‹‹ Langsom opstart, og høj CPU-Brug under alm drift. internet virker ikke med exploren el G-Chrome, kan ikke opdatere antivirus.     Langsom opstart af programmer/et eller andet kører konstant på computeren.. ››
 
 
 
Computer vil ikke starte op
    [ Ignorer ]   
  JLSJ SJ
30.08.2010 12:56:06
Antal indlæg: 17

Hej

Jeg har på det seneste stykke tid oplevet at min computer ikke vil starte op lige meget hvor mange gange jeg prøver på det. Jeg prøvede mig frem ved hurtigt at åbne joblisten og lukke ukendte programmer, ved ikke om det er med positivt eller negativ virkning efterfølgende, men min computer kører.

Problemet er at når jeg trykker min adgangskode, lader den “starte op”, så fryser den helt. Gav den chancen for at tykke igennem mine start op programmer i 2 timer, men stadig det samme.

Tror jeg har fået noget snavs ind som påvirker min start op :(

    [ Ignorer ]   [ # 1 ]   
  Fromsej TeamSpywarefri
30.08.2010 18:33:20
Administrator
Avatar
Team Spywarefri
Antal indlæg: 54698

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html


Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen.

Kopier indholdet herind og fortæl hvordan computeren kører nu ?

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 2 ]   
  JLSJ SJ
31.08.2010 10:14:55
Antal indlæg: 17

Lagde mærke til under opstart under joblisten, der dukkede et program der hed isampi.exe op i kort tid og forsvandt..

Her er loggen fra Malwarebytes

Malwarebytes’ Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4512

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31-08-2010 10:11:10
mbam-log-2010-08-31 (10-11-10).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 292171
Tid gået: 1 time(e), 27 minut(ter), 28 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\Documents and Settings\Ejer\Dokumenter\IDM\Keygen.exe (Trojan.Agent.K) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ejer\Dokumenter\IDM\Patch-UnREaL\Patch 5.xx (2009-01-22).exe (Trojan.Agent) -> Quarantined and deleted successfully.

    [ Ignorer ]   [ # 3 ]   
  Fromsej TeamSpywarefri
31.08.2010 19:34:45
Administrator
Avatar
Team Spywarefri
Antal indlæg: 54698

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 4 ]   
  JLSJ SJ
31.08.2010 23:45:47
Antal indlæg: 17

ComboFix 10-08-31.01 - Ejer 31-08-2010 22:35:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.3069.2616 [GMT 2:00]
Kører fra: c:\documents and settings\Ejer\Dokumenter\Hentede filer\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Ejer\Dokumenter\Hentede filer\CFScript.txt
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\BisonC07.dll

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-07-28 til 2010-08-31 )))))))))))))))))))))))))))))))))))
.

2010-08-30 18:21 . 2010-08-30 18:21   ————  d-sh—w-  c:\documents and settings\LocalService\IETldCache
2010-08-30 10:37 . 2010-08-30 10:37   ————  d——-w-  c:\programmer\RegSupreme
2010-08-30 10:10 . 2010-08-30 18:21   ————  d——-w-  c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Adobe
2010-08-30 08:55 . 2010-08-30 08:55   2313   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_FCDAC0A0AD874C333A05DC1548B97920.dll
2010-08-30 08:55 . 2010-08-30 08:55   3257   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
2010-08-30 08:55 . 2010-08-30 08:55   2056   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9048F379AD8F04A4CA4B210BF233997D.dll
2010-08-30 08:55 . 2010-08-30 08:55   5522   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5C1093C35543A0E32A41B090A305076A.dll
2010-08-30 08:55 . 2010-08-30 08:55   3599   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_46D9102E918EF4B3C95859EB6288BA9F.dll
2010-08-30 08:55 . 2010-08-30 08:55   1829   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4F60811F2FC06AC4DAA7E8690F958B42.dll
2010-08-30 08:52 . 2010-08-30 08:52   ————  d——-w-  c:\documents and settings\Ejer\Application Data\Windows Search
2010-08-30 08:45 . 2010-08-30 08:45   ————  d——-w-  c:\programmer\Microsoft.NET
2010-08-30 08:39 . 2010-08-30 08:39   ————  d——-w-  c:\windows\system32\winrm
2010-08-30 08:39 . 2010-08-30 08:39   ————  dc-h—w-  c:\windows\$968930Uinstall_KB968930$
2010-08-30 08:37 . 2010-08-30 08:37   ————  d——-w-  c:\documents and settings\Ejer\Application Data\Windows Desktop Search
2010-08-30 08:37 . 2010-08-30 08:37   ————  d——-w-  c:\programmer\Windows Desktop Search
2010-08-30 08:37 . 2010-08-30 08:37   ————  d——-w-  c:\windows\system32\GroupPolicy
2010-08-30 08:34 . 2010-08-30 08:34   ————  d——-w-  c:\windows\system32\URTTEMP
2010-08-27 06:13 . 2010-08-30 09:29   ————  d——-w-  c:\documents and settings\All Users\Application Data\SecTaskMan
2010-08-27 06:12 . 2010-08-27 06:12   ————  d——-w-  c:\programmer\Security Task Manager
2010-08-27 06:04 . 2010-08-27 06:04   ————  d——-w-  c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\ESET
2010-08-26 21:01 . 2010-08-26 21:01   57344   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-26 21:00 . 2010-08-26 20:55   185640   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-08-26 21:00 . 2010-08-26 20:55   1062184   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-26 21:00 . 2010-08-26 20:55   850200   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-26 21:00 . 2010-08-26 21:00   56997   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-26 21:00 . 2010-08-26 21:00   56765   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-26 21:00 . 2010-08-26 21:00   57691   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-26 21:00 . 2010-08-26 21:00   53600   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-08-26 21:00 . 2010-08-30 17:32   ————  d——-w-  c:\documents and settings\Ejer\Application Data\DivX
2010-08-26 20:58 . 2010-08-26 20:58   54073   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-08-26 20:58 . 2010-08-26 20:58   ————  d——-w-  c:\programmer\Fælles filer\DivX Shared
2010-08-26 20:58 . 2010-08-26 20:58   56969   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-08-26 20:56 . 2010-08-26 21:00   ————  d——-w-  c:\programmer\DivX
2010-08-26 20:55 . 2010-08-26 20:55   144696   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-26 20:55 . 2010-08-26 21:00   ————  d——-w-  c:\documents and settings\All Users\Application Data\DivX
2010-08-26 20:41 . 2010-08-26 21:02   2788816   ——a-w-  c:\documents and settings\Ejer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-08-19 07:01 . 2010-08-19 07:01   ————  d——-w-  c:\programmer\FM Modifier 2
2010-08-17 21:01 . 2010-08-17 21:01   ————  d——-w-  c:\documents and settings\All Users\Application Data\PC Suite
2010-08-17 21:01 . 2010-08-17 21:01   ————  d——-w-  c:\documents and settings\Ejer\Application Data\PC Suite
2010-08-17 20:53 . 2010-08-17 20:53   ————  d——-w-  c:\programmer\DIFX
2010-08-17 20:53 . 2008-08-26 08:26   18816   ——a-w-  c:\windows\system32\drivers\pccsmcfd.sys
2010-08-17 20:52 . 2010-08-17 20:52   ————  d——-w-  c:\programmer\PC Connectivity Solution
2010-08-17 20:52 . 2010-02-26 12:21   8320   ——a-w-  c:\windows\system32\drivers\nmwcdnsuc.sys
2010-08-17 20:52 . 2010-02-26 12:21   137344   ——a-w-  c:\windows\system32\drivers\nmwcdnsu.sys
2010-08-17 20:52 . 2010-02-26 12:32   8192   ——a-w-  c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-08-17 20:52 . 2010-02-26 12:32   8192   ——a-w-  c:\windows\system32\drivers\usbser_lowerflt.sys
2010-08-17 20:52 . 2010-02-26 12:32   22528   ——a-w-  c:\windows\system32\drivers\ccdcmbo.sys
2010-08-17 20:52 . 2010-02-26 12:32   662016   ——a-w-  c:\windows\system32\nmwcdcocls.dll
2010-08-17 20:52 . 2010-02-26 12:32   18176   ——a-w-  c:\windows\system32\drivers\ccdcmb.sys
2010-08-17 20:52 . 2010-02-26 12:19   1461992   ——a-w-  c:\windows\system32\wdfcoinstaller01009.dll
2010-08-17 20:51 . 2010-08-17 20:51   ————  d——-w-  c:\programmer\Fælles filer\Nokia
2010-08-17 20:48 . 2010-08-17 20:48   7886   ——a-r-  c:\documents and settings\Ejer\Application Data\Microsoft\Installer\{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}\fm2006_final_exe_49CFD5D905564037B7D6E13ED4BEA4C5.exe
2010-08-17 20:48 . 2010-08-17 20:48   7886   ——a-r-  c:\documents and settings\Ejer\Application Data\Microsoft\Installer\{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}\exe_final_49CFD5D905564037B7D6E13ED4BEA4C5.exe
2010-08-17 20:48 . 2010-08-17 20:48   7886   ——a-r-  c:\documents and settings\Ejer\Application Data\Microsoft\Installer\{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}\ARPPRODUCTICON.exe
2010-08-17 20:48 . 2010-08-17 20:48   49152   ——a-r-  c:\documents and settings\Ejer\Application Data\Microsoft\Installer\{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2010-08-17 20:45 . 2010-08-17 20:44   36414944   ——a-w-  c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\NokiaSoftwareUpdaterSetup_en.exe
2010-08-17 20:45 . 2010-08-17 20:45   3351812   ——a-w-  c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\msxml6Exec.exe
2010-08-17 20:45 . 2010-08-17 20:45   36864   ——a-w-  c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\Sleep.exe
2010-08-17 20:45 . 2010-08-17 20:45   3203453   ——a-w-  c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\vcredistExec.exe
2010-08-16 21:35 . 2010-08-17 07:59   ————  d——-w-  c:\programmer\UlisesSoft
2010-08-12 07:09 . 2010-08-30 09:00   ————  d——-w-  c:\documents and settings\Ejer\Lokale indstillinger\Application Data\AskToolbar
2010-08-03 19:51 . 2010-08-03 19:56   ————  d——-w-  c:\documents and settings\Ejer\Application Data\ManyCam
2010-08-03 19:51 . 2010-08-16 10:01   ————  d——-w-  c:\programmer\Ask.com
2010-08-01 21:58 . 2010-08-12 20:59   ————  d——-w-  c:\programmer\VirtualFem

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 21:33 . 2009-06-05 20:51   ————  d——-w-  c:\documents and settings\Ejer\Application Data\DMCache
2010-08-31 08:11 . 2009-08-26 20:59   ————  d——-w-  c:\programmer\Malwarebytes’ Anti-Malware
2010-08-30 10:37 . 2010-05-07 06:33   ————  d——-w-  c:\programmer\CCleaner
2010-08-30 08:56 . 2004-08-27 12:00   543914   ——a-w-  c:\windows\system32\perfh006.dat
2010-08-30 08:56 . 2004-08-27 12:00   110644   ——a-w-  c:\windows\system32\perfc006.dat
2010-08-30 08:38 . 2009-06-15 20:58   ————  d——-w-  c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-26 20:59 . 2010-08-26 20:59   84063   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   57054   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   54166   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   57532   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   56458   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   54174   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   54153   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   54128   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-08-12 04:07 . 2008-11-20 19:19   45648   ———w-  c:\windows\system32\drivers\pxhelp20.sys
2010-08-02 12:16 . 2009-06-21 10:36   ————  d——-w-  c:\documents and settings\Ejer\Application Data\LimeWire
2010-07-28 20:27 . 2010-07-28 20:27   ————  d——-w-  c:\programmer\AviSynth 2.5
2010-07-28 20:25 . 2010-07-28 20:25   ————  d——-w-  c:\programmer\Winnydows
2010-07-28 15:20 . 2009-06-04 11:52   69040   ——a-w-  c:\documents and settings\Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-07-28 15:20 . 2010-05-27 15:07   ————  d——-w-  c:\programmer\EMDB
2010-07-05 17:38 . 2010-06-18 23:08   ————  d——-w-  c:\documents and settings\Ejer\Application Data\Orbit
2010-06-30 12:32 . 2008-04-14 07:05   149504   ——a-w-  c:\windows\system32\schannel.dll
2010-06-24 12:25 . 2008-04-14 07:05   916480   ——a-w-  c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 06:38   1851904   ——a-w-  c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-13 10:15   354304   ——a-w-  c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 07:05   80384   ——a-w-  c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-06-04 11:41   744448   ——a-w-  c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-04-14 07:05   1172480   ——a-w-  c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41   3600384   ——a-w-  c:\windows\system32\GPhotos.scr
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23   1385864   ——a-w-  c:\programmer\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\programmer\Ask.com\GenericAskToolbar.dll” [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\programmer\Ask.com\GenericAskToolbar.dll” [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@=”{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}”
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 17:59   2953216   ——a-w-  c:\programmer\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@=”{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}”
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 17:59   2953216   ——a-w-  c:\programmer\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IDMan”=“c:\documents and settings\Ejer\Skrivebord\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM.5.17.5.Cracked-SuPeRGeNiUs\IDMan.exe” [2009-08-10 2745776]
“Rainlendar2”=“c:\programmer\Rainlendar2\Rainlendar2.exe” [2009-02-21 4333568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PSQLLauncher”=“c:\programmer\Protector Suite QL\launcher.exe” [2007-03-28 49168]
“egui”=“c:\programmer\ESET\ESET Smart Security\egui.exe” [2010-03-24 2145000]
“Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2010-06-09 976832]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-03-28 13529088]
“Malwarebytes’ Anti-Malware”=“c:\programmer\Malwarebytes’ Anti-Malware\mbamgui.exe” [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_3”=“advpack.dll” [2009-03-08 128512]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HotKeyDriver.lnk - c:\programmer\HotKey_Driver\HotKeyDriver.exe [2009-6-4 3641344]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 17:46   90112   ——a-w-  c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-08-14 12:14   210168   ——a-w-  c:\programmer\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ     scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Rainmeter.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ejer^Menuen Start^Programmer^Start^Rainmeter.lnk]
path=c:\documents and settings\Ejer\Menuen Start\Programmer\Start\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04   35760   ——a-w-  c:\programmer\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21   203928   ——a-w-  c:\programmer\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05   143360   ——a-w-  c:\programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 07:05   15360   ——a-w-  c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45   1164584   ——a-w-  c:\programmer\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44   3883856   ——a-w-  c:\programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-03-28 10:04   13529088   ——a-w-  c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\iTunes\\iTunes.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Programmer\\Sports Interactive\\Football Manager 2010\\fm.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Steam\\Steam.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpiscnapp.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\Programmer\\TVersity\\Media Server\\MediaServer.exe”=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“41952:TCP”= 41952:TCP:Tversity
“41952:UDP”= 41952:UDP:Tversity2
“8377:TCP”= 8377:TCP:League of Legends Launcher
“8377:UDP”= 8377:UDP:League of Legends Launcher
“5985:TCP”= 5985:TCP:*:Disabled:Windows Fjernadministration

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [24-03-2010 20:31 114984]
R2 ekrn;ESET Service;c:\programmer\ESET\ESET Smart Security\ekrn.exe [24-03-2010 20:31 810120]
R2 MBAMService;MBAMService;c:\programmer\Malwarebytes’ Anti-Malware\mbamservice.exe [26-08-2009 22:59 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26-08-2009 22:59 20952]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [04-06-2009 18:34 342784]
S0 stwlfbus;stwlfbus;c:\windows\system32\DRIVERS\stwlfbus.sys—> c:\windows\system32\DRIVERS\stwlfbus.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate1ca313eefab306c;Tjenesten Google Update (gupdate1ca313eefab306c);c:\programmer\Google\Update\GoogleUpdate.exe [09-09-2009 13:16 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys—> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys—> c:\windows\system32\DRIVERS\netaapl.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17-08-2010 22:52 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17-08-2010 22:52 8320]
S3 Pspsocsttaqp;Pspsocsttaqp; [x]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys—> c:\windows\system32\Drivers\usbaapl.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14-04-2008 09:06 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29-10-2009 22:29 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
WINRM   REG_MULTI_SZ     WINRM
.
Indhold af mappen ‘Planlagte Opgaver’

2010-08-31 c:\windows\Tasks\Google Software Updater.job
- c:\programmer\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-07 11:08]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-09-09 11:15]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-09-09 11:15]

2010-08-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmer\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://eu.ask.com?o=14978&l=dis
IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200
IE: Download alle links med IDM - c:\documents and settings\Ejer\Skrivebord\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM.5.17.5.Cracked-SuPeRGeNiUs\IEGetAll.htm
IE: Download FLV videoindhold med IDM - c:\documents and settings\Ejer\Skrivebord\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM.5.17.5.Cracked-SuPeRGeNiUs\IEGetVL.htm
IE: Download med IDM - c:\documents and settings\Ejer\Skrivebord\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM.5.17.5.Cracked-SuPeRGeNiUs\IEExt.htm
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: blank
TCP: {98F8EE66-602F-4473-A2D1-7E6364F22D81} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Ejer\Application Data\Mozilla\Firefox\Profiles\uxm92cbu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/firefox?client=firefox-a&rls=org.mozilla:da:official
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\Ejer\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\programmer\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmer\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmer\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\programmer\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmer\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

——FIREFOX POLITIKKER——
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn—mgbaam7a8h”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn—mgberp4a5d4ar”, true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”);
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-ManyCam - c:\programmer\ManyCam 2.4\ManyCam.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 23:32
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_USERS\S-1-5-21-350281380-233495102-1455855570-1003\Software\G*e*n*i*e*”!\FM Genie Scout 10]
“GameDir”=“c:\\Documents and Settings\\Ejer\\Dokumenter\\Sports Interactive\\Football Manager 2010\\games”
“ShortlistDir”=”“
“ScreenshotsDir”=“c:\\Documents and Settings\\Ejer\\Dokumenter\\Sports Interactive\\Football Manager 2010”
“SaveDir”=“c:\\Documents and Settings\\Ejer\\Dokumenter\\Sports Interactive\\Football Manager 2010\\”
“HistoryDir”=“c:\\Documents and Settings\\Ejer\\Skrivebord\\FM Genie Scout 10\\History Points”
“LangDB”=“c:\\Programmer\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat”
“LastSaveGame”=”“
“Language”=“English”
“LoadLangDB”=dword:00000001
“CompressHistoryPoints”=dword:00000000
“HighlightedAttributes”=dword:00000000
“MinCondition”=dword:00000050
“GraphStep”=dword:00000000
“SkinName”=“Steklo Black”
“LastUpdateCheck”=dword:00000000
“HighQualityGUI”=dword:00000001
“AutomaticallyUpdateCheck”=dword:00000001
“AdvancedGeneration”=dword:00000000
“TranslateStaffSkills”=dword:00000001
“TranslatePlayerSkills”=dword:00000001
“TranslatePositions”=dword:00000001
“ShowHistory”=dword:00000001
“Version”=dword:0000006f
“UniqueID”=“A4-8200-E89F”
“Currency”=dword:00000056
“UseProxy”=dword:00000000
“ProxyHost”=”“
“ProxyPort”=”“
“UseAuthentication”=dword:00000000
“UserName”=”“
“UserPassword”=”“

[HKEY_USERS\S-1-5-21-350281380-233495102-1455855570-1003\Software\SecuROM\License information*]
“datasecu”=hex:e7,7e,c8,0b,f3,eb,40,30,2e,44,7d,20,34,f8,d6,43,0e,96,75,46,06,
  ec,c0,1d,ec,b1,e1,42,59,fe,2c,db,d2,db,bb,2c,80,03,73,cc,dd,2b,04,4d,75,3c,\
“rkeysecu”=hex:87,2e,36,5a,a7,42,dd,fa,4a,11,86,00,72,29,d2,9a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
“scansk”=hex(0):df,73,e4,ac,59,90,f0,47,dc,ed,75,06,5a,df,35,68,93,ea,f7,1e,b6,
  e5,89,13,cf,48,0a,5f,72,d1,dd,96,7f,62,39,54,e3,01,14,66,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{637fda04-3907-4f94-9bb4-098764159708}]
@Denied: (Full) (Everyone)
“Model”=dword:000000bd
“Therad”=dword:00000023
“MData”=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7a820830-2965-4427-8bd9-a37c9afe64b1}]
@Denied: (Full) (Everyone)
“Model”=dword:00000121
“Therad”=dword:0000001d
“MData”=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
“scansk”=hex(0):c6,e2,d7,4a,4e,ce,f9,05,14,5d,0f,e6,ec,3c,05,e7,94,94,ed,18,6e,
  f9,f0,28,79,70,9f,71,17,c4,cb,1e,fb,0a,ca,08,6c,c2,b0,51,00,00,00,00,00,00,\
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘winlogon.exe’(1192)
c:\windows\system32\psqlpwd.dll
c:\programmer\Protector Suite QL\homefus2.dll
c:\programmer\Protector Suite QL\infra.dll
c:\programmer\Protector Suite QL\homepass.dll
c:\programmer\Protector Suite QL\bio.dll
c:\programmer\Protector Suite QL\remote.dll
c:\programmer\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
c:\programmer\Protector Suite QL\crypto.dll

- - - - - - - > ‘lsass.exe’(1248)
c:\windows\system32\psqlpwd.dll
c:\programmer\Protector Suite QL\homefus2.dll
c:\programmer\Protector Suite QL\infra.dll

- - - - - - - > ‘explorer.exe’(168)
c:\programmer\Protector Suite QL\farchns.dll
c:\programmer\Protector Suite QL\infra.dll
c:\programmer\iTunes\iTunesMiniPlayer.dll
c:\programmer\iTunes\iTunesMiniPlayer.Resources\da.lproj\iTunesMiniPlayerLocalized.dll
c:\programmer\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\programmer\Windows Desktop Search\deskbar.dll
c:\programmer\Windows Desktop Search\da-dk\dbres.dll.mui
c:\programmer\Windows Desktop Search\dbres.dll
c:\programmer\Windows Desktop Search\wordwheel.dll
c:\programmer\Windows Desktop Search\da-dk\msnlExtRes.dll.mui
c:\programmer\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmer\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\programmer\Canon\IJPLM\IJPLMSVC.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\windows\system32\nvsvc32.exe
c:\programmer\TVersity\Media Server\MediaServer.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\programmer\Protector Suite QL\psqltray.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\documents and settings\Ejer\Skrivebord\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM.5.17.5.Cracked-SuPeRGeNiUs\IEMonitor.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Gennemført tid: 2010-08-31 23:41:39 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-08-31 21:41

Pre-Kørsel: 17.723.310.080 byte ledig
Post-Kørsel: 22.697.394.176 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“XP Normal” /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“XP Fejlsikret” /fastdetect /safeboot:minimal
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“XP Fejlsikret med net” /fastdetect /safeboot:network

- - End Of File - - 20FF649AB0FC3008076670EBAF58DDAE

    [ Ignorer ]   [ # 5 ]   
  Fromsej TeamSpywarefri
01.09.2010 19:16:07
Administrator
Avatar
Team Spywarefri
Antal indlæg: 54698

Afinstaller Ask Toolbar i Tilføj/Fjern programmer.

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Driver::
Pspsocsttaqp

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 6 ]   
  JLSJ SJ
02.09.2010 20:48:36
Antal indlæg: 17

Jeg kan ikke få det til at fungere. Efter genstarten fryser min computer i combofix eller så kommer vinduet ikke frem igen.

    [ Ignorer ]   [ # 7 ]   
  Fromsej TeamSpywarefri
03.09.2010 14:58:06
Administrator
Avatar
Team Spywarefri
Antal indlæg: 54698

Hent Avenger 2 her:
http://swandog46.geekstogo.com/avenger2/avenger.zip

...og pak programmet ud.

Dobbeltklik på avenger.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

———————————————————————————————

Drivers to delete:
Pspsocsttaqp

————————————————————-

Klik på knappen Execute. Følg vejledningen og svar ja på spørgsmålene - programmet vil opfordre dig til at genstarte computeren, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den skal du kopiere herind i forum i dit næste svar. Log’en kan også findes her: C:\avenger.txt.

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 8 ]   
  JLSJ SJ
03.09.2010 16:53:29
Antal indlæg: 17

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  registry key “\Registry\Machine\System\CurrentControlSet\Services\Pspsocsttaqp” not found!
Deletion of driver “Pspsocsttaqp” failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

    [ Ignorer ]   [ # 9 ]   
  Fromsej TeamSpywarefri
03.09.2010 18:16:30
Administrator
Avatar
Team Spywarefri
Antal indlæg: 54698

Det gav ikke helt det ønskede resultat.

Prøv at dobbeltklikke på Combofix, lad den køre, når den er færdig, så kopier loggen herind.

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 10 ]   
  JLSJ SJ
03.09.2010 21:30:17
Antal indlæg: 17

Jeg har prøvet at køre det sidste script du sendte til combofix. Den bliver bare ved med at stå stille ved
“Genstarter windows…..... Vent venligst” efter den har kørt 50 stages færdig

    [ Ignorer ]   [ # 11 ]   
  Fromsej TeamSpywarefri
03.09.2010 22:13:32
Administrator
Avatar
Team Spywarefri
Antal indlæg: 54698

Prøv at lade være med at bruge scriptet, bare dobbeltklik på Combofix.

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 12 ]   
  JLSJ SJ
04.09.2010 11:10:49
Antal indlæg: 17

Så får jeg en besked, om jeg forsøgte at køre et CFscript?

    [ Ignorer ]   [ # 13 ]   
  Fromsej TeamSpywarefri
04.09.2010 11:25:58
Administrator
Avatar
Team Spywarefri
Antal indlæg: 54698

Prøv at hente en ny Combofix.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 14 ]   
  JLSJ SJ
04.09.2010 13:07:49
Antal indlæg: 17

ComboFix 10-09-03.02 - Ejer 04-09-2010 12:34:05.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.3069.2379 [GMT 2:00]
Kører fra: c:\documents and settings\Ejer\Dokumenter\Hentede filer\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Service_Pspsocsttaqp


(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-04 til 2010-09-04 )))))))))))))))))))))))))))))))))))
.

2010-09-03 14:47 . 2010-09-03 14:47   161120   ——a-w-  c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-09-02 16:08 . 2010-09-02 16:08   ————  d——-w-  c:\programmer\Linksys
2010-09-02 16:02 . 2010-09-02 16:02   ————  d——-w-  c:\programmer\Pure Networks
2010-09-02 16:01 . 2010-09-02 16:01   ————  d——-w-  c:\programmer\WebEx
2010-09-02 16:01 . 2009-04-07 13:33   23984   ——a-w-  c:\windows\system32\drivers\pnarp.sys
2010-09-02 16:00 . 2009-04-07 13:33   25264   ——a-w-  c:\windows\system32\drivers\purendis.sys
2010-09-02 16:00 . 2010-09-02 16:00   ————  d——-w-  c:\programmer\Fælles filer\Pure Networks Shared
2010-09-02 16:00 . 2010-09-02 16:10   ————  d——-w-  c:\documents and settings\All Users\Application Data\Pure Networks
2010-08-30 18:21 . 2010-08-30 18:21   ————  d-sh—w-  c:\documents and settings\LocalService\IETldCache
2010-08-30 10:37 . 2010-08-30 10:37   ————  d——-w-  c:\programmer\RegSupreme
2010-08-30 10:10 . 2010-08-30 18:21   ————  d——-w-  c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Adobe
2010-08-30 08:52 . 2010-08-30 08:52   ————  d——-w-  c:\documents and settings\Ejer\Application Data\Windows Search
2010-08-30 08:45 . 2010-08-30 08:45   ————  d——-w-  c:\programmer\Microsoft.NET
2010-08-30 08:39 . 2010-08-30 08:39   ————  d——-w-  c:\windows\system32\winrm
2010-08-30 08:39 . 2010-08-30 08:39   ————  dc-h—w-  c:\windows\$968930Uinstall_KB968930$
2010-08-30 08:37 . 2010-08-30 08:37   ————  d——-w-  c:\documents and settings\Ejer\Application Data\Windows Desktop Search
2010-08-30 08:37 . 2010-09-01 09:38   ————  d——-w-  c:\programmer\Windows Desktop Search
2010-08-30 08:37 . 2010-08-30 08:37   ————  d——-w-  c:\windows\system32\GroupPolicy
2010-08-30 08:34 . 2010-08-30 08:34   ————  d——-w-  c:\windows\system32\URTTEMP
2010-08-27 06:13 . 2010-08-30 09:29   ————  d——-w-  c:\documents and settings\All Users\Application Data\SecTaskMan
2010-08-27 06:12 . 2010-08-27 06:12   ————  d——-w-  c:\programmer\Security Task Manager
2010-08-27 06:04 . 2010-08-27 06:04   ————  d——-w-  c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\ESET
2010-08-26 21:00 . 2010-08-30 17:32   ————  d——-w-  c:\documents and settings\Ejer\Application Data\DivX
2010-08-26 20:59 . 2010-08-12 04:07   133616   ———w-  c:\windows\system32\pxafs.dll
2010-08-26 20:59 . 2010-08-12 04:07   126448   ———w-  c:\windows\system32\pxinsi64.exe
2010-08-26 20:59 . 2010-08-12 04:07   123888   ———w-  c:\windows\system32\pxcpyi64.exe
2010-08-26 20:58 . 2010-08-26 20:58   ————  d——-w-  c:\programmer\Fælles filer\DivX Shared
2010-08-26 20:56 . 2010-08-26 21:00   ————  d——-w-  c:\programmer\DivX
2010-08-26 20:55 . 2010-08-26 21:00   ————  d——-w-  c:\documents and settings\All Users\Application Data\DivX
2010-08-19 07:01 . 2010-08-19 07:01   ————  d——-w-  c:\programmer\FM Modifier 2
2010-08-17 21:01 . 2010-08-17 21:01   ————  d——-w-  c:\documents and settings\All Users\Application Data\PC Suite
2010-08-17 21:01 . 2010-08-17 21:01   ————  d——-w-  c:\documents and settings\Ejer\Application Data\PC Suite
2010-08-17 20:53 . 2010-08-17 20:53   ————  d——-w-  c:\programmer\DIFX
2010-08-17 20:53 . 2008-08-26 08:26   18816   ——a-w-  c:\windows\system32\drivers\pccsmcfd.sys
2010-08-17 20:52 . 2010-08-17 20:52   ————  d——-w-  c:\programmer\PC Connectivity Solution
2010-08-17 20:52 . 2010-02-26 12:21   8320   ——a-w-  c:\windows\system32\drivers\nmwcdnsuc.sys
2010-08-17 20:52 . 2010-02-26 12:21   137344   ——a-w-  c:\windows\system32\drivers\nmwcdnsu.sys
2010-08-17 20:52 . 2010-02-26 12:32   8192   ——a-w-  c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-08-17 20:52 . 2010-02-26 12:32   8192   ——a-w-  c:\windows\system32\drivers\usbser_lowerflt.sys
2010-08-17 20:52 . 2010-02-26 12:32   22528   ——a-w-  c:\windows\system32\drivers\ccdcmbo.sys
2010-08-17 20:52 . 2010-02-26 12:32   662016   ——a-w-  c:\windows\system32\nmwcdcocls.dll
2010-08-17 20:52 . 2010-02-26 12:32   18176   ——a-w-  c:\windows\system32\drivers\ccdcmb.sys
2010-08-17 20:52 . 2010-02-26 12:19   1461992   ——a-w-  c:\windows\system32\wdfcoinstaller01009.dll
2010-08-17 20:51 . 2010-08-17 20:51   ————  d——-w-  c:\programmer\Fælles filer\Nokia
2010-08-16 21:35 . 2010-08-17 07:59   ————  d——-w-  c:\programmer\UlisesSoft

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 10:46 . 2009-06-05 20:51   ————  d——-w-  c:\documents and settings\Ejer\Application Data\DMCache
2010-09-03 06:19 . 2009-06-08 21:55   ————  d——-w-  c:\programmer\Microsoft Silverlight
2010-09-03 06:18 . 2009-10-29 20:29   697328   ——a-w-  c:\windows\system32\drivers\sptd.sys
2010-09-02 16:56 . 2009-06-04 11:52   68896   ——a-w-  c:\documents and settings\Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-09-02 16:01 . 2010-09-02 16:01   8892928   ——a-w-  c:\documents and settings\All Users\Application Data\atscie.msi
2010-09-02 11:55 . 2010-07-28 20:25   ————  d——-w-  c:\programmer\Winnydows
2010-09-01 05:54 . 2004-08-27 12:00   543982   ——a-w-  c:\windows\system32\perfh006.dat
2010-09-01 05:54 . 2004-08-27 12:00   110712   ——a-w-  c:\windows\system32\perfc006.dat
2010-08-31 08:11 . 2009-08-26 20:59   ————  d——-w-  c:\programmer\Malwarebytes’ Anti-Malware
2010-08-30 10:37 . 2010-05-07 06:33   ————  d——-w-  c:\programmer\CCleaner
2010-08-30 08:55 . 2010-08-30 08:55   2313   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_FCDAC0A0AD874C333A05DC1548B97920.dll
2010-08-30 08:55 . 2010-08-30 08:55   3257   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
2010-08-30 08:55 . 2010-08-30 08:55   2056   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9048F379AD8F04A4CA4B210BF233997D.dll
2010-08-30 08:55 . 2010-08-30 08:55   5522   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5C1093C35543A0E32A41B090A305076A.dll
2010-08-30 08:55 . 2010-08-30 08:55   3599   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_46D9102E918EF4B3C95859EB6288BA9F.dll
2010-08-30 08:55 . 2010-08-30 08:55   1829   ——a-w-  c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4F60811F2FC06AC4DAA7E8690F958B42.dll
2010-08-30 08:38 . 2009-06-15 20:58   ————  d——-w-  c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-26 21:02 . 2010-08-26 20:41   2788816   ——a-w-  c:\documents and settings\Ejer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-08-26 21:01 . 2010-08-26 21:01   57344   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-26 21:00 . 2010-08-26 21:00   56997   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-26 21:00 . 2010-08-26 21:00   56765   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-26 21:00 . 2010-08-26 21:00   57691   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-26 21:00 . 2010-08-26 21:00   53600   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   84063   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   57054   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   54166   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   57532   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   56458   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   54174   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   54153   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   54128   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   54644   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   54101   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   57409   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-08-26 20:59 . 2010-08-26 20:59   52963   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-26 20:58 . 2010-08-26 20:58   54073   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-08-26 20:58 . 2010-08-26 20:58   56969   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-08-26 20:57 . 2009-06-07 19:20   ————  d——-w-  c:\programmer\Google
2010-08-26 20:55 . 2010-08-26 21:00   185640   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-08-26 20:55 . 2010-08-26 21:00   1062184   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-26 20:55 . 2010-08-26 20:55   144696   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-26 20:55 . 2010-08-26 21:00   850200   ——a-w-  c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-20 08:02 . 2009-06-15 21:51   ————  d——-w-  c:\programmer\Fælles filer\Adobe
2010-08-17 21:01 . 2010-08-17 21:01   0   —-ha-w-  c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-08-17 21:01 . 2010-08-17 21:01   0   —-ha-w-  c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-17 20:53 . 2009-09-10 21:03   ————  d——-w-  c:\documents and settings\All Users\Application Data\Installations
2010-08-17 20:52 . 2009-09-10 21:03   ————  d——-w-  c:\programmer\Nokia
2010-08-17 20:48 . 2010-08-17 20:48   7886   ——a-r-  c:\documents and settings\Ejer\Application Data\Microsoft\Installer\{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}\fm2006_final_exe_49CFD5D905564037B7D6E13ED4BEA4C5.exe
2010-08-17 20:48 . 2010-08-17 20:48   7886   ——a-r-  c:\documents and settings\Ejer\Application Data\Microsoft\Installer\{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}\exe_final_49CFD5D905564037B7D6E13ED4BEA4C5.exe
2010-08-17 20:48 . 2010-08-17 20:48   7886   ——a-r-  c:\documents and settings\Ejer\Application Data\Microsoft\Installer\{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}\ARPPRODUCTICON.exe
2010-08-17 20:48 . 2010-08-17 20:48   49152   ——a-r-  c:\documents and settings\Ejer\Application Data\Microsoft\Installer\{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2010-08-17 20:45 . 2010-08-17 20:45   3351812   ——a-w-  c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\msxml6Exec.exe
2010-08-17 20:45 . 2010-08-17 20:45   36864   ——a-w-  c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\Sleep.exe
2010-08-17 20:45 . 2010-08-17 20:45   3203453   ——a-w-  c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\vcredistExec.exe
2010-08-17 20:44 . 2010-08-17 20:45   36414944   ——a-w-  c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\NokiaSoftwareUpdaterSetup_en.exe
2010-08-17 20:44 . 2009-10-29 19:47   ————  d——-w-  c:\programmer\Sports Interactive
2010-08-16 07:01 . 2009-12-07 18:39   ————  d——-w-  c:\programmer\Steam
2010-08-12 20:59 . 2010-08-01 21:58   ————  d——-w-  c:\programmer\VirtualFem
2010-08-12 04:07 . 2008-11-20 19:19   45648   ———w-  c:\windows\system32\drivers\pxhelp20.sys
2010-08-03 19:56 . 2010-08-03 19:51   ————  d——-w-  c:\documents and settings\Ejer\Application Data\ManyCam
2010-08-02 12:16 . 2009-06-21 10:36   ————  d——-w-  c:\documents and settings\Ejer\Application Data\LimeWire
2010-07-28 20:27 . 2010-07-28 20:27   ————  d——-w-  c:\programmer\AviSynth 2.5
2010-07-28 15:20 . 2010-05-27 15:07   ————  d——-w-  c:\programmer\EMDB
2010-06-30 12:32 . 2008-04-14 07:05   149504   ——a-w-  c:\windows\system32\schannel.dll
2010-06-24 12:25 . 2008-04-14 07:05   916480   ——a-w-  c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 06:38   1851904   ——a-w-  c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-13 10:15   354304   ——a-w-  c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 07:05   80384   ——a-w-  c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-06-04 11:41   744448   ——a-w-  c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-04-14 07:05   1172480   ——a-w-  c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@=”{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}”
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 17:59   2953216   ——a-w-  c:\programmer\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@=”{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}”
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 17:59   2953216   ——a-w-  c:\programmer\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IDMan”=“c:\documents and settings\Ejer\Skrivebord\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM.5.17.5.Cracked-SuPeRGeNiUs\IDMan.exe” [2009-08-10 2745776]
“Rainlendar2”=“c:\programmer\Rainlendar2\Rainlendar2.exe” [2009-02-21 4333568]
“msnmsgr”=“c:\programmer\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 3883856]
“AlcoholAutomount”=“c:\programmer\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PSQLLauncher”=“c:\programmer\Protector Suite QL\launcher.exe” [2007-03-28 49168]
“egui”=“c:\programmer\ESET\ESET Smart Security\egui.exe” [2010-03-24 2145000]
“Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2010-06-09 976832]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-03-28 13529088]
“Malwarebytes’ Anti-Malware”=“c:\programmer\Malwarebytes’ Anti-Malware\mbamgui.exe” [2010-04-29 437584]
“nmctxth”=“c:\programmer\Fælles filer\Pure Networks Shared\Platform\nmctxth.exe” [2009-04-07 642856]
“nmapp”=“c:\programmer\Pure Networks\Network Magic\nmapp.exe” [2009-04-07 467240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_3”=“advpack.dll” [2009-03-08 128512]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HotKeyDriver.lnk - c:\programmer\HotKey_Driver\HotKeyDriver.exe [2009-6-4 3641344]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 17:46   90112   ——a-w-  c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-08-14 12:14   210168   ——a-w-  c:\programmer\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ     scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Rainmeter.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ejer^Menuen Start^Programmer^Start^Rainmeter.lnk]
path=c:\documents and settings\Ejer\Menuen Start\Programmer\Start\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04   35760   ——a-w-  c:\programmer\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-05-27 00:31   31072   ——a-w-  c:\programmer\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05   143360   ——a-w-  c:\programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 07:05   15360   ——a-w-  c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45   1164584   ——a-w-  c:\programmer\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44   3883856   ——a-w-  c:\programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-03-28 10:04   13529088   ——a-w-  c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\iTunes\\iTunes.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Programmer\\Sports Interactive\\Football Manager 2010\\fm.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Steam\\Steam.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpiscnapp.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\Programmer\\TVersity\\Media Server\\MediaServer.exe”=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“41952:TCP”= 41952:TCP:Tversity
“41952:UDP”= 41952:UDP:Tversity2
“8377:TCP”= 8377:TCP:League of Legends Launcher
“8377:UDP”= 8377:UDP:League of Legends Launcher
“5985:TCP”= 5985:TCP:*:Disabled:Windows Fjernadministration

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [24-03-2010 20:31 114984]
R2 ekrn;ESET Service;c:\programmer\ESET\ESET Smart Security\ekrn.exe [24-03-2010 20:31 810120]
R2 MBAMService;MBAMService;c:\programmer\Malwarebytes’ Anti-Malware\mbamservice.exe [26-08-2009 22:59 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26-08-2009 22:59 20952]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [04-06-2009 18:34 342784]
S0 stwlfbus;stwlfbus;c:\windows\system32\DRIVERS\stwlfbus.sys—> c:\windows\system32\DRIVERS\stwlfbus.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate1ca313eefab306c;Tjenesten Google Update (gupdate1ca313eefab306c);c:\programmer\Google\Update\GoogleUpdate.exe [09-09-2009 13:16 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys—> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys—> c:\windows\system32\DRIVERS\netaapl.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17-08-2010 22:52 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17-08-2010 22:52 8320]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys—> c:\windows\system32\Drivers\usbaapl.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14-04-2008 09:06 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29-10-2009 22:29 697328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
WINRM   REG_MULTI_SZ     WINRM
.
Indhold af mappen ‘Planlagte Opgaver’

2010-09-04 c:\windows\Tasks\Google Software Updater.job
- c:\programmer\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-07 11:08]

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-09-09 11:15]

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-09-09 11:15]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://eu.ask.com?o=14978&l=dis
IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200
IE: Download alle links med IDM - c:\documents and settings\Ejer\Skrivebord\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM.5.17.5.Cracked-SuPeRGeNiUs\IEGetAll.htm
IE: Download FLV videoindhold med IDM - c:\documents and settings\Ejer\Skrivebord\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM.5.17.5.Cracked-SuPeRGeNiUs\IEGetVL.htm
IE: Download med IDM - c:\documents and settings\Ejer\Skrivebord\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM.5.17.5.Cracked-SuPeRGeNiUs\IEExt.htm
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: blank
TCP: {98F8EE66-602F-4473-A2D1-7E6364F22D81} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Ejer\Application Data\Mozilla\Firefox\Profiles\uxm92cbu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/firefox?client=firefox-a&rls=org.mozilla:da:official
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\Ejer\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\programmer\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmer\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmer\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\programmer\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmer\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

——FIREFOX POLITIKKER——
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn—mgbaam7a8h”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn—mgberp4a5d4ar”, true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”);
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 12:45
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_USERS\S-1-5-21-350281380-233495102-1455855570-1003\Software\G*e*n*i*e*”!\FM Genie Scout 10]
“GameDir”=“c:\\Documents and Settings\\Ejer\\Dokumenter\\Sports Interactive\\Football Manager 2010\\games”
“ShortlistDir”=”“
“ScreenshotsDir”=“c:\\Documents and Settings\\Ejer\\Dokumenter\\Sports Interactive\\Football Manager 2010”
“SaveDir”=“c:\\Documents and Settings\\Ejer\\Dokumenter\\Sports Interactive\\Football Manager 2010\\”
“HistoryDir”=“c:\\Documents and Settings\\Ejer\\Skrivebord\\FM Genie Scout 10\\History Points”
“LangDB”=“c:\\Programmer\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat”
“LastSaveGame”=”“
“Language”=“English”
“LoadLangDB”=dword:00000001
“CompressHistoryPoints”=dword:00000000
“HighlightedAttributes”=dword:00000000
“MinCondition”=dword:00000050
“GraphStep”=dword:00000000
“SkinName”=“Steklo Black”
“LastUpdateCheck”=dword:00000000
“HighQualityGUI”=dword:00000001
“AutomaticallyUpdateCheck”=dword:00000001
“AdvancedGeneration”=dword:00000000
“TranslateStaffSkills”=dword:00000001
“TranslatePlayerSkills”=dword:00000001
“TranslatePositions”=dword:00000001
“ShowHistory”=dword:00000001
“Version”=dword:0000006f
“UniqueID”=“A4-8200-E89F”
“Currency”=dword:00000056
“UseProxy”=dword:00000000
“ProxyHost”=”“
“ProxyPort”=”“
“UseAuthentication”=dword:00000000
“UserName”=”“
“UserPassword”=”“

[HKEY_USERS\S-1-5-21-350281380-233495102-1455855570-1003\Software\SecuROM\License information*]
“datasecu”=hex:e7,7e,c8,0b,f3,eb,40,30,2e,44,7d,20,34,f8,d6,43,0e,96,75,46,06,
  ec,c0,1d,ec,b1,e1,42,59,fe,2c,db,d2,db,bb,2c,80,03,73,cc,dd,2b,04,4d,75,3c,\
“rkeysecu”=hex:87,2e,36,5a,a7,42,dd,fa,4a,11,86,00,72,29,d2,9a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
“scansk”=hex(0):df,73,e4,ac,59,90,f0,47,dc,ed,75,06,5a,df,35,68,93,ea,f7,1e,b6,
  e5,89,13,cf,48,0a,5f,72,d1,dd,96,7f,62,39,54,e3,01,14,66,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{637fda04-3907-4f94-9bb4-098764159708}]
@Denied: (Full) (Everyone)
“Model”=dword:000000bd
“Therad”=dword:00000023
“MData”=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7a820830-2965-4427-8bd9-a37c9afe64b1}]
@Denied: (Full) (Everyone)
“Model”=dword:00000121
“Therad”=dword:0000001d
“MData”=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
“scansk”=hex(0):c6,e2,d7,4a,4e,ce,f9,05,14,5d,0f,e6,ec,3c,05,e7,94,94,ed,18,6e,
  f9,f0,28,79,70,9f,71,17,c4,cb,1e,fb,0a,ca,08,6c,c2,b0,51,00,00,00,00,00,00,\
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘winlogon.exe’(1188)
c:\windows\system32\psqlpwd.dll
c:\programmer\Protector Suite QL\homefus2.dll
c:\programmer\Protector Suite QL\infra.dll
c:\programmer\Protector Suite QL\homepass.dll
c:\programmer\Protector Suite QL\bio.dll
c:\programmer\Protector Suite QL\remote.dll
c:\programmer\Protector Suite QL\crypto.dll
c:\programmer\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > ‘lsass.exe’(1244)
c:\windows\system32\psqlpwd.dll
c:\programmer\Protector Suite QL\homefus2.dll
c:\programmer\Protector Suite QL\infra.dll

- - - - - - - > ‘explorer.exe’(3260)
c:\programmer\Protector Suite QL\farchns.dll
c:\programmer\Protector Suite QL\infra.dll
c:\programmer\iTunes\iTunesMiniPlayer.dll
c:\programmer\iTunes\iTunesMiniPlayer.Resources\da.lproj\iTunesMiniPlayerLocalized.dll
c:\programmer\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msls31.dll
c:\programmer\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\programmer\Canon\IJPLM\IJPLMSVC.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\windows\system32\nvsvc32.exe
c:\programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programmer\TVersity\Media Server\MediaServer.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe
c:\programmer\Protector Suite QL\psqltray.exe
c:\documents and settings\Ejer\Skrivebord\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM_v5.17_Build5\IDM.5.17.5.Cracked-SuPeRGeNiUs\IEMonitor.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-04 12:58:00 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-09-04 10:57
ComboFix2.txt 2010-08-31 21:41

Pre-Kørsel: 22.582.734.848 byte ledig
Post-Kørsel: 22.467.330.048 byte ledig

- - End Of File - - 2D7AFF29666C993B417D85402D330B0C

    [ Ignorer ]   [ # 15 ]   
  Fromsej TeamSpywarefri
04.09.2010 15:49:47
Administrator
Avatar
Team Spywarefri
Antal indlæg: 54698

Det ser fornuftigt ud, er dit problem løst?

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

 
‹‹ Langsom opstart, og høj CPU-Brug under alm drift. internet virker ikke med exploren el G-Chrome, kan ikke opdatere antivirus.     Langsom opstart af programmer/et eller andet kører konstant på computeren.. ››
 
Om os | Kontakt os
Copyright © 2003-2010 Spywarefri - Alle rettigheder haves