Spywarefri Forum | pc confidential :( !

pc confidential :( !

[ Ignorer ] Muzo
10.03.2010 16:33:55 Antal indlæg: 49	Har det her: http://img34.imageshack.us/img34/3188/kanikstarte.png http://img34.imageshack.us/img34/3188/kanikstarte.th.png Hvordan fjerner jeg det :O ! .
[ Ignorer ] [ # 1 ] Peder TeamSpywarefri
10.03.2010 17:27:19 Redaktør Team Spywarefri Antal indlæg: 12994	Hent Malwarebytes Anti-Malware herfra: http://www.besttechie.net/tools/mbam-setup.exe Eller herfra -> http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren). Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen. Kopier indholdet herind i denne tråd. Vigtigt: Du skal, inden du klikker på ”Skan” knappen i Malwarebytes Anti-Malware gå op i fanen ”Opdater”, klik på ”Tjek for opdatering”, bliv ved til den skriver du har nyeste database, (DET SKAL UDFØRES). Skulle du have problemer med at få Malwarebytes til at køre, så hent ét af disse programmer: Rkill.com - http://download.bleepingcomputer.com/grinler/rkill.com Rkill.scr - http://download.bleepingcomputer.com/grinler/rkill.scr Dobbeltklik på rkill.com eller rkill.scr et par gange og prøv derefter Malwarebytes igen. Hent nyeste version af HijackThis ned til skrivebordet Her: http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html 2. Dobbeltklik på installationsfilen, og følg installationsvejledningen. 3. Dobbeltklik på det nye HijackThis ikon på skrivebordet. 4. På menuen der kommer op, klikker du på: Do a systemscan and save a logfile. 5. Efter et kort øjeblik åbner en logfil i notesblok, gem den. 6. Sådan kopieres loggen ind i et spørgsmål: Mens loggen er åben, markeres al teksten med tastekombinationen CTRL + A. For at kopiere den markerede tekst bruges tastekombinationen CTRL + C, som ”fastgør” det i udklipsholderen i Windows. Gå så ind i dit spørgsmål og klik på kommentér knappen. Her indsættes det kopierede i det hvide felt med tastekombinationen CTRL + V. Send så hijackThis loggen herind, sammen med en malwarebyte log.
[ Ignorer ] [ # 2 ] Muzo
11.03.2010 14:15:24 Antal indlæg: 49	malware bits: Malwarebytes' Anti-Malware 1.44 Database version: 3849 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 10-03-2010 23:45:46 mbam-log-2010-03-10 (23-45-43).txt Skan type: Fuldstændig skanning (C:\\|) Objekter skannet: 324541 Tid tilbagelagt: 2 hour(s), 13 minute(s), 54 second(s) Inficerede Hukommelses Processer: 0 Inficerede Hukommelses Moduler: 0 Inficerede Registeringsdatabase Nøgler: 2 Inficerede Registeringsdatabase Værdier: 0 Inficerede Registeringsdatabase Filer: 0 Inficerede Mapper: 0 Inficerede Filer: 1 Inficerede Hukommelses Processer: (Ingen mistænkelige filer fundet) Inficerede Hukommelses Moduler: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Nøgler: HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\videosoft (Trojan.DNSChanger) -> No action taken. Inficerede Registeringsdatabase Værdier: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Filer: (Ingen mistænkelige filer fundet) Inficerede Mapper: (Ingen mistænkelige filer fundet) Inficerede Filer: C:\System Volume Information\_restore{C5EDB351-7B8D-414C-8A02-BA5DD22F9B5C}\RP429\A0155914.exe (Rogue.Installer) -> No action taken. Kan i ikke tjekke den også sårn generalt .. tak Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:14:43, on 11-03-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\Programmer\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmer\Razer\Salmosa\razerhid.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Actual Window Minimizer\ActualWindowMinimizerCenter.exe C:\Documents and Settings\Musa\Lokale indstillinger\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programmer\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\Java\jre6\bin\jqs.exe C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Programmer\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programmer\Razer\Salmosa\razerofa.exe C:\Programmer\iPod\bin\iPodService.exe C:\Programmer\IObit\Game Booster\gbtray.exe C:\Programmer\Mozilla Firefox\firefox.exe C:\PROGRAMMER\JAVA\JDK1.6.0_13\BIN\javaw.exe C:\Programmer\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://danskebank.dk/da-dk/Pages/default.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Programmer\Winferno\PC Confidential\PCCBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programmer\Xi\NetXfer\NXIEHelper.dll O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programmer\Xi\NetXfer\NXToolBar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Programmer\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\Run: [Skype Recorder] "C:\Programmer\Skype Recorder\Skype Recorder.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Salmosa] C:\Programmer\Razer\Salmosa\razerhid.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Musa\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Actual Window Minimizer] "C:\Programmer\Actual Window Minimizer\ActualWindowMinimizerCenter.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver; - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download alle med NetXfer - C:\Programmer\Xi\NetXfer\NXAddList.html O8 - Extra context menu item: Download med NetXfer - C:\Programmer\Xi\NetXfer\NXAddLink.html O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programmer\Winferno\PC Confidential\PCConfidential.exe O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programmer\Winferno\PC Confidential\PCConfidential.exe O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Programmer\Winferno\PC Confidential\PCConfidential.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://dkbn.dk/imageuploader/ImageUploader5.cab O16 - DPF: {B6905E70-4B33-11D3-A498-0008C7DB06E6} (Navision Axapta Web Deployment Client) - http://www.myclinic.dk/axapta/axaptaconfig/AxWebDeploy.cab O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{246C089A-A52B-4E4E-B274-687D464E5DFB}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC1C126-8F69-4786-8253-0E6766846EEC}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{246C089A-A52B-4E4E-B274-687D464E5DFB}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS4\Services\Tcpip\..\{246C089A-A52B-4E4E-B274-687D464E5DFB}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: cplib - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 14425 bytes
[ Ignorer ] [ # 3 ] Peder TeamSpywarefri
11.03.2010 15:44:05 Redaktør Team Spywarefri Antal indlæg: 12994	Vista bruger skal klikke med højre-musetast på HijackThis – vælg ”Kør som administrator” Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked. O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Programmer\Winferno\PC Confidential\PCCBHO.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programmer\Winferno\PC Confidential\PCConfidential.exe O9 - Extra ‘Tools’ menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programmer\Winferno\PC Confidential\PCConfidential.exe O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Programmer\Winferno\PC Confidential\PCConfidential.exe Hent Combofix, og gem den i en mappe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind: Killall:: Snapshot:: Folder:: C:\Programmer\Winferno klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet. Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen. http://www.fromsej.saknet.dk/billeder/swfcombo.gif Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Kopier den fremkomne log herind sammen med en ny log fra HijackThis. PS: Lad venlig være med at ændre farve på skrift.
[ Ignorer ] [ # 4 ] Muzo
11.03.2010 18:13:45 Antal indlæg: 49	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:06:35, on 11-03-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmer\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmer\Fælles filer\Java\Java Update\jusched.exe C:\Programmer\Freecorder\FLVSrvc.exe C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmer\iTunes\iTunesHelper.exe C:\Programmer\Razer\Salmosa\razerhid.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Musa\Lokale indstillinger\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe C:\Programmer\Actual Window Minimizer\ActualWindowMinimizerCenter.exe C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programmer\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\Java\jre6\bin\jqs.exe C:\Programmer\Malwarebytes’ Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programmer\AVG\AVG8\avgcsrvx.exe C:\Programmer\Razer\Salmosa\razerofa.exe C:\Programmer\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\explorer.exe C:\Programmer\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://danskebank.dk/da-dk/Pages/default.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programmer\Xi\NetXfer\NXIEHelper.dll O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programmer\Xi\NetXfer\NXToolBar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvMediaCenter] “C:\WINDOWS\system32\RUNDLL32.EXE” C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] “C:\WINDOWS\system32\RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] “C:\WINDOWS\KHALMNPR.EXE” O4 - HKLM\..\Run: [Synchronization Manager] “C:\WINDOWS\system32\mobsync.exe” /logon O4 - HKLM\..\Run: [Aminova WordSeeker] “C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe” SHORTCUT O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Fælles filer\Java\Java Update\jusched.exe” O4 - HKLM\..\Run: [Freecorder FLV Service] “C:\Programmer\Freecorder\FLVSrvc.exe” /run O4 - HKLM\..\Run: [Skype Recorder] “C:\Programmer\Skype Recorder\Skype Recorder.exe” O4 - HKLM\..\Run: [GrooveMonitor] “C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\qttask.exe” -atboottime O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe” O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” O4 - HKLM\..\Run: [Adobe ARM] “C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” O4 - HKLM\..\Run: [Salmosa] C:\Programmer\Razer\Salmosa\razerhid.exe O4 - HKLM\..\Run: [Malwarebytes’ Anti-Malware] “C:\Programmer\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe O4 - HKCU\..\Run: [swg] “C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] “C:\Documents and Settings\Musa\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe” /c O4 - HKCU\..\Run: [Actual Window Minimizer] “C:\Programmer\Actual Window Minimizer\ActualWindowMinimizerCenter.exe” O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver; - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download alle med NetXfer - C:\Programmer\Xi\NetXfer\NXAddList.html O8 - Extra context menu item: Download med NetXfer - C:\Programmer\Xi\NetXfer\NXAddLink.html O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://dkbn.dk/imageuploader/ImageUploader5.cab O16 - DPF: {B6905E70-4B33-11D3-A498-0008C7DB06E6} (Navision Axapta Web Deployment Client) - http://www.myclinic.dk/axapta/axaptaconfig/AxWebDeploy.cab O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{246C089A-A52B-4E4E-B274-687D464E5DFB}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC1C126-8F69-4786-8253-0E6766846EEC}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{246C089A-A52B-4E4E-B274-687D464E5DFB}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS4\Services\Tcpip\..\{246C089A-A52B-4E4E-B274-687D464E5DFB}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: cplib - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmer\Malwarebytes’ Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe — End of file - 13622 bytes - Tak for hjælpen Men der kom altså ingen log fra combo .. og kom til at bare trykke combo istedet for at smide med musen ind :b ! [ Rettet: 11.03.2010, 20:18 af Fromsej TeamSpywarefri ]*
[ Ignorer ] [ # 5 ] Muzo
11.03.2010 19:02:03 Antal indlæg: 49	- Edit: Det er ikke mig der piller ved farverne :O
[ Ignorer ] [ # 6 ] Fromsej TeamSpywarefri
11.03.2010 20:19:26 Administrator Team Spywarefri Antal indlæg: 54701	Du klikker på Code, derfor ser de sådan ud. (Jeg har fjernet det i den seneste log) Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 7 ] Muzo
11.03.2010 20:28:05 Antal indlæg: 49	Nåå .. det må jeg være vant til fra andre forumer .. Har pt. Avg .. kan i anbefale et bedre anti virus program .. altså sårn et all in one security halløj Tak .. bruger udover det .. Ad-aware udover det. ..
[ Ignorer ] [ # 8 ] Peder TeamSpywarefri
11.03.2010 20:46:24 Redaktør Team Spywarefri Antal indlæg: 12994	Vi skulle gerne se en log fra Combofix. Jeg har vedhæftet en fil til dette indlæg, klik med højre musetast på den > Gem destination som > Gem den samme sted som Combofix. Klik så med venstre musetast på CFScript.txt hold tasten nede medens du trækker den over på ikonet for Combofix, slip så. Nu skal Combofix køre, hvis den advarer om dit antivirusprogram klikker du bare ok så vil combofix forsætte. Hvis du kan så deaktiver dit antivirusprogram inden du kører combofix. Ha´ så tålmodighed, det kan godt ta´ 30 min at køre den, så længe markøren blinker arbejder den. Logfilen skal nok åbne automatisk. Vedhæftede filer CFScript.txt (Filstørrelse: 1 - Downloads: 137)
[ Ignorer ] [ # 9 ] Muzo
11.03.2010 21:24:33 Antal indlæg: 49	ComboFix 10-03-10.08 - Musa 11-03-2010 20:01:12.9.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.2046.1449 [GMT 1:00] Kører fra: c:\documents and settings\Musa\Skrivebord\Værktøjer\Scan\ComboFix.exe Kommandoer benyttet :: c:\documents and settings\Musa\Skrivebord\CFScript.txt AV: AVG Anti-Virus On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Dannede nyt systemgendannelsespunkt advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !! . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Musa\Application Data\inst.exe c:\programmer\Winferno c:\programmer\Winferno\PC Confidential\DeleteIndex.exe c:\programmer\Winferno\PC Confidential\Graphics\HandPoint.ico c:\programmer\Winferno\PC Confidential\PCCL.DLL c:\programmer\Winferno\PC Confidential\PCConfidential.chm c:\programmer\Winferno\PC Confidential\PCConfidential.exe c:\programmer\Winferno\PC Confidential\PCCST.exe c:\programmer\Winferno\PC Confidential\unins000.dat c:\programmer\Winferno\PC Confidential\unins000.exe c:\programmer\Winferno\PC Confidential\WinCMR.dll c:\programmer\Winferno\PC Confidential\WinfernoSoftware.url c:\windows\system32\AutoRun.inf c:\windows\system32\tmp.reg . ((((((((((((((((((((((((((((( Filer skabt fra 2010-02-11 til 2010-03-11 ))))))))))))))))))))))))))))))))))) . 2010-03-10 20:13 . 2010-03-10 20:13 ———— d——-w- c:\programmer\Trend Micro 2010-03-07 14:07 . 2010-03-09 18:38 ———— d——-w- c:\documents and settings\Musa\Application Data\vlc 2010-03-06 00:49 . 2010-03-06 08:27 11952 ——a-w- c:\windows\system32\avgrsstx.dll 2010-03-06 00:49 . 2010-03-06 00:49 12552 ——a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-03-06 00:49 . 2010-03-06 00:49 108552 ——a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-06 00:48 . 2010-03-06 08:27 335240 ——a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-06 00:48 . 2010-03-06 08:27 27784 ——a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-06 00:48 . 2010-03-11 12:06 ———— d——-w- c:\windows\system32\drivers\Avg 2010-03-06 00:48 . 2010-03-06 00:48 ———— d——-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2010-03-06 00:48 . 2010-03-06 00:48 ———— d——-w- c:\programmer\AVG 2010-03-01 18:03 . 2010-03-01 18:03 ———— d——-w- c:\programmer\Emicsoft Studio 2010-03-01 15:28 . 2010-03-01 15:28 ———— d——-w- c:\programmer\Razer 2010-03-01 15:28 . 2008-03-20 15:59 9344 ——a-w- c:\windows\system32\drivers\Salmosa.sys 2010-02-28 12:25 . 2010-03-06 10:50 ———— d——-w- c:\programmer\PC Satellite TV 2010-02-27 08:01 . 2010-02-27 08:01 ———— d——-w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Google 2010-02-27 07:55 . 2010-02-27 07:56 ———— d——-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Temp 2010-02-25 20:03 . 2010-02-25 20:03 ———— d——-w- c:\programmer\WCHacker 2010-02-17 21:40 . 2010-02-17 21:40 ———— d——-w- c:\programmer\vSoft 2010-02-11 13:31 . 2010-02-11 13:31 ———— d——-w- c:\programmer\IObit 2010-02-10 15:58 . 2010-01-05 09:56 78336 -c——w- c:\windows\system32\dllcache\ieencode.dll 2010-02-10 15:58 . 2010-01-05 09:56 78336 ———w- c:\windows\system32\ieencode.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-11 18:52 . 2007-10-13 15:57 ———— d——-w- c:\programmer\Fælles filer\Logitech 2010-03-11 16:02 . 2007-10-13 11:11 ———— d—h—w- c:\programmer\InstallShield Installation Information 2010-03-11 13:14 . 2009-09-02 14:40 69 ——a-w- c:\documents and settings\Musa\jagex_runescape_preferences2.dat 2010-03-11 13:14 . 2008-01-31 13:42 ———— d——-w- c:\programmer\SwiftKit 2010-03-11 13:05 . 2008-07-30 05:45 69 ——a-w- c:\documents and settings\Musa\jagex_runescape_preferences.dat 2010-03-10 20:08 . 2009-10-24 13:59 ———— d——-w- c:\documents and settings\Musa\Application Data\uTorrent 2010-03-10 14:19 . 2009-10-24 14:00 ———— d——-w- c:\programmer\uTorrent 2010-03-09 14:00 . 2008-05-26 11:33 ———— d——-w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-09 10:13 . 2007-10-13 18:09 ———— d——-w- c:\programmer\Steam 2010-03-07 21:35 . 2010-02-06 20:37 ———— d——-w- c:\documents and settings\All Users\Application Data\Avira 2010-03-06 21:06 . 2009-07-02 14:08 ———— d——-w- c:\documents and settings\Musa\Application Data\Skype 2010-03-06 18:51 . 2007-12-04 19:16 ———— d——-w- c:\documents and settings\Musa\Application Data\skypePM 2010-03-06 14:25 . 2008-05-31 10:24 ———— d——-w- c:\documents and settings\Musa\Application Data\LimeWire 2010-03-06 00:48 . 2009-10-22 15:24 ———— d——-w- c:\documents and settings\All Users\Application Data\avg8 2010-03-04 10:51 . 2009-09-08 13:31 ———— d——-w- c:\programmer\Malwarebytes’ Anti-Malware 2010-02-24 21:54 . 2007-10-13 16:33 ———— d——-w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-02-23 14:24 . 2007-10-26 20:46 ———— d——-w- c:\programmer\Fælles filer\Adobe 2010-02-17 21:50 . 2007-10-13 15:35 ———— d——-w- c:\programmer\Google 2010-02-10 20:58 . 2009-05-21 07:41 ———— d——-r- c:\programmer\Skype 2010-02-08 11:36 . 2007-10-14 08:13 ———— d——-w- c:\programmer\iTunes 2010-02-08 11:35 . 2010-02-08 11:35 ———— d——-w- c:\programmer\iPod 2010-02-08 11:35 . 2007-10-14 08:12 ———— d——-w- c:\programmer\Fælles filer\Apple 2010-02-08 11:31 . 2010-02-08 11:31 ———— d——-w- c:\programmer\QuickTime 2010-02-08 10:16 . 2009-02-24 20:10 ———— d——-w- c:\programmer\SCAR 2.03 2010-02-08 10:16 . 2009-09-23 19:12 ———— d——-w- c:\programmer\Pixeline 2010-02-08 10:10 . 2009-12-26 19:53 ———— d——-w- c:\programmer\Skype Recorder 2010-02-08 10:10 . 2009-09-24 13:32 ———— d——-w- c:\programmer\Mixxx 2010-02-06 21:06 . 2010-02-07 12:56 15880 ——a-w- c:\windows\system32\lsdelete.exe 2010-02-06 21:05 . 2010-02-06 21:05 ———— dc-h—w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-02-06 21:04 . 2007-10-31 21:11 ———— d——-w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-02-06 21:03 . 2008-02-10 12:32 ———— d—-a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-06 20:43 . 2010-02-06 20:37 56816 ——a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-02 14:41 . 2010-02-02 14:41 ———— d——-w- c:\programmer\Native Instruments 2010-02-01 15:59 . 2007-10-13 17:14 ———— d——-w- c:\programmer\Fælles filer\Java 2010-02-01 15:59 . 2007-10-13 17:16 ———— d——-w- c:\programmer\Java 2010-01-31 00:17 . 2008-05-25 19:19 ———— d——-w- c:\programmer\Enigma Software Group 2010-01-30 21:17 . 2009-11-16 18:43 ———— d——-w- c:\programmer\Citrix 2010-01-30 21:15 . 2010-01-29 13:46 ———— d——-w- c:\programmer\Carambis 2010-01-30 21:11 . 2010-01-30 21:11 ———— d——-w- c:\documents and settings\All Users\Application Data\Winferno 2010-01-30 21:06 . 2007-10-13 10:39 ———— d——-w- c:\programmer\Common Files 2010-01-30 21:00 . 2010-01-30 21:00 ———— d——-w- c:\programmer\Free Offers from Freeze.com 2010-01-29 13:41 . 2010-01-29 13:41 ———— d——-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-27 21:37 . 2010-01-26 20:02 916128 ——a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat 2010-01-27 14:30 . 2010-01-27 14:28 ———— d——-w- c:\programmer\Shutter 2010-01-27 11:41 . 2008-08-09 15:13 664 ——a-w- c:\windows\system32\d3d9caps.dat 2010-01-26 19:47 . 2010-01-26 19:47 ———— dc-h—w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C} 2010-01-25 14:30 . 2010-01-25 14:30 ———— d——-w- c:\documents and settings\Musa\Application Data\Uniblue 2010-01-25 14:25 . 2010-01-25 14:24 ———— d——-w- c:\programmer\Uniblue 2010-01-25 14:24 . 2010-01-25 14:24 ———— dc-h—w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2010-01-23 10:45 . 2009-04-12 07:12 ———— d——-w- c:\programmer\Microsoft Silverlight 2010-01-21 14:58 . 2007-10-13 15:44 93192 ——a-w- c:\documents and settings\Musa\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT 2010-01-21 13:53 . 2007-10-13 16:37 ———— d——-w- c:\programmer\Microsoft Works 2010-01-07 15:07 . 2009-09-08 13:31 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-09-08 13:31 19160 ——a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 09:56 . 2004-08-27 12:00 832512 ——a-w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2008-05-18 20:29 17408 ———w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2008-05-18 20:29 353792 ——a-w- c:\windows\system32\drivers\srv.sys 2009-12-17 16:14 . 2008-12-19 19:52 411368 ——a-w- c:\windows\system32\deploytk.dll 2009-12-17 07:41 . 2008-05-18 20:29 344576 ——a-w- c:\windows\system32\mspaint.exe 2009-12-15 22:21 . 2007-10-13 16:23 722416 ——a-w- c:\windows\system32\drivers\sptd.sys 2009-12-14 07:09 . 2008-05-18 20:29 33280 ——a-w- c:\windows\system32\csrsrv.dll 2007-10-26 23:52 . 2007-10-26 23:52 29564 ——a-w- c:\programmer\Readme.txt 2007-03-13 22:20 . 2008-01-07 18:36 35979 -c—a-w- c:\programmer\Photoshop CS3 Read Me.html 2009-08-07 08:38 . 2009-08-31 19:46 44544 ——a-w- c:\programmer\mozilla firefox\components\FFComm.dll 2008-02-22 21:45 . 2008-02-22 21:45 48 -csh—w- c:\windows\S1E5751B7.tmp 2004-08-27 12:00 . 2007-10-13 10:01 73728 -csha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe 2005-07-14 19:31 . 2006-05-24 17:37 27648 —sha-w- c:\windows\system32\AVSredirect.dll . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] “{A3BC75A2-1F87-4686-AA43-5347D756017C}”= “c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 15:08 1004800 ——a-w- c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] “{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @=”{C5994560-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ——a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @=”{C5994561-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ——a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @=”{C5994562-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ——a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @=”{C5994563-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ——a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @=”{C5994564-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ——a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @=”{C5994565-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ——a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @=”{C5994566-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ——a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @=”{C5994567-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ——a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @=”{C5994568-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ——a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-10-18 68856] “Google Update”=“c:\documents and settings\Musa\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe” [2008-12-27 133104] “Actual Window Minimizer”=“c:\programmer\Actual Window Minimizer\ActualWindowMinimizerCenter.exe” [2008-10-17 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-06-28 81920] “NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-06-28 8466432] “Logitech Hardware Abstraction Layer”=“c:\windows\KHALMNPR.EXE” [2008-02-29 76304] “Synchronization Manager”=“c:\windows\system32\mobsync.exe” [2008-04-14 143872] “Aminova WordSeeker”=“c:\programmer\Fælles filer\Aminova\WordSeeker\Controller.exe” [2003-02-17 53760] “SunJavaUpdateSched”=“c:\programmer\Fælles filer\Java\Java Update\jusched.exe” [2010-01-11 246504] “Freecorder FLV Service”=“c:\programmer\Freecorder\FLVSrvc.exe” [2009-11-15 158752] “GrooveMonitor”=“c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072] “AppleSyncNotifier”=“c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2009-08-13 177440] “QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2009-11-10 417792] “iTunesHelper”=“c:\programmer\iTunes\iTunesHelper.exe” [2010-01-22 141608] “Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-12-22 35760] “Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2009-12-11 948672] “Salmosa”=“c:\programmer\Razer\Salmosa\razerhid.exe” [2008-08-21 139264] “Malwarebytes’ Anti-Malware”=“c:\programmer\Malwarebytes’ Anti-Malware\mbamgui.exe” [2010-01-07 429392] “AVG8_TRAY”=“c:\progra~1\AVG\AVG8\avgtray.exe” [2010-03-06 2043160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360] c:\documents and settings\Musa\Menuen Start\Programmer\Start\ Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ——a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-06 08:27 11952 ——a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ SDEarlyDelete\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @=“Service” [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusOverride”=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”= “c:\\Programmer\\VideoLAN\\VLC\\vlc.exe”= “c:\\Programmer\\Mozilla Firefox\\firefox.exe”= “c:\\Programmer\\iTunes\\iTunes.exe”= “c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe”= “c:\\Programmer\\AVG\\AVG8\\avgam.exe”= “c:\\Programmer\\AVG\\AVG8\\avgdiag.exe”= “c:\\Programmer\\AVG\\AVG8\\avgdiagex.exe”= “c:\\Programmer\\AVG\\AVG8\\avgupd.exe”= “c:\\Programmer\\AVG\\AVG8\\avgnsx.exe”= “c:\\Programmer\\Skype\\Phone\\Skype.exe”= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “23033:TCP”= 23033:TCP:BitComet 23033 TCP “23033:UDP”= 23033:UDP:BitComet 23033 UDP “7717:TCP”= 7717:TCP:BitComet 7717 TCP “7717:UDP”= 7717:UDP:BitComet 7717 UDP “10943:TCP”= 10943:TCP:BitComet 10943 TCP “10943:UDP”= 10943:UDP:BitComet 10943 UDP R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [06-03-2010 01:49 12552] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06-02-2010 22:06 64288] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-10-2007 17:23 722416] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [13-10-2007 10:20 11264] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06-03-2010 01:48 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [06-03-2010 01:49 108552] R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [04-09-2009 13:50 9968] R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [04-09-2009 13:49 74480] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [13-10-2007 10:20 710144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08-09-2009 14:31 19160] R3 Salmosa03;Razer Salmosa USB Filter Driver;c:\windows\system32\drivers\Salmosa.sys [01-03-2010 16:28 9344] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [13-10-2007 11:39 7040] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25-01-2007 18:31 42000] S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [04-09-2009 13:50 7408] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [18-11-2007 09:15 39424] —- Andre Services/Drivers i Hukommelsen—- NewlyCreated - IPOD_SERVICE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc bdx REG_MULTI_SZ scan . Indhold af mappen ‘Planlagte Opgaver’ 2010-03-11 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\programmer\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:05] 2010-03-11 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\programmer\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:05] 2010-03-11 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\programmer\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:05] 2010-03-11 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\programmer\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:05] 2010-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programmer\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:05] 2010-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programmer\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34] 2010-03-11 c:\windows\Tasks\Google Software Updater.job - c:\programmer\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-13 07:00] 2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-17 21:50] 2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-17 21:50] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1993962763-725345543-1002Core.job - c:\documents and settings\Musa\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2008-12-27 08:41] 2010-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1993962763-725345543-1002UA.job - c:\documents and settings\Musa\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2008-12-27 08:41] 2010-03-02 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-03-11 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . . ———- Yderligere scanning———- . uStart Page = hxxp://danskebank.dk/da-dk/Pages/default.aspx uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.metacrawler.com/crawler?general=%s IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200 IE: Download alle med NetXfer - c:\programmer\Xi\NetXfer\NXAddList.html IE: Download med NetXfer - c:\programmer\Xi\NetXfer\NXAddLink.html IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: {246C089A-A52B-4E4E-B274-687D464E5DFB} = 208.67.222.222,208.67.220.220 TCP: {CEC1C126-8F69-4786-8253-0E6766846EEC} = 208.67.222.222,208.67.220.220 DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.danskebank.dk/html/activex/DB/Menu.cab DPF: {B6905E70-4B33-11D3-A498-0008C7DB06E6} - hxxp://www.myclinic.dk/axapta/axaptaconfig/AxWebDeploy.cab DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab FF - ProfilePath - c:\documents and settings\Musa\Application Data\Mozilla\Firefox\Profiles\ojxudbc5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\documents and settings\Musa\Application Data\Mozilla\Firefox\Profiles\ojxudbc5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll FF - component: c:\documents and settings\Musa\Application Data\Mozilla\Firefox\Profiles\ojxudbc5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\Musa\Application Data\Mozilla\Firefox\Profiles\ojxudbc5.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll FF - component: c:\programmer\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Musa\Lokale indstillinger\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\programmer\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\programmer\Google\Picasa3\npPicasa2.dll FF - plugin: c:\programmer\Google\Picasa3\npPicasa3.dll FF - plugin: c:\programmer\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\programmer\Mozilla Firefox\plugins\npOGAPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ——FIREFOX POLITIKKER—— c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_popup_windows”, false); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.enable_click_image_resizing”, true); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“accessibility.browsewithcaret_shortcut.enabled”, true); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.high_water_mark”, 32); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.gc_frequency”, 1600); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.trackpoint_hack.enabled”, -1); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.debug”, false); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.agedWeight”, 2); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.bucketSize”, 1); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.maxTimeGroupings”, 25); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.timeGroupingSize”, 604800); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.boundaryWeight”, 25); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.prefixWeight”, 5); c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“html5.enable”, false); c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.download.backgroundInterval”, 600); c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.url.manual”, “http://www.firefox.com”); c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-ja”, “mozff”); c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add”, “addons.mozilla.org”); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add.36”, “getpersonas.com”); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“lightweightThemes.update.enabled”, true); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.allTabs.previews”, false); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.hide_infobar_for_outdated_plugin”, false); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“toolbar.customization.usesheet”, false); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.enable”, false); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.max”, 20); c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.cachetime”, 20); . - - - - TOMME GENVEJE FJERNET - - - - HKLM-Run-Skype Recorder - c:\programmer\Skype Recorder\Skype Recorder.exe Notify-cplib - (no file) SafeBoot-gvG03.sys SafeBoot-Ojy85.sys SafeBoot-MCODS AddRemove-PCConfidential_is1 - c:\programmer\Winferno\PC Confidential\unins000.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-11 20:16 Windows 5.1.2600 Service Pack 3 NTFS scanner skjulte processer ... scanner skjulte autostarter ... scanner skjulte filer ... scanning gennemført med succes skjulte filer: 0 ********************************************************************** . ——————————- DLLs startet under kørende Processer——————————- - - - - - - - > ‘winlogon.exe’(804) c:\programmer\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > ‘explorer.exe’(3332) c:\programmer\Actual Window Minimizer\awmemb.dll c:\documents and settings\Musa\Lokale indstillinger\Application Data\FLVService\lib\FLVSrvLib.dll c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll c:\programmer\TortoiseSVN\bin\TortoiseStub.dll c:\programmer\TortoiseSVN\bin\TortoiseSVN.dll c:\programmer\TortoiseSVN\bin\intl3_tsvn.dll c:\windows\system32\msi.dll . ————————————Andre kørende processer———————————— . c:\programmer\Lavasoft\Ad-Aware\AAWService.exe c:\programmer\TortoiseSVN\bin\TSVNCache.exe c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\AVG\AVG8\avgwdsvc.exe c:\programmer\Bonjour\mDNSResponder.exe c:\programmer\Java\jre6\bin\jqs.exe c:\programmer\Malwarebytes’ Anti-Malware\mbamservice.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\nvsvc32.exe c:\progra~1\AVG\AVG8\avgam.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\programmer\AVG\AVG8\avgcsrvx.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\documents and settings\Musa\Lokale indstillinger\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe c:\programmer\Razer\Salmosa\razerofa.exe c:\windows\system32\wbem\unsecapp.exe c:\programmer\iPod\bin\iPodService.exe . ************************************************************************ . Gennemført tid: 2010-03-11 20:20:33 - maskinen blev genstartet ComboFix-quarantined-files.txt 2010-03-11 19:20 Pre-Kørsel: 113.580.863.488 byte ledig Post-Kørsel: 113.746.038.784 byte ledig Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 881637B7A3514F93B3C5ADB62CF711BC - Hvad med anti virus :} Kan jeg få et svar på det
[ Ignorer ] [ # 10 ] Muzo
11.03.2010 21:57:20 Antal indlæg: 49	http://img714.imageshack.us/img714/6684/hererdet.png
[ Ignorer ] [ # 11 ] Peder TeamSpywarefri
12.03.2010 10:15:38 Redaktør Team Spywarefri Antal indlæg: 12994	Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284 Udfør det samme med den fil der er vedhæftet til dette indlæg, kom med den ny logfil fra Combofix. Hvis du vil ha´ en samlet sikkerhedspakke så kik her http://www.spywarefri-shop.dk/ Husk og prøv programmerne inden du køber, de kan prøves i 30 dage. Fortæl hvordan din pc kører nu. [ Rettet: 12.03.2010, 18:33 af Peder TeamSpywarefri ] Vedhæftede filer CFScript.txt (Filstørrelse: 1 - Downloads: 124)