . 2004-08-27 12:00 1295872 ——a-w- c:\windows\system32\quartz.dll 2009-11-27 17:13 . 2004-08-26 17:53 17920 ——a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:09 . 2004-08-27 12:00 85504 ——a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:09 . 2004-08-27 12:00 28672 ——a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:09 . 2004-08-27 12:00 11264 ——a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:09 . 2004-08-26 17:53 48128 ——a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:09 . 2001-10-04 17:07 8704 ——a-w- c:\windows\system32\tsbyuv.dll 2009-11-21 15:58 . 2004-08-27 12:00 471552 ——a-w- c:\windows\AppPatch\aclayers.dll 2008-08-19 15:05 . 2008-08-19 15:05 23 —sha-w- c:\windows\system32\adfddfad7_g.dll . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Google Update”=“c:\documents and settings\Bjarne\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe” [2008-09-03 133104] “BullGuard”=“c:\programmer\BullGuard Ltd\BullGuard\bullguard.exe” [2010-01-24 304464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “GrooveMonitor”=“c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072] “TkBellExe”=“c:\programmer\Fælles filer\Real\Update_OB\realsched.exe” [2009-08-26 198160] “PivotSoftware”=“c:\programmer\Portrait Displays\Pivot Software\wpctrl.exe” [2007-02-09 694008] “DT PHL”=“c:\programmer\Fælles filer\Portrait Displays\Shared\DT_startup.exe” [2008-06-21 81920] “SunJavaUpdateSched”=“c:\programmer\Java\jre6\bin\jusched.exe” [2009-10-11 149280] “BullGuard”=“c:\programmer\BullGuard Ltd\BullGuard\bullguard.exe” [2010-01-24 304464] “Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-12-22 35760] “Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2009-12-11 948672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @=“Driver” [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Kodak software updater.lnk] path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Kodak software updater.lnk backup=c:\windows\pss\Kodak software updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Windows Search.lnk] path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bjarne^Menuen Start^Programmer^Start^Screen Clipper and Launcher til OneNote 2007.lnk] path=c:\documents and settings\Bjarne\Menuen Start\Programmer\Start\Screen Clipper and Launcher til OneNote 2007.lnk backup=c:\windows\pss\Screen Clipper and Launcher til OneNote 2007.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ——a-w- c:\programmer\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit] 2001-05-10 16:49 102400 ——a-w- c:\programmer\Creative\SBLive\Program\AHQInit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ] 2001-08-17 16:01 180224 ——a-w- c:\programmer\Creative\SBLive\AudioHQ\ahqtb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 16:05 15360 ———w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-09-03 10:00 133104 ——-tw- c:\documents and settings\Bjarne\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ——a-w- c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2004-05-12 13:18 241664 ——a-w- c:\programmer\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2004-02-12 11:38 49152 ——a-w- c:\programmer\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-09-20 07:32 77824 ——a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-09-20 07:36 114688 ——a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-09-20 07:35 94208 ——a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 16:05 1695232 ———w- c:\programmer\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-06-25 13:12 1414144 ——a-w- c:\programmer\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2009-06-23 14:50 434176 ——a-w- c:\programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 ——a-w- c:\windows\Updreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusOverride”=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\\system32\\sessmgr.exe”= “c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”= “c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE”= “c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”= “%windir%\\Network Diagnostic\\xpnetdiag.exe”= “c:\\Programmer\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\sandra.exe”= “c:\\Programmer\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\RpcSandraSrv.exe”= “c:\\Programmer\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\RpcDataSrv.exe”= “c:\\Programmer\\Messenger\\msmsgs.exe”= “c:\\Programmer\\Sony Ericsson\\Update Service\\Update Service.exe”= R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [24-01-2010 15:07 55504] R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [27-08-2004 13:00 14336] R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [27-08-2004 13:00 14336] R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [27-08-2004 13:00 14336] R2 PdiService;Portrait Displays SDK Service;c:\programmer\Fælles filer\Portrait Displays\Drivers\pdisrvc.exe [27-09-2009 12:38 90112] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [23-03-2009 13:07 31128] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [23-03-2009 13:07 257304] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [29-08-2009 21:38 27632] S2 gupdate1c986fa1a96e554;Google Update Service (gupdate1c986fa1a96e554);c:\programmer\Google\Update\GoogleUpdate.exe [04-02-2009 19:55 133104] S2 OMSI download service;Sony Ericsson OMSI download service;c:\programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [29-08-2009 21:33 90112] S3 BGRaSvc;BGRaSvc;c:\programmer\BullGuard Ltd\BullGuard\support\BGRaSvc.exe [01-06-2009 12:50 79184] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [29-08-2009 21:30 13224] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [29-08-2009 21:34 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [29-08-2009 21:34 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [29-08-2009 21:34 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [29-08-2009 21:34 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [29-08-2009 21:34 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [29-08-2009 21:34 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [29-08-2009 21:34 115752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire . Indhold af mappen ‘Planlagte Opgaver’ 2010-02-11 c:\windows\Tasks\Google Software Updater.job - c:\programmer\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-02 16:00] 2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmer\Google\Update\GoogleUpdate.exe [2009-02-04 18:55] 2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmer\Google\Update\GoogleUpdate.exe [2009-02-04 18:55] 2010-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1303643608-725345543-1003Core.job - c:\documents and settings\Bjarne\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 10:00] 2010-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1303643608-725345543-1003UA.job - c:\documents and settings\Bjarne\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 10:00] 2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{2F38BA08-7F55-4950-92A9-9C29934E88EC}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ———- Yderligere scanning———- . uStart Page = hxxp://www.google.dk uInternet Connection Wizard,ShellNext = iexplore IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\BGLsp.dll Trusted Zone: microsoft.com\update DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.vbstress.dk/auth/controls/IlosoftImageUpload.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-11 21:07 Windows 5.1.2600 Service Pack 3 NTFS scanner skjulte processer ... scanner skjulte autostarter ... scanner skjulte filer ... scanning gennemført med succes skjulte filer: 0 ************************************************************************ .——————————- LÅSTE REGISTRERINGS NØGLER——————————- [HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&369939d9;&0\LogConf] @DACL=(02 0000) “BasicConfigVector”=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\ “BootConfig”=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00, 00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff [HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid;_c501\7&519ea6e;&0&0000;\LogConf] @DACL=(02 0000) .——————————- DLLs startet under kørende Processer——————————- - - - - - - - > ‘lsass.exe’(948) c:\windows\system32\BGLsp.dll - - - - - - - > ‘explorer.exe’(3784) c:\programmer\Portrait Displays\Pivot Software\winphook.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Gennemført tid: 2010-02-11 21:10:15 ComboFix-quarantined-files.txt 2010-02-11 20:10 ComboFix2.txt 2010-01-19 20:32 Pre-Kørsel: 22.039.314.432 byte ledig Post-Kørsel: 22.088.437.760 byte ledig - - End Of File - - 17C478F8E4957905120B5722AF92A2B1 Vh Bjarne
[ Ignorer ] [ # 5 ] Magic Spywarefri
12.02.2010 06:18:04 Administrator Team Spywarefri Antal indlæg: 26199	Det ser egentlig godt nok ud. Send en ny hijackthis log herind, og fortæl hvordan tinngene kører nu ? Signatur Medlem af: Alliance of Security Analysis Professionals
[ Ignorer ] [ # 6 ] brk
12.02.2010 14:00:39 Junior medlem Antal indlæg: 41	Hej igen.. Umiddelbart kører det ok, synes bare at det er mærkeligt at en internet side ikke bare åbner umiddelbart når man klikker på den, og at posten ikke bare kommer i en strid strøm når man modtager post, kan det være fordi at der kun er 1 GB ram på maskinen? ellers må jeg da bare leve med det, her er en log fra hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:52:07, on 12-02-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe C:\Programmer\Portrait Displays\Pivot Software\wpctrl.exe C:\Programmer\Java\jre6\bin\jusched.exe C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe C:\Programmer\Philips Display\SmartControl II\DTHtml.exe C:\Programmer\Portrait Displays\Pivot Software\floater.exe C:\Programmer\Fælles filer\Portrait Displays\Shared\HookManager.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe C:\Programmer\Java\jre6\bin\jqs.exe C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Programmer\Fælles filer\Portrait Displays\Drivers\pdisrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Programmer\Internet Explorer\IEXPLORE.EXE C:\Programmer\Internet Explorer\IEXPLORE.EXE C:\Programmer\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [GrooveMonitor] “C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM\..\Run: [TkBellExe] “C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe” -osboot O4 - HKLM\..\Run: [PivotSoftware] “C:\Programmer\Portrait Displays\Pivot Software\wpctrl.exe” O4 - HKLM\..\Run: [DT PHL] “C:\Programmer\Fælles filer\Portrait Displays\Shared\DT_startup.exe” -PHL O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre6\bin\jusched.exe” O4 - HKLM\..\Run: [BullGuard] “C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe” -boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” O4 - HKLM\..\Run: [Adobe ARM] “C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” O4 - HKCU\..\Run: [Google Update] “C:\Documents and Settings\Bjarne\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe” /c O4 - HKCU\..\Run: [BullGuard] “C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe” O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: Add to Google Photos Screensa&ver; - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.vbstress.dk/auth/controls/IlosoftImageUpload.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\support\bgrasvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe O23 - Service: Google Update Service (gupdate1c986fa1a96e554) (gupdate1c986fa1a96e554) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Programmer\Fælles filer\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe — End of file - 9716 byt ser det ok ud.. Vh BJarne
[ Ignorer ] [ # 7 ] brk
25.02.2010 18:48:03 Junior medlem Antal indlæg: 41	Jamen umiddelbart kører den ok, ved ikke om hijackthis log viste noget, venter egentlig på et svar det er længe siden jeg har sendt loggen ind… ellers lukker du bare denne tråd.. Venlig hilsen Bjarne