Spywarefri Forum | antivir solution pro

2 af 2

antivir solution pro

[ Ignorer ] [ # 16 ] allround
18.08.2010 04:00:47 Antal indlæg: 45	ComboFix 10-08-12.02 - Ejer 18-08-2010 0:44.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.447.208 [GMT 2:00] Kører fra: c:\documents and settings\Ejer\Skrivebord\ComboFix.exe Kommandoer benyttet :: c:\documents and settings\Ejer\Skrivebord\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100817-1] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . ———————- FCopy———————- c:\windows\ServicePackFiles\i386\termsrv.dll—> c:\windows\System32\termsrv.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . ———-\Service_fdkb ((((((((((((((((((((((((((((( Filer skabt fra 2010-07-17 til 2010-08-17 ))))))))))))))))))))))))))))))))))) . 2010-08-17 22:44 . 2008-04-14 16:05 296448 -c—a-w- c:\windows\system32\dllcache\termsrv.dll 2010-08-17 22:44 . 2008-04-14 16:05 296448 ——a-w- c:\windows\system32\termsrv.dll 2010-08-12 22:53 . 2010-08-12 22:56 ———— d——-w- c:\programmer\Spin4Profit Ultimate 2010-08-09 21:36 . 2010-08-09 21:36 ———— d——-w- c:\documents and settings\Ejer\Dokumenter 2010-08-08 13:51 . 2010-08-08 13:51 ———— d——-w- c:\documents and settings\Ejer\Application Data\Malwarebytes 2010-08-08 13:50 . 2010-04-29 13:39 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-08 13:50 . 2010-08-08 13:50 ———— d——-w- c:\programmer\Malwarebytes’ Anti-Malware 2010-08-08 13:50 . 2010-08-08 13:50 ———— d——-w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-08 13:50 . 2010-04-29 13:39 20952 ——a-w- c:\windows\system32\drivers\mbam.sys 2010-08-08 09:43 . 2010-08-08 09:43 ———— d-sh—w- c:\documents and settings\NetworkService\IETldCache 2010-08-07 22:26 . 2010-08-08 14:11 ———— d——-w- c:\documents and settings\Ejer\Lokale indstillinger\Application Data\hsenwvbti 2010-08-02 23:57 . 2010-08-02 23:57 ———— d——-w- c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx 2010-08-02 23:57 . 2010-08-12 22:55 ———— d——-w- c:\documents and settings\Ejer\Lokale indstillinger\Application Data\www.Spin4Profit.com 2010-07-28 21:20 . 2010-07-28 21:20 ———— d——-w- c:\documents and settings\All Users\Application Data\F-Secure 2010-07-23 12:55 . 2010-07-23 13:23 ———— d——-w- c:\programmer\KENO V1 2010-07-23 09:52 . 2010-07-23 09:52 ———— d——-w- c:\programmer\Fælles filer\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-17 23:02 . 2009-11-24 02:31 ———— d——-w- c:\documents and settings\Ejer\Application Data\skypePM 2010-08-17 23:01 . 2009-11-24 02:23 ———— d——-w- c:\documents and settings\Ejer\Application Data\Skype 2010-08-17 10:16 . 2010-02-11 23:28 ———— d——-w- c:\documents and settings\Ejer\Application Data\HPAppData 2010-08-12 21:27 . 2003-08-13 19:59 83026 ——a-w- c:\windows\system32\perfc006.dat 2010-08-12 21:27 . 2003-08-13 19:59 457360 ——a-w- c:\windows\system32\perfh006.dat 2010-07-21 20:51 . 2009-11-23 18:59 ———— d—-a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-04 12:13 . 2010-06-11 00:37 0 ——a-w- c:\documents and settings\Ejer\temp.dat 2010-06-30 12:32 . 2009-11-23 23:39 149504 ——a-w- c:\windows\system32\schannel.dll 2010-06-24 12:25 . 2006-06-23 12:27 916480 ——a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2009-11-23 23:41 1851904 ——a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2009-11-23 23:40 354304 ——a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2009-11-24 00:23 80384 ——a-w- c:\windows\system32\iccvid.dll 2010-06-14 07:43 . 2006-09-13 05:10 1172480 ——a-w- c:\windows\system32\msxml3.dll 2010-06-06 22:14 . 2010-06-06 22:05 29684 ——a-w- c:\windows\hpoins03.dat 2010-06-06 21:13 . 2010-06-06 21:13 133 ——a-w- C:\DeletePrintJobs.cmd . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] “{0ed0633c-a54d-47f1-94e7-5bded41ae674}”= “c:\programmer\Free_Traffic_Bar\tbFre1.dll” [2010-05-19 2515552] [HKEY_CLASSES_ROOT\clsid\{0ed0633c-a54d-47f1-94e7-5bded41ae674}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ed0633c-a54d-47f1-94e7-5bded41ae674}] 2010-05-19 11:24 2515552 ——a-w- c:\programmer\Free_Traffic_Bar\tbFre1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{0ed0633c-a54d-47f1-94e7-5bded41ae674}”= “c:\programmer\Free_Traffic_Bar\tbFre1.dll” [2010-05-19 2515552] [HKEY_CLASSES_ROOT\clsid\{0ed0633c-a54d-47f1-94e7-5bded41ae674}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] “{0ED0633C-A54D-47F1-94E7-5BDED41AE674}”= “c:\programmer\Free_Traffic_Bar\tbFre1.dll” [2010-05-19 2515552] [HKEY_CLASSES_ROOT\clsid\{0ed0633c-a54d-47f1-94e7-5bded41ae674}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NVIEW”=“nview.dll” [2003-05-02 835654] “VoipBuster”=“c:\programmer\VoipBuster.com\VoipBuster\VoipBuster.exe” [2009-11-12 9094448] “RoboForm”=“c:\programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” [2010-01-25 160592] “Skype”=“c:\programmer\Skype\\Phone\Skype.exe” [2010-05-13 26192168] “swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-11-24 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “hpsysdrv”=“c:\windows\system\hpsysdrv.exe” [1998-05-07 52736] “HotKeysCmds”=“c:\windows\System32\hkcmd.exe” [2003-04-07 114688] “HPHUPD05”=“c:\programmer\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe” [2003-05-23 49152] “HPHmon05”=“c:\windows\System32\hphmon05.exe” [2003-05-23 483328] “KBD”=“c:\hp\KBD\KBD.EXE” [2003-02-11 61440] “StorageGuard”=“c:\programmer\Fælles filer\Sonic\Update Manager\sgtray.exe” [2003-02-13 155648] “Home Theater SchSvr”=“c:\programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe” [2003-08-08 155648] “Recguard”=“c:\windows\SMINST\RECGUARD.EXE” [2002-09-13 212992] “NvCplDaemon”=“c:\windows\System32\NvCpl.dll” [2003-05-02 4640768] “AlcxMonitor”=“ALCXMNTR.EXE” [2003-04-03 50176] “PS2”=“c:\windows\system32\ps2.exe” [2002-10-16 81920] “HP Software Update”=“c:\programmer\HP\HP Software Update\HPWuSchd.exe” [2003-08-04 49152] “SunJavaUpdateSched”=“c:\programmer\Java\jre6\bin\jusched.exe” [2009-12-01 149280] “avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-11-24 81000] “Google Quick Search Box”=“c:\programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe” [2010-02-16 126976] “HP Component Manager”=“c:\programmer\HP\hpcoretech\hpcmpmgr.exe” [2004-05-12 241664] c:\documents and settings\Ejer\Menuen Start\Programmer\Start\ OpenOffice.org 3.1.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\documents and settings\Default User\Menuen Start\Programmer\Start\ mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Ejer^Menuen Start^Programmer^Start^Desktop Lightning.lnk] path=c:\documents and settings\Ejer\Menuen Start\Programmer\Start\Desktop Lightning.lnk backup=c:\windows\pss\Desktop Lightning.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Ejer^Menuen Start^Programmer^Start^OpenOffice.org 3.1.lnk] backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ——a-w- c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ——a-w- c:\programmer\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2010-02-16 13:12 126976 ——a-w- c:\programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 16:05 1695232 ——a-w- c:\programmer\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2003-05-02 21:19 323584 ——a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-11-24 02:10 39408 ——a-w- c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] 2009-08-04 15:49 1068424 ——a-w- c:\programmer\Trojan Remover\Trjscan.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\\system32\\sessmgr.exe”= “c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe”= “c:\\Programmer\\VoipBuster.com\\VoipBuster\\VoipBuster.exe”= “c:\\WINDOWS\\system32\\mshta.exe”= “%windir%\\Network Diagnostic\\xpnetdiag.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe”= “c:\\Programmer\\Skype\\Phone\\Skype.exe”= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23-01-2010 17:49 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23-01-2010 17:49 20560] S2 gupdate1ca6cad21712c4c;Tjenesten Google Update (gupdate1ca6cad21712c4c);c:\programmer\Google\Update\GoogleUpdate.exe [24-11-2009 04:23 133104] . Indhold af mappen ‘Planlagte Opgaver’ 2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmer\Google\Update\GoogleUpdate.exe [2009-11-24 02:23] 2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmer\Google\Update\GoogleUpdate.exe [2009-11-24 02:23] . . ———- Yderligere scanning———- . uStart Page = hxxp://www.bt.dk/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Gem formularer - file://c:\programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: RF værktøjslinie - file://c:\programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Tilpas RF menu - file://c:\programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Udfyld formularer - file://c:\programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html Trusted Zone: expekt.com\www Trusted Zone: mitnykredit.dk\www DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab FF - ProfilePath - c:\documents and settings\Ejer\Application Data\Mozilla\Firefox\Profiles\sc8znmfn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bt.dk/ FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - component: c:\programmer\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll FF - plugin: c:\programmer\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ——FIREFOX POLITIKKER—— c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-18 00:59 Windows 5.1.2600 Service Pack 3 NTFS scanner skjulte processer ... scanner skjulte autostarter ... scanner skjulte filer ... scanning gennemført med succes skjulte filer: 0 ********************************************************************** . ——————————- DLLs startet under kørende Processer——————————- - - - - - - - > ‘explorer.exe’(3824) c:\windows\system32\nView.dll c:\windows\system32\NVWRSDA.DLL c:\programmer\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ————————————Andre kørende processer———————————— . c:\programmer\Alwil Software\Avast4\aswUpdSv.exe c:\programmer\Alwil Software\Avast4\ashServ.exe c:\programmer\Java\jre6\bin\jqs.exe c:\windows\ALCXMNTR.EXE c:\windows\system32\rundll32.exe c:\programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe c:\windows\System32\nvsvc32.exe c:\programmer\Skype\Phone\Skype.exe c:\programmer\OpenOffice.org 3\program\soffice.exe c:\programmer\OpenOffice.org 3\program\soffice.bin c:\programmer\Alwil Software\Avast4\ashMaiSv.exe c:\programmer\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Gennemført tid: 2010-08-18 01:12:49 - maskinen blev genstartet ComboFix-quarantined-files.txt 2010-08-17 23:12 ComboFix2.txt 2010-08-12 20:27 ComboFix3.txt 2010-08-09 14:55 Pre-Kørsel: 17.452.113.920 byte ledig Post-Kørsel: 17.425.477.632 byte ledig - - End Of File - - 1BA6ECBEA8D5689A799DFC0DDFF0B47B
[ Ignorer ] [ # 17 ] allround
21.08.2010 23:33:11 Antal indlæg: 45	Har ikke hørt noget fra jer angående denne loggil
[ Ignorer ] [ # 18 ] allround
21.08.2010 23:33:50 Antal indlæg: 45	Sorry skulle være log-fil.
[ Ignorer ] [ # 19 ] mo-od
21.08.2010 23:41:02 Antal indlæg: 3282	Du kan jo prøve dette: Bump” der er gået 48 timer! - under Diverse: Andet http://www.spywarefri.dk/forum/viewthread/76168/ Hvis du stadig bliver glemt. (undskyld for indblandingen!)
[ Ignorer ] [ # 20 ] Magic Emeritus
22.08.2010 10:13:28 Administrator Supporter Emeritus Antal indlæg: 29174	Næh, du er ikke glemt. Vi er bare ikke folk nok Åben Notesblok og kopier følgende (tekst med fed skrift) ind - og gem tekst-filen som CFScript samme sted som du har ComboFix: ……………………………………………………………………. Killall:: Snapshot:: Folder:: c:\documents and settings\Ejer\Lokale indstillinger\Application Data\hsenwvbti c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx ……………………………………………………………………….. Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen. Som vist her -> http://www.fromsej.saknet.dk/billeder/swfcombo.gif Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Læg den nye ComboFix log herind. Den kan findes her - C:\combofix Txt
[ Ignorer ] [ # 21 ] allround
25.08.2010 11:06:53 Antal indlæg: 45	ComboFix 10-08-24.0A - Ejer 25-08-2010 9:05.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.447.185 [GMT 2:00] Kører fra: c:\documents and settings\Ejer\Skrivebord\ComboFix.exe Kommandoer benyttet :: c:\documents and settings\Ejer\Skrivebord\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100824-1] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\Cache\_CACHE_001_ c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\Cache\_CACHE_002_ c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\Cache\_CACHE_003_ c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\Cache\_CACHE_MAP_ c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\cert8.db c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\cookies.sqlite-journal c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\cookies.sqlite c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\key3.db c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\permissions.sqlite c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\places.sqlite-journal c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\places.sqlite c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\pluginreg.dat c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\secmod.db c:\documents and settings\Ejer\Lokale indstillinger\Application Data\Geckofx\1.9\DefaultProfile\XPC.mfl c:\documents and settings\Ejer\Lokale indstillinger\Application Data\hsenwvbti . ((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . ———-\Legacy_SSHNAS ((((((((((((((((((((((((((((( Filer skabt fra 2010-07-25 til 2010-08-25 ))))))))))))))))))))))))))))))))))) . 2010-08-21 21:00 . 2010-08-23 10:38 ———— d——-w- c:\programmer\Maxthon2 2010-08-17 22:44 . 2008-04-14 16:05 296448 -c—a-w- c:\windows\system32\dllcache\termsrv.dll 2010-08-17 22:44 . 2008-04-14 16:05 296448 ——a-w- c:\windows\system32\termsrv.dll 2010-08-09 21:36 . 2010-08-09 21:36 ———— d——-w- c:\documents and settings\Ejer\Dokumenter 2010-08-08 13:51 . 2010-08-08 13:51 ———— d——-w- c:\documents and settings\Ejer\Application Data\Malwarebytes 2010-08-08 13:50 . 2010-04-29 13:39 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-08 13:50 . 2010-08-08 13:50 ———— d——-w- c:\programmer\Malwarebytes’ Anti-Malware 2010-08-08 13:50 . 2010-08-08 13:50 ———— d——-w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-08 13:50 . 2010-04-29 13:39 20952 ——a-w- c:\windows\system32\drivers\mbam.sys 2010-08-08 09:43 . 2010-08-08 09:43 ———— d-sh—w- c:\documents and settings\NetworkService\IETldCache 2010-08-02 23:57 . 2010-08-12 22:55 ———— d——-w- c:\documents and settings\Ejer\Lokale indstillinger\Application Data\www.Spin4Profit.com 2010-07-28 21:20 . 2010-07-28 21:20 ———— d——-w- c:\documents and settings\All Users\Application Data\F-Secure . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-25 07:22 . 2009-11-24 02:23 ———— d——-w- c:\documents and settings\Ejer\Application Data\Skype 2010-08-25 07:21 . 2009-11-24 02:31 ———— d——-w- c:\documents and settings\Ejer\Application Data\skypePM 2010-08-22 00:45 . 2010-02-11 23:28 ———— d——-w- c:\documents and settings\Ejer\Application Data\HPAppData 2010-08-12 21:27 . 2003-08-13 19:59 83026 ——a-w- c:\windows\system32\perfc006.dat 2010-08-12 21:27 . 2003-08-13 19:59 457360 ——a-w- c:\windows\system32\perfh006.dat 2010-07-23 13:23 . 2010-07-23 12:55 ———— d——-w- c:\programmer\KENO V1 2010-07-23 09:52 . 2010-07-23 09:52 ———— d——-w- c:\programmer\Fælles filer\Skype 2010-07-21 20:51 . 2009-11-23 18:59 ———— d—-a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-04 12:13 . 2010-06-11 00:37 0 ——a-w- c:\documents and settings\Ejer\temp.dat 2010-06-30 12:32 . 2009-11-23 23:39 149504 ——a-w- c:\windows\system32\schannel.dll 2010-06-24 12:25 . 2006-06-23 12:27 916480 ——a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2009-11-23 23:41 1851904 ——a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2009-11-23 23:40 354304 ——a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2009-11-24 00:23 80384 ——a-w- c:\windows\system32\iccvid.dll 2010-06-14 07:43 . 2006-09-13 05:10 1172480 ——a-w- c:\windows\system32\msxml3.dll 2010-06-06 22:14 . 2010-06-06 22:05 29684 ——a-w- c:\windows\hpoins03.dat 2010-06-06 21:13 . 2010-06-06 21:13 133 ——a-w- C:\DeletePrintJobs.cmd . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NVIEW”=“nview.dll” [2003-05-02 835654] “VoipBuster”=“c:\programmer\VoipBuster.com\VoipBuster\VoipBuster.exe” [2009-11-12 9094448] “RoboForm”=“c:\programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” [2010-01-25 160592] “Skype”=“c:\programmer\Skype\\Phone\Skype.exe” [2010-05-13 26192168] “swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-11-24 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “hpsysdrv”=“c:\windows\system\hpsysdrv.exe” [1998-05-07 52736] “HotKeysCmds”=“c:\windows\System32\hkcmd.exe” [2003-04-07 114688] “HPHUPD05”=“c:\programmer\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe” [2003-05-23 49152] “HPHmon05”=“c:\windows\System32\hphmon05.exe” [2003-05-23 483328] “KBD”=“c:\hp\KBD\KBD.EXE” [2003-02-11 61440] “StorageGuard”=“c:\programmer\Fælles filer\Sonic\Update Manager\sgtray.exe” [2003-02-13 155648] “Home Theater SchSvr”=“c:\programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe” [2003-08-08 155648] “Recguard”=“c:\windows\SMINST\RECGUARD.EXE” [2002-09-13 212992] “NvCplDaemon”=“c:\windows\System32\NvCpl.dll” [2003-05-02 4640768] “AlcxMonitor”=“ALCXMNTR.EXE” [2003-04-03 50176] “PS2”=“c:\windows\system32\ps2.exe” [2002-10-16 81920] “HP Software Update”=“c:\programmer\HP\HP Software Update\HPWuSchd.exe” [2003-08-04 49152] “SunJavaUpdateSched”=“c:\programmer\Java\jre6\bin\jusched.exe” [2009-12-01 149280] “avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-11-24 81000] “Google Quick Search Box”=“c:\programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe” [2010-02-16 126976] “HP Component Manager”=“c:\programmer\HP\hpcoretech\hpcmpmgr.exe” [2004-05-12 241664] c:\documents and settings\Ejer\Menuen Start\Programmer\Start\ OpenOffice.org 3.1.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\documents and settings\Default User\Menuen Start\Programmer\Start\ mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Ejer^Menuen Start^Programmer^Start^Desktop Lightning.lnk] path=c:\documents and settings\Ejer\Menuen Start\Programmer\Start\Desktop Lightning.lnk backup=c:\windows\pss\Desktop Lightning.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Ejer^Menuen Start^Programmer^Start^OpenOffice.org 3.1.lnk] backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ——a-w- c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ——a-w- c:\programmer\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2010-02-16 13:12 126976 ——a-w- c:\programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 16:05 1695232 ——a-w- c:\programmer\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2003-05-02 21:19 323584 ——a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-11-24 02:10 39408 ——a-w- c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] 2009-08-04 15:49 1068424 ——a-w- c:\programmer\Trojan Remover\Trjscan.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\\system32\\sessmgr.exe”= “c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe”= “c:\\Programmer\\VoipBuster.com\\VoipBuster\\VoipBuster.exe”= “c:\\WINDOWS\\system32\\mshta.exe”= “%windir%\\Network Diagnostic\\xpnetdiag.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe”= “c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe”= “c:\\Programmer\\Skype\\Phone\\Skype.exe”= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23-01-2010 17:49 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23-01-2010 17:49 20560] . Indhold af mappen ‘Planlagte Opgaver’ 2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmer\Google\Update\GoogleUpdate.exe [2009-11-24 02:23] 2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmer\Google\Update\GoogleUpdate.exe [2009-11-24 02:23] . . ———- Yderligere scanning———- . uStart Page = hxxp://www.bt.dk/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Gem formularer - file://c:\programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: RF værktøjslinie - file://c:\programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Tilpas RF menu - file://c:\programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Udfyld formularer - file://c:\programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html Trusted Zone: expekt.com\www Trusted Zone: mitnykredit.dk\www DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab FF - ProfilePath - c:\documents and settings\Ejer\Application Data\Mozilla\Firefox\Profiles\sc8znmfn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bt.dk/ FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - component: c:\programmer\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll FF - plugin: c:\programmer\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\programmer\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ——FIREFOX POLITIKKER—— c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-25 09:18 Windows 5.1.2600 Service Pack 3 NTFS scanner skjulte processer ... scanner skjulte autostarter ... scanner skjulte filer ... scanning gennemført med succes skjulte filer: 0 ********************************************************************** . ——————————- DLLs startet under kørende Processer——————————- - - - - - - - > ‘explorer.exe’(3936) c:\windows\system32\nView.dll c:\windows\system32\NVWRSDA.DLL c:\programmer\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ————————————Andre kørende processer———————————— . c:\programmer\Alwil Software\Avast4\aswUpdSv.exe c:\programmer\Alwil Software\Avast4\ashServ.exe c:\programmer\Java\jre6\bin\jqs.exe c:\programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe c:\windows\System32\nvsvc32.exe c:\windows\ALCXMNTR.EXE c:\windows\system32\rundll32.exe c:\programmer\HP\hpcoretech\comp\hptskmgr.exe c:\programmer\Skype\Phone\Skype.exe c:\programmer\OpenOffice.org 3\program\soffice.exe c:\programmer\OpenOffice.org 3\program\soffice.bin c:\programmer\Alwil Software\Avast4\ashMaiSv.exe c:\programmer\Java\jre6\bin\jucheck.exe c:\programmer\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Gennemført tid: 2010-08-25 09:32:29 - maskinen blev genstartet ComboFix-quarantined-files.txt 2010-08-25 07:32 ComboFix2.txt 2010-08-17 23:12 ComboFix3.txt 2010-08-12 20:27 ComboFix4.txt 2010-08-09 14:55 Pre-Kørsel: 17.376.161.792 byte ledig Post-Kørsel: 17.358.843.904 byte ledig - - End Of File - - 0861723C3FF4A4E703FA5ED40ECFFEAF
[ Ignorer ] [ # 22 ] Magic Emeritus
25.08.2010 12:02:31 Administrator Supporter Emeritus Antal indlæg: 29174	Opret en ny mappe på skrivebordet, og kald den SWF Hent og kør Ccleaner: Herfra Hent og installer denne scanner: SUPERAntiSpyware Start superantispyware, klik på Check for updates. Klik på Scan your Computer, sæt flueben i de drev der skal scannes. (Fixed disk betyder harddisk) Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen. Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør. Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør. Luk programmet, genstart normalt. ———————————————————- Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, og gem den i SWF mappen. Da Mange typer af malware godt vil udnytte gamle Java versioner, vil vi godt have dig til at tjekke om du har nyeste version Klik: Her Klik så på – Download java now – Knappen. Gå så i tilføj/fjern programmer i kontrolpanel og fjern. I Vista er det – Programmer og funktioner i kontrolpanel: Alle versioner af java. Genstart Computeren når alle java versioner er fjernet Installer så den downloadede java installations fil. Tjek om du mangler Windows opdateringer: Her Hvis du mangler opdateringer, så hent og installer dem. Hent og installer: Secunia Personal Software Inspector (PSI) Opdatering af Programmer er ikke altid en let opgave. Det er derfor vigtigt at bemærke, at formålet med Secunia PSI er at registrere og afgøre, om sikkerhedstrusler, som følge af sårbare programmer,findes på din pc. Derfor, når du har installeret programmet, så kør en scanning, og hent de opdateringer der er. Lad os så høre hvordan tingene kører nu ?
[ Ignorer ] [ # 23 ] allround
27.08.2010 20:16:03 Antal indlæg: 45	Det kører rimelig godt. Så har jeg fået installeret 512 MB DDR ram extra, så det kan mærkes i forhold til de 512 jeg havde i forvejen.
[ Ignorer ] [ # 24 ] Magic Emeritus
29.08.2010 04:44:26 Administrator Supporter Emeritus Antal indlæg: 29174	så det kan mærkes i forhold til de 512 jeg havde i forvejen. Fint Er du tilfreds med tingenes tilstand nu ?
[ Ignorer ] [ # 25 ] allround
02.09.2010 22:20:01 Antal indlæg: 45	Det kører rimelig godt i øjeblikket.
[ Ignorer ] [ # 26 ] Magic Emeritus
03.09.2010 05:34:04 Administrator Supporter Emeritus Antal indlæg: 29174	Fint, skal vi afslutte sagen, eller ?

2 af 2

Forrige