Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen.

Kopier indholdet herind og fortæl hvordan computeren kører nu ?

Hej igen

Jeg har kørt anti- malware programmet og her er min log:

Malwarebytes’ Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4478

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25-08-2010 23:14:42
mbam-log-2010-08-25 (23-14-42).txt

Scan type: Full scan (C:\|)
Objects scanned: 333620
Time elapsed: 1 hour(s), 51 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jeg forsøgte igen at køre en af online scannerne men fik denne her fejltekst:
The instruction at"0x0a1f0068” referenced memory at “0x0a10068”. The memory could not be “written”

Det vil med andre ord sige at jeg ikke synes der er sket nogen forandring

OK.

Hent Combofix, og gem den på dit skrivebord:
ComboFix

Luk alle andre vinduer ned.

Kør så combofix.exe, og følg anvisningerne.

Når du får denne besked:
http://img.photobucket.com/albums/v666/sUBs/RC_update.png

Svarer du enten Ja eller Nej. Det er tilrådeligt at du siger Ja. Uanset hvad du svarer, har det ingen indflydelse på combofix scanningen.

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix txt

Indholdet af denne fil må du gerne lægge herind

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

NB. Før du sender logfilerne, beder vi dig om at fjerne enhvert P2P/fildelings program, hvis du har nogen, og dette inkluderer Torrent software, før vi renser computeren.

ComboFix 10-08-25.01 - Carsten 26-08-2010 16:58:18.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.1023.526 [GMT 2:00]
Kører fra: c:\documents and settings\Carsten\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Carsten\My Documents\regbackup.reg
c:\program files\Internet Explorer\SET2CF.tmp
c:\program files\PC Doc Pro v5
c:\program files\PC Doc Pro v5\Log.txt
c:\program files\PC Doc Pro v5\PC Doc Pro.ini
c:\windows\system32\Chip.dll
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-07-26 til 2010-08-26 )))))))))))))))))))))))))))))))))))
.

2010-08-25 19:20 . 2010-08-25 19:20   ————  d——-w-  c:\program files\Malwarebytes’ Anti-Malware1
2010-08-24 20:31 . 2010-08-24 20:37   2580   ——a-w-  c:\windows\system32\ASOROSet.bin
2010-08-24 20:03 . 2010-08-25 14:51   ————  d——-w-  c:\documents and settings\Carsten\Application Data\PCOptimax
2010-08-05 14:15 . 2010-08-05 14:15   503808   ——a-w-  c:\documents and settings\Carsten\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-199a3504-n\msvcp71.dll
2010-08-05 14:15 . 2010-08-05 14:15   499712   ——a-w-  c:\documents and settings\Carsten\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-199a3504-n\jmc.dll
2010-08-05 14:15 . 2010-08-05 14:15   348160   ——a-w-  c:\documents and settings\Carsten\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-199a3504-n\msvcr71.dll
2010-08-05 14:15 . 2010-08-05 14:15   61440   ——a-w-  c:\documents and settings\Carsten\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-75dca659-n\decora-sse.dll
2010-08-05 14:15 . 2010-08-05 14:15   12800   ——a-w-  c:\documents and settings\Carsten\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-75dca659-n\decora-d3d.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 14:57 . 2009-05-17 18:09   ————  d——-w-  c:\program files\SPAMfighter
2010-08-26 14:31 . 2005-12-25 14:33   ————  d——-w-  c:\documents and settings\Carsten\Application Data\Skype
2010-08-26 14:01 . 2009-05-20 18:43   ————  d——-w-  c:\documents and settings\Carsten\Application Data\skypePM
2010-08-25 14:24 . 2009-01-14 15:46   ————  d——-w-  c:\documents and settings\All Users\Application Data\Google Updater
2010-08-24 20:31 . 2009-04-26 20:51   ————  d——-w-  c:\documents and settings\Carsten\Application Data\uTorrent
2010-08-24 19:42 . 2010-05-14 19:44   63488   ——a-w-  c:\documents and settings\Carsten\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-24 19:42 . 2009-10-04 07:52   117760   ——a-w-  c:\documents and settings\Carsten\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 06:39 . 2005-12-11 22:59   ————  d——-w-  c:\program files\Common Files\Java
2010-08-21 06:38 . 2005-12-11 23:02   ————  d——-w-  c:\program files\Java
2010-08-05 18:03 . 2005-12-27 14:09   ————  d——-w-  c:\documents and settings\Carsten\Application Data\Apple Computer
2010-07-24 01:32 . 2007-02-24 21:09   ————  d——-w-  c:\program files\SUPERAntiSpyware
2010-07-17 03:00 . 2010-04-21 18:35   423656   ——a-w-  c:\windows\system32\deployJava1.dll
2010-07-13 10:21 . 2010-07-13 10:21   ————  d——-w-  c:\program files\Common Files\Skype
2010-07-13 10:21 . 2009-05-20 18:43   ————  d——-r-  c:\program files\Skype
2010-07-13 10:21 . 2005-12-25 15:15   ————  d——-w-  c:\documents and settings\All Users\Application Data\Skype
2010-07-09 08:42 . 2010-03-11 07:17   69222840   ——a-w-  c:\documents and settings\Carsten\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-30 12:31 . 2001-08-23 12:00   149504   ——a-w-  c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-23 19:32   916480   ——a-w-  c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2001-08-23 12:00   1851904   ——a-w-  c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-08-23 12:00   354304   ——a-w-  c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-08-23 12:00   80384   ——a-w-  c:\windows\system32\iccvid.dll
2010-06-15 17:45 . 2010-06-15 17:45   71992   ——a-w-  c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 14:31 . 2005-01-26 18:47   744448   ——a-w-  c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-14 07:41 . 2001-08-23 12:00   1172480   ——a-w-  c:\windows\system32\msxml3.dll
2010-03-10 15:33 . 2007-01-15 19:35   8192   —sha-w-  c:\program files\Thumbs.db
2003-10-23 16:52 . 2005-01-26 22:57   40960   ——a-w-  c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 3883856]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-12-16 94208]
“Google Update”=“c:\documents and settings\Carsten\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” [2009-04-16 133104]
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2010-07-24 2403568]
“NokiaOviSuite2”=“c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe” [2010-02-05 385856]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-10-18 204288]
“Skype”=“c:\program files\Skype\\Phone\Skype.exe” [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NokiaMServer”=“c:\program files\Common Files\Nokia\MPlatform\NokiaMServer” [X]
“PE2CKFNT SE”=“c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe” [1998-07-03 25088]
“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2009-06-17 55824]
“LVCOMSX”=“c:\windows\system32\LVCOMSX.EXE” [2004-10-08 221184]
“CloneCDTray”=“c:\program files\SlySoft\CloneCD\CloneCDTray.exe” [2005-05-19 57344]
“DAEMON Tools”=“c:\program files\DAEMON Tools\daemon.exe” [2005-12-10 133016]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“PWRISOVM.EXE”=“c:\program files\PowerISO\PWRISOVM.EXE” [2006-03-18 184320]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 33648]
“LogitechCommunicationsManager”=“c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [2007-07-25 563984]
“LogitechQuickCamRibbon”=“c:\program files\Logitech\QuickCam\Quickcam.exe” [2007-07-25 2027792]
“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 159744]
“DT HPW”=“c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe” [2008-07-14 81920]
“PivotSoftware”=“c:\program files\Portrait Displays\Pivot Software\wpctrl.exe” [2007-02-09 694008]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
“SPAMfighter Agent”=“c:\program files\SPAMfighter\SFAgent.exe” [2009-03-12 326792]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-11-24 81000]
“Adobe Acrobat Speed Launcher”=“c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe” [2008-06-12 37232]
“Acrobat Assistant 8.0”=“c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe” [2008-06-11 640376]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-09-27 13918208]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-09-27 86016]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2009-11-10 417792]
“zBrowser Launcher”=“c:\program files\Logitech\iTouch\iTouch.exe” [2004-03-18 892928]
“AppleSyncNotifier”=“c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2009-08-13 177440]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2010-01-22 141608]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-7 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-21 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-04 07:38   548352   ——a-w-  c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28   72208   ——a-w-  c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=”“

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\uTorrent\\uTorrent.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Walker\\DrvInst\\Bin\\enable.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“c:\\WINDOWS\\system32\\mmc.exe”=
“c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [27-01-2005 01:08 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24-05-2009 12:36 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [16-10-2009 14:03 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24-05-2009 12:36 20560]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12-03-2009 10:44 184968]
S1 as6eio;as6eio; [x]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [29-01-2005 01:51 20610]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [29-01-2005 01:51 23858]
S3 9e639a06-945b-4053-a022-ca370a0a2455;9e639a06-945b-4053-a022-ca370a0a2455;\??\d:\player\cds300.dll—> d:\player\cds300.dll [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [20-12-2009 12:49 16512]
S3 bfastfao;bfastfao; [x]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11-05-2005 14:12 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11-05-2005 14:12 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11-05-2005 14:12 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11-05-2005 14:12 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11-05-2005 14:12 77072]
S3 MEGAUSB0101;MegawinMa100;c:\windows\system32\drivers\usbscan.sys [14-07-2006 13:38 15104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 12872]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [25-12-2009 15:41 40448]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [20-12-2009 13:04 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [20-12-2009 13:04 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [20-12-2009 13:05 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [20-12-2009 13:05 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [20-12-2009 13:06 25704]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19-12-2005 21:05 642560]
.
Indhold af mappen ‘Planlagte Opgaver’

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 16:41]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-484061587-839522115-1006Core.job
- c:\documents and settings\Carsten\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 18:34]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-484061587-839522115-1006UA.job
- c:\documents and settings\Carsten\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 18:34]

2010-08-26 c:\windows\Tasks\User_Feed_Synchronization-{FDDEB3E8-C87A-4E95-8A16-F91B1801083E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/1.2.0.48/da/download
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: xfire_lsp_9028.dll
Trusted Zone: amagerbanken.dk
Trusted Zone: bec.dk
Trusted Zone: danid.dk
Trusted Zone: google.dk\www
TCP: {27D5060B-1D91-46A8-9F00-334C8BD136FD} = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparlolland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
DPF: {358DFA15-D48C-4296-8D16-7405F918333B} - hxxps://fronter.com/cvu-oresund/links/fronter_oes2.cab
DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://spinpalace.gameassists.co.uk/freeplay/FlashAX2.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
HKLM-Run-Start Total PC Care - c:\program files\Total PC Care\TPC.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-MidiNotate - c:\program files\Notation Software
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 17:10
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll sdcplh.sys >>UNKNOWN [0x8715D950]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7514f28
\Driver\ACPI -> ACPI.sys @ 0xf73a7cb8
\Driver\atapi -> sdcplh.sys @ 0xf75a7684
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71dcbb0
PacketIndicateHandler -> NDIS.sys @ 0xf71e9a21
SendHandler -> NDIS.sys @ 0xf71c787b
user & kernel MBR OK

**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_USERS\S-1-5-21-1275210071-484061587-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF1B6439-CF03-2578-00AA-B20A357A80C5}*]
“oapcmmmlicaljkcpjhbbocedmeccif”=hex:69,61,65,65,6c,6f,6a,6d,70,6b,66,66,6a,68,
  6c,6a,61,63,00,00
“najdcpbchpjhcgmmblmegchnpkid”=hex:69,61,65,65,6c,6f,6a,6d,70,6b,66,66,6a,68,
  6c,6a,61,63,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{55F992BA-1D26-E5AF-0907C8AEF5A56624}\{F1333513-8015-AAF3-FD42BD84CFB0024A}\{F02E7673-B596-886F-5D7515D1DE7A7F98}*]
“GG2KGGPNIIGO4BVBD4BQHYVQFA1”=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
  a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E8569B02-E577-013D-C3A3C50EF410F5FE}\{D07ADE0E-79DB-2CFB-D413AB0F0F722520}\{6AF39A39-D459-97F6-AE29B5DA7826690D}*]
“GG2KGGPNIIGO4BVBD4BQHYVQFA1”=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
  a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\HID\Vid_046d&Pid;_c50e\6&54d78c7;&0&0000;\LogConf]
@DACL=(02 0000)
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘winlogon.exe’(588)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > ‘lsass.exe’(644)
c:\windows\system32\xfire_lsp_9028.dll
.
Gennemført tid: 2010-08-26 17:14:32
ComboFix-quarantined-files.txt 2010-08-26 15:14
ComboFix2.txt 2007-11-11 14:50

Pre-Kørsel: 28.366.004.224 bytes free
Post-Kørsel: 28.903.247.872 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 3CD3D175D0F3817CD53C2BBA4D2CC287

Fildeling og netbank, du er modig !
Drop fildeling >> http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
FixCSet::
Folder::
c:\documents and settings\Carsten\Application Data\uTorrent
Driver::
bfastfao

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

ComboFix 10-08-26.04 - Carsten 27-08-2010 21:18:21.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.1023.532 [GMT 2:00]
Kører fra: c:\documents and settings\Carsten\Desktop\Combofix\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Carsten\Desktop\Combofix\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100827-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Legacy_BFASTFAO
———-\Service_bfastfao

(((((((((((((((((((((((((((((  Filer skabt fra 2010-07-27 til 2010-08-27 )))))))))))))))))))))))))))))))))))
.

2010-08-25 19:20 . 2010-08-25 19:20   ————  d——-w-  c:\program files\Malwarebytes’ Anti-Malware1
2010-08-24 20:31 . 2010-08-24 20:37   2580   ——a-w-  c:\windows\system32\ASOROSet.bin
2010-08-24 20:03 . 2010-08-25 14:51   ————  d——-w-  c:\documents and settings\Carsten\Application Data\PCOptimax

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 19:51 . 2009-05-17 18:09   ————  d——-w-  c:\program files\SPAMfighter
2010-08-27 19:50 . 2005-12-25 14:33   ————  d——-w-  c:\documents and settings\Carsten\Application Data\Skype
2010-08-27 19:20 . 2009-05-20 18:43   ————  d——-w-  c:\documents and settings\Carsten\Application Data\skypePM
2010-08-27 16:26 . 2009-01-14 15:46   ————  d——-w-  c:\documents and settings\All Users\Application Data\Google Updater
2010-08-27 13:57 . 2005-02-21 21:18   ————  d——-w-  c:\program files\Common Files\Logitech
2010-08-27 13:57 . 2005-02-21 21:18   ————  d——-w-  c:\program files\Logitech
2010-08-27 13:55 . 2005-01-26 22:57   ————  d—h—w-  c:\program files\InstallShield Installation Information
2010-08-21 06:39 . 2005-12-11 22:59   ————  d——-w-  c:\program files\Common Files\Java
2010-08-21 06:38 . 2005-12-11 23:02   ————  d——-w-  c:\program files\Java
2010-08-05 18:03 . 2005-12-27 14:09   ————  d——-w-  c:\documents and settings\Carsten\Application Data\Apple Computer
2010-07-24 01:32 . 2007-02-24 21:09   ————  d——-w-  c:\program files\SUPERAntiSpyware
2010-07-17 03:00 . 2010-04-21 18:35   423656   ——a-w-  c:\windows\system32\deployJava1.dll
2010-07-13 10:21 . 2010-07-13 10:21   ————  d——-w-  c:\program files\Common Files\Skype
2010-07-13 10:21 . 2009-05-20 18:43   ————  d——-r-  c:\program files\Skype
2010-07-13 10:21 . 2005-12-25 15:15   ————  d——-w-  c:\documents and settings\All Users\Application Data\Skype
2010-06-30 12:31 . 2001-08-23 12:00   149504   ——a-w-  c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-23 19:32   916480   ——a-w-  c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2001-08-23 12:00   1851904   ——a-w-  c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-08-23 12:00   354304   ——a-w-  c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-08-23 12:00   80384   ——a-w-  c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-01-26 18:47   744448   ——a-w-  c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-14 07:41 . 2001-08-23 12:00   1172480   ——a-w-  c:\windows\system32\msxml3.dll
2010-03-10 15:33 . 2007-01-15 19:35   8192   —sha-w-  c:\program files\Thumbs.db
2003-10-23 16:52 . 2005-01-26 22:57   40960   ——a-w-  c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 3883856]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-12-16 94208]
“Google Update”=“c:\documents and settings\Carsten\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” [2009-04-16 133104]
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2010-07-24 2403568]
“NokiaOviSuite2”=“c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe” [2010-02-05 385856]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-10-18 204288]
“Skype”=“c:\program files\Skype\\Phone\Skype.exe” [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NokiaMServer”=“c:\program files\Common Files\Nokia\MPlatform\NokiaMServer” [X]
“PE2CKFNT SE”=“c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe” [1998-07-03 25088]
“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2009-06-17 55824]
“LVCOMSX”=“c:\windows\system32\LVCOMSX.EXE” [2004-10-08 221184]
“CloneCDTray”=“c:\program files\SlySoft\CloneCD\CloneCDTray.exe” [2005-05-19 57344]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“PWRISOVM.EXE”=“c:\program files\PowerISO\PWRISOVM.EXE” [2006-03-18 184320]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 33648]
“LogitechCommunicationsManager”=“c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [2007-07-25 563984]
“LogitechQuickCamRibbon”=“c:\program files\Logitech\QuickCam\Quickcam.exe” [2007-07-25 2027792]
“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 159744]
“DT HPW”=“c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe” [2008-07-14 81920]
“PivotSoftware”=“c:\program files\Portrait Displays\Pivot Software\wpctrl.exe” [2007-02-09 694008]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
“SPAMfighter Agent”=“c:\program files\SPAMfighter\SFAgent.exe” [2009-03-12 326792]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-11-24 81000]
“Adobe Acrobat Speed Launcher”=“c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe” [2008-06-12 37232]
“Acrobat Assistant 8.0”=“c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe” [2008-06-11 640376]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-09-27 13918208]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-09-27 86016]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2009-11-10 417792]
“AppleSyncNotifier”=“c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2009-08-13 177440]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2010-01-22 141608]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-7 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-21 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-04 07:38   548352   ——a-w-  c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28   72208   ——a-w-  c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=”“

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Walker\\DrvInst\\Bin\\enable.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“c:\\WINDOWS\\system32\\mmc.exe”=
“c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=

R1 as6eio;as6eio; [x]
R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\DRIVERS\nvtunep.sys [2003-12-02 20610]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys [2003-12-02 23858]
R3 9e639a06-945b-4053-a022-ca370a0a2455;9e639a06-945b-4053-a022-ca370a0a2455;d:\player\cds300.dll [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
R3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096]
R3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys [2005-05-11 87456]
R3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]
R3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
R3 MEGAUSB0101;MegawinMa100;c:\windows\system32\Drivers\usbscan.sys [2004-08-04 15104]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-05 12872]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-10-13 25704]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2006-01-14 642560]
S0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-05 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-06-03 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-03-12 184968]

.
Indhold af mappen ‘Planlagte Opgaver’

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 16:41]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-484061587-839522115-1006Core.job
- c:\documents and settings\Carsten\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 18:34]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-484061587-839522115-1006UA.job
- c:\documents and settings\Carsten\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 18:34]

2010-08-27 c:\windows\Tasks\User_Feed_Synchronization-{FDDEB3E8-C87A-4E95-8A16-F91B1801083E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/1.2.0.48/da/download
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: xfire_lsp_9028.dll
Trusted Zone: amagerbanken.dk
Trusted Zone: bec.dk
Trusted Zone: danid.dk
Trusted Zone: google.dk\www
TCP: {27D5060B-1D91-46A8-9F00-334C8BD136FD} = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparlolland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
DPF: {358DFA15-D48C-4296-8D16-7405F918333B} - hxxps://fronter.com/cvu-oresund/links/fronter_oes2.cab
DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://spinpalace.gameassists.co.uk/freeplay/FlashAX2.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
SafeBoot-Wdf01000.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 21:51
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

c:\windows\TEMP\BIT9.tmp 3442 bytes

scanning gennemført med succes
skjulte filer: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sdcplh.sys >>UNKNOWN [0x871DB180]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7524f28
\Driver\ACPI -> ACPI.sys @ 0xf73b7cb8
\Driver\atapi -> sdcplh.sys @ 0xf7627684
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71ecbb0
PacketIndicateHandler -> NDIS.sys @ 0xf71f9a21
SendHandler -> NDIS.sys @ 0xf71d787b
user & kernel MBR OK

**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_USERS\S-1-5-21-1275210071-484061587-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF1B6439-CF03-2578-00AA-B20A357A80C5}*]
“oapcmmmlicaljkcpjhbbocedmeccif”=hex:69,61,65,65,6c,6f,6a,6d,70,6b,66,66,6a,68,
  6c,6a,61,63,00,00
“najdcpbchpjhcgmmblmegchnpkid”=hex:69,61,65,65,6c,6f,6a,6d,70,6b,66,66,6a,68,
  6c,6a,61,63,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{55F992BA-1D26-E5AF-0907C8AEF5A56624}\{F1333513-8015-AAF3-FD42BD84CFB0024A}\{F02E7673-B596-886F-5D7515D1DE7A7F98}*]
“GG2KGGPNIIGO4BVBD4BQHYVQFA1”=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
  a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E8569B02-E577-013D-C3A3C50EF410F5FE}\{D07ADE0E-79DB-2CFB-D413AB0F0F722520}\{6AF39A39-D459-97F6-AE29B5DA7826690D}*]
“GG2KGGPNIIGO4BVBD4BQHYVQFA1”=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
  a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\HID\Vid_046d&Pid;_c50e\6&54d78c7;&0&0000;\LogConf]
@DACL=(02 0000)
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘winlogon.exe’(592)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > ‘lsass.exe’(648)
c:\windows\system32\xfire_lsp_9028.dll

- - - - - - - > ‘explorer.exe’(6016)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Portrait Displays\Pivot Software\winphook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dan.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Microsoft Office\Office12\1030\GrooveIntlResource.dll
c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
c:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DAN
.
————————————Andre kørende processer————————————
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Portrait Displays\Pivot Software\floater.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Portrait Displays\HP My Display\DTHtml.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\UAService7.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Gennemført tid: 2010-08-27 22:03:35 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-08-27 20:03
ComboFix2.txt 2010-08-26 15:14
ComboFix3.txt 2007-11-11 14:50

Pre-Kørsel: 28.900.118.528 bytes free
Post-Kørsel: 28.863.193.088 bytes free

- - End Of File - - 717ADAD18AE16A3550C9F8952EA1499C

Det ser fint ud.
Hvordan kører maskinen?

Jeg kan stadig ikke køre f.eks. den online scanner fra PandaSoftware uden internettet fryser og der kommer stadig den fejlmeddelelse som jeg tidligere beskrev.

Er det kun Pandas onlinescanner, der udløser den fejlmelding?

Deaktiver dit antivirus-program kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/
Acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control har indlæst, vil det tage et par minutter for scanneren til at blive klar.
Dernæst skal du sætte flueben i følgende felter:
Remove found threats
Scan unwanted applications

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C: \ Programmer \ EsetOnlineScanner \ og åbne filen Log.txt).

Kopier den herind i næste svar, og lad os høre hvordan tingene ser ud nu ?

Ja det gælder stortset dem alle også den fra eset.com.

Den eneste som jeg har haft held med er der fra Trend Micro HouseCall

Åbn Internet Explorer, klik på Funktioner->Internetindstillinger, vælg fanebladet Sikkerhed
Tjek hvad dine ActiveX indstillinger er.
Det der er i blå rammer på billedet, kan du prøve at klikke på, hvis du ikke kan få det til at virke ellers.

Det virker desværre heller ikke på problemet

Så ved jeg det ikke, hvis det kun er i forbindelse med de onlinescannere du får den fejlmelding.

Hej igen. Jeg afinstallerede internet explorer 8 og forsøgte herefter med 7’eren. Nu ville den godt køre activeX og her er min log fra den online scanner du anviste:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16827 (vista_gdr.090226-1506)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=401e5c4b90201047bc71ce624f3b4a65
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-28 10:50:09
# local_time=2010-08-29 12:50:09 (+0100, Romance Daylight Time)
# country=“Denmark”
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775125 100 98 695 219310823 0 0
# compatibility_mode=8192 67108863 100 0 148 148 0 0
# compatibility_mode=9730 16764926 0 4 110629333 110629333 0 0
# scanned=179647
# found=8
# cleaned=8
# scan_time=9741
C:\QooBox\Quarantine\C\WINDOWS\system32\hhkmp.bak1.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)  00000000000000000000000000000000   C
C:\QooBox\Quarantine\C\WINDOWS\system32\hhkmp.bak2.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)  00000000000000000000000000000000   C
C:\QooBox\Quarantine\C\WINDOWS\system32\hhkmp.ini2.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)  00000000000000000000000000000000   C
C:\QooBox\Quarantine\C\WINDOWS\system32\jjllm.bak1.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)  00000000000000000000000000000000   C
C:\QooBox\Quarantine\C\WINDOWS\system32\jjllm.ini2.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)  00000000000000000000000000000000   C
C:\QooBox\Quarantine\C\WINDOWS\system32\yccdd.bak1.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)  00000000000000000000000000000000   C
C:\QooBox\Quarantine\C\WINDOWS\system32\yccdd.ini2.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)  00000000000000000000000000000000   C
C:\System Volume Information\_restore{A5039FF7-479F-4085-9027-D91292C71CF0}\RP855\A0148821.exe   probably a variant of Win32/Agent.IWOIZGW trojan (cleaned by deleting - quarantined)  00000000000000000000000000000000   C

Det ser fint nok ud.

Det er bare uholdbart, at det ikke vil med IE 8, jeg roder lidt videre med det.

Vil det sige at du heller ikke får den fejlmelding mere?