Spywarefri Forum | trojansk hest PSW.Lineage.BVE, Generic8.OAH og Generic2

trojansk hest PSW.Lineage.BVE, Generic8.OAH og Generic2_c.BPMZ har infiltreret min computer

[ Ignorer ] Lars Troels
31.08.2010 16:13:36 Antal indlæg: 28	hej spywarefri, har i et bud på hvordan jeg kan blive af med disse trojanere? hvis en af jer har et øjeblik på et tidspunkt, vil jeg meget gerne følge et par instrukser. på forhånd mange tak. jeg har avg antivirus free, windows vista, windows firewall- og defender. mvh lars
[ Ignorer ] [ # 1 ] f-arn TeamSpywarefri
31.08.2010 16:37:30 Administrator Team Spywarefri Antal indlæg: 3474	Hej Genstart i “fejlsikret tilstand med netværk”. Hent og kør rkill: Prøv dem en af gangen, til en af dem virker. Rkill.com - http://download.bleepingcomputer.com/grinler/rkill.com Rkill.scr - http://download.bleepingcomputer.com/grinler/rkill.scr ——— Hent “Malwarebytes’ Anti-Malware” her eller her Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav “Fuld system skan” under fanebladet “skanner” Bagefter klik på “vis resultater”, tryk på “Fjern det valgte” gem loggen og send den herind sammen med en log fra DDS. Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind. OBS - DDS skal gemmes på computeren og ikke køres fra nettet Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator. NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 2 ] Lars Troels
31.08.2010 19:49:13 Antal indlæg: 28	her er malware-loggen: Malwarebytes’ Anti-Malware 1.46 http://www.malwarebytes.org Database version: 4514 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18943 31-08-2010 19:21:52 mbam-log-2010-08-31 (19-21-52).txt Skanningstype: Fuldstændig skanning (C:\\|D:\\|) Objekter skannet: 282832 Tid gået: 1 time(e), 34 minut(ter), 27 sekund(er) Hukommelses Processorer Inficeret: 0 Hukommelses Moduler Inficeret: 0 Registreringsdatabasenøgler Inficeret: 0 Registreringsdatabaseværdier Inficeret: 0 Registreringsdatabasedata Objekter Inficeret: 0 Inficerede Mapper: 1 Inficerede Filer: 15 Hukommelses Processorer Inficeret: (Ingen skadelige objekter blev fundet) Hukommelses Moduler Inficeret: (Ingen skadelige objekter blev fundet) Registreringsdatabasenøgler Inficeret: (Ingen skadelige objekter blev fundet) Registreringsdatabaseværdier Inficeret: (Ingen skadelige objekter blev fundet) Registreringsdatabasedata Objekter Inficeret: (Ingen skadelige objekter blev fundet) Inficerede Mapper: C:\Users\Lars\AppData\Local\temp\E_N4 (Worm.Autorun) -> Quarantined and deleted successfully. Inficerede Filer: C:\Users\Lars\AppData\Local\temp\E_N4\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully. C:\Users\Lars\AppData\Local\temp\E_N4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully. C:\Users\Lars\AppData\Local\temp\E_N4\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully. C:\Users\Lars\AppData\Local\temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully. C:\Users\Lars\AppData\Local\temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully. C:\Users\Lars\AppData\Local\temp\E_N4\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\403B0A\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully. C:\Windows\System32\403B0A\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully. C:\Windows\System32\403B0A\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully. C:\Windows\System32\403B0A\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully. C:\Windows\System32\403B0A\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully. C:\Windows\System32\403B0A\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\403B0A\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\Lars\AppData\Local\temp\E_N4\shell.fne (Worm.Autorun) -> Quarantined and deleted successfully. C:\Users\Lars\AppData\Local\temp\E_N4\spec.fne (Worm.Autorun) -> Quarantined and deleted successfully. Her er den første dds-log: DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Lars at 19:42:59,86 on 31-08-2010 Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.1013.559 [GMT 2:00] SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\helppane.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Lars\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=73&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=73&bd=Pavilion&pf=laptop uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Google Update] “c:\users\lars\appdata\local\google\update\GoogleUpdate.exe” /c uRun: [swg] “c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe” uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] “c:\program files\hp\quickplay\QPService.exe” mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [SunJavaUpdateSched] “c:\program files\common files\java\java update\jusched.exe” mRun: [EB6C91] c:\windows\system32\541810\EB6C91.EXE mRun: [Malwarebytes Anti-Malware (reboot)] “c:\program files\malwarebytes’ anti-malware\mbam.exe” /runcleanupscript StartupFolder: c:\users\lars\appdata\roaming\micros~1\windows\startm~1\programs\startup\eb6c91.lnk - c:\windows\system32\541810\EB6C91.EXE StartupFolder: c:\users\lars\appdata\roaming\micros~1\windows\startm~1\programs\startup\screen~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&ksporter; til Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki ... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: absalon.ku.dk Trusted Zone: danid.dk Trusted Zone: danskebank.dk\www Trusted Zone: mozillafirefox.com\www Trusted Zone: danid.dk DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: avgrsstx.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\lars\appdata\roaming\mozilla\firefox\profiles\o01kk7as.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://net.omk.dk/ FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll FF - plugin: c:\users\lars\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-16 243024] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-16 216400] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-16 29584] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136] S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S3 arusb_lh;300Mbps Wireless N USB Adapter driver;c:\windows\system32\drivers\arusb_lh.sys [2010-4-28 437760] S3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2010-4-30 1334784] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-7-16 430152] S3 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2007-10-31 30464] S4 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;“c:\program files\symantec\liveupdate\aluschedulersvc.exe”—> c:\program files\symantec\liveupdate\ALUSchedulerSvc.exe [?] =============== Created Last 30 ================ 2010-08-31 13:26:06 0 d——-w- c:\program files\CCleaner 2010-08-31 11:00:08 0 d—h—w- c:\windows\system32\541810 2010-08-31 11:00:08 0 d—h—w- c:\windows\system32\280825 2010-08-14 01:02:36 0 d-sh—w- c:\windows\system32\%APPDATA% 2010-08-13 21:36:59 1248768 ——a-w- c:\windows\system32\msxml3.dll 2010-08-13 21:36:56 302080 ——a-w- c:\windows\system32\drivers\srv.sys 2010-08-13 21:36:56 144896 ——a-w- c:\windows\system32\drivers\srv2.sys 2010-08-13 21:36:50 905088 ——a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-04 07:45:10 56 —-ha-w- c:\windows\system32\ezsidmv.dat ==================== Find3M ==================== 2010-08-31 15:11:46 144668 ——a-w- c:\windows\hpoins18.dat 2010-08-31 11:01:30 77202 ——a-w- c:\windows\system32\perfc006.dat 2010-08-31 11:01:30 463344 ——a-w- c:\windows\system32\perfh006.dat 2010-07-17 03:00:04 423656 ——a-w- c:\windows\system32\deployJava1.dll 2010-07-16 09:29:08 12536 ——a-w- c:\windows\system32\avgrsstx.dll 2010-07-16 09:29:06 243024 ——a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-16 09:28:49 216400 ——a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-26 06:05:49 916480 ——a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02:15 71680 ——a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02:15 109056 ——a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25:02 133632 ——a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37:03 2037760 ——a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31:29 36864 ——a-w- c:\windows\system32\rtutils.dll 2010-06-11 16:16:20 274944 ——a-w- c:\windows\system32\schannel.dll 2010-06-08 17:35:04 3548040 ——a-w- c:\windows\system32\ntoskrnl.exe 2010-06-08 17:35:03 3600768 ——a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-30 12:27:05 51200 ——a-w- c:\windows\inf\infpub.dat 2010-04-30 12:27:04 143360 ——a-w- c:\windows\inf\infstrng.dat 2010-04-30 12:24:12 86016 ——a-w- c:\windows\inf\infstor.dat 2009-12-04 09:06:21 665600 ——a-w- c:\windows\inf\drvindex.dat 2008-12-01 22:53:16 174 —sha-w- c:\program files\desktop.ini 2006-11-21 04:46:30 36364 ——a-w- c:\windows\inf\perflib\0406\perfd.dat 2006-11-21 04:46:30 36364 ——a-w- c:\windows\inf\perflib\0406\perfc.dat 2006-11-21 04:46:30 300302 ——a-w- c:\windows\inf\perflib\0406\perfi.dat 2006-11-21 04:46:30 300302 ——a-w- c:\windows\inf\perflib\0406\perfh.dat 2006-11-02 09:20:21 287440 ——a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ——a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ——a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ——a-w- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 19:46:15,43 =============== og den anden dds-log: - UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 17-08-2007 15:14:32 System Uptime: 31-08-2010 19:27:21 (0 hours ago) Motherboard: Hewlett-Packard \| \| 30C6 Processor: Genuine Intel(R) CPU T2130 @ 1.86GHz \| U1 \| 1862/mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 143 GiB total, 37,692 GiB free. D: is FIXED (NTFS) - 6 GiB total, 1,454 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Reader 8.1.5 - Dansk AIO_CDA_ProductContext AIO_CDA_Software AIO_Scan Apple Mobile Device Support Apple Software Update APPUSB300 Wireless N Client Utility Installation Program Audacity 1.2.6 AVG Free 9.0 BufferChm C3100 c3100_Help CCleaner Conexant HD Audio Copy CustomerResearchQFolder Destinations DeviceManagementQFolder Digital Signatur DocProc DocProcQFolder ESU for Microsoft Vista eSupportQFolder Fax Gads Bogskab Gads Spansk Small/Medium Google Earth Google Toolbar for Internet Explorer Google Update Helper Gyldendals Spanske Ordbøger HDAUDIO Soft Data Fax Modem with SmartCP Hewlett-Packard Active Check Hewlett-Packard Asset Agent Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Active Support Library 32 bit components HP Customer Experience Enhancements HP Customer Participation Program 8.0 HP Doc Viewer HP DVD Play 3.2 HP Easy Setup - Frontend HP Help and Support HP Imaging Device Functions 8.0 HP OCR Software 8.0 HP Photosmart Essential HP Photosmart Essential 2.0 HP Photosmart Essential2.5 HP Photosmart.All-In-One Driver Software 8.0 .A HP Quick Launch Buttons 6.20 D3 HP Solution Center 8.0 HP Update HP User Guides 0079 HP Wireless Assistant HPProductAssistant HPSSupply Intel(R) Graphics Media Accelerator Driver Java Auto Updater Java(TM) 6 Update 2 Java(TM) 6 Update 21 Java(TM) 6 Update 3 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 KB408682 LightScribe 1.4.136.1 Malwarebytes’ Anti-Malware MarketResearch Microsoft .NET Framework 3.5 Language Pack SP1 - dan Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (Danish) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (Danish) 2007 Microsoft Office PowerPoint MUI (Danish) 2007 Microsoft Office Proof (Danish) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Danish) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (Danish) 2007 Microsoft Office Word MUI (Danish) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Mozilla Firefox (3.0.13) MSCU for Microsoft Vista MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OGA Notifier 2.0.0048.0 Opdatering til Microsoft Office Excel 2007 Help (KB963678) Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669) Opdatering til Microsoft Office Word 2007 Help (KB963665) OpenOffice.org Installer 1.0 Politikens Engelsk-Dansk Dansk-Engelsk Ordbog Politikens Tysk-Dansk Dansk-Tysk Ordbog PSSWCORE QuickTime RealPlayer Roxio Activation Module Scan Security Update for 2007 Microsoft Office System (KB2277947) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2251419) Shop for HP Supplies Skype Toolbars Skype™ 4.2 SolutionCenter Spansk Small/Medium Spelling Dictionaries Support For Adobe Reader 8 Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk Status Synaptics Pointing Device Driver Toolbox TP-LINK Wireless Client Utility TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) VideoLAN VLC media player 0.8.6c Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebReg Windows Live Messenger Windows Media Player Firefox Plugin WinRAR arkivering ==== End Of File ===========================
[ Ignorer ] [ # 3 ] Magic Emeritus
01.09.2010 03:34:07 Administrator Supporter Emeritus Antal indlæg: 29174	Hent Combofix, og gem den på dit skrivebord: ComboFix Luk alle andre vinduer ned. Kør så combofix.exe, og følg anvisningerne. Når du får denne besked: http://img.photobucket.com/albums/v666/sUBs/RC_update.png Svarer du enten Ja eller Nej. Det er tilrådeligt at du siger Ja. Uanset hvad du svarer, har det ingen indflydelse på combofix scanningen. Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix txt Indholdet af denne fil må du gerne lægge herind Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.
[ Ignorer ] [ # 4 ] Lars Troels
01.09.2010 09:35:40 Antal indlæg: 28	her er combofix-loggen: ComboFix 10-08-31.01 - Lars 01-09-2010 8:53.7.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.1013.296 [GMT 2:00] Kører fra: c:\users\Lars\Desktop\ComboFix.exe SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Lars\AppData\Local\Temp\E_N4 c:\users\Lars\AppData\Local\Temp\E_N4\cnvpe.fne c:\users\Lars\AppData\Local\Temp\E_N4\dp1.fne c:\users\Lars\AppData\Local\Temp\E_N4\eAPI.fne c:\users\Lars\AppData\Local\Temp\E_N4\HtmlView.fne c:\users\Lars\AppData\Local\Temp\E_N4\internet.fne c:\users\Lars\AppData\Local\Temp\E_N4\krnln.fnr c:\users\Lars\AppData\Local\Temp\E_N4\shell.fne c:\users\Lars\AppData\Local\Temp\E_N4\spec.fne c:\windows\system32\%appdata% c:\windows\system32\280825 c:\windows\system32\280825\5b5eaea1.txt c:\windows\system32\541810 c:\windows\system32\541810\EB6C91.EXE . ((((((((((((((((((((((((((((( Filer skabt fra 2010-08-01 til 2010-09-01 ))))))))))))))))))))))))))))))))))) . 2010-09-01 07:07 . 2010-09-01 07:07 ———— d——-w- c:\users\Public\AppData\Local\temp 2010-09-01 07:07 . 2010-09-01 07:07 ———— d——-w- c:\users\Default\AppData\Local\temp 2010-08-31 13:26 . 2010-08-31 13:26 ———— d——-w- c:\program files\CCleaner 2010-08-13 21:36 . 2010-06-11 16:15 1248768 ——a-w- c:\windows\system32\msxml3.dll 2010-08-13 21:36 . 2010-06-18 15:04 302080 ——a-w- c:\windows\system32\drivers\srv.sys 2010-08-13 21:36 . 2010-06-18 15:04 144896 ——a-w- c:\windows\system32\drivers\srv2.sys 2010-08-13 21:36 . 2010-06-16 16:04 905088 ——a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-04 07:45 . 2010-08-04 07:45 56 —-ha-w- c:\windows\system32\ezsidmv.dat 2010-08-04 07:42 . 2010-08-04 07:42 ———— d——-w- c:\program files\Common Files\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-31 21:51 . 2010-03-19 11:26 0 ——a-w- c:\users\Lars\AppData\Local\prvlcl.dat 2010-08-31 15:11 . 2007-08-17 18:06 144668 ——a-w- c:\windows\hpoins18.dat 2010-08-31 12:33 . 2010-02-23 08:34 ———— d——-w- c:\programdata\avg9 2010-08-31 11:01 . 2006-11-21 04:49 77202 ——a-w- c:\windows\system32\perfc006.dat 2010-08-31 11:01 . 2006-11-21 04:49 463344 ——a-w- c:\windows\system32\perfh006.dat 2010-08-26 17:43 . 2007-08-17 15:56 77584 ——a-w- c:\users\Lars\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-26 15:36 . 2007-10-07 10:09 ———— d——-w- c:\users\Lars\AppData\Roaming\Politiken 2010-08-26 15:32 . 2007-10-07 10:08 ———— d——-w- c:\program files\Polob32 2010-08-14 09:50 . 2008-02-12 19:17 ———— d——-w- c:\users\Lars\AppData\Roaming\Skype 2010-08-14 09:40 . 2008-02-12 19:19 ———— d——-w- c:\users\Lars\AppData\Roaming\skypePM 2010-08-14 01:04 . 2007-10-06 08:49 ———— d——-w- c:\programdata\Microsoft Help 2010-08-14 01:03 . 2006-11-02 11:18 ———— d——-w- c:\program files\Windows Mail 2010-08-04 16:51 . 2007-05-19 05:56 ———— d——-w- c:\program files\Common Files\Java 2010-08-04 16:51 . 2007-05-19 05:56 ———— d——-w- c:\program files\Java 2010-08-04 07:43 . 2008-02-12 19:15 ———— d——-r- c:\program files\Skype 2010-08-04 07:42 . 2008-02-12 19:15 ———— d——-w- c:\programdata\Skype 2010-07-17 03:00 . 2010-05-10 11:10 423656 ——a-w- c:\windows\system32\deployJava1.dll 2010-07-16 09:35 . 2010-07-16 09:28 ———— d——-w- c:\programdata\AVG Security Toolbar 2010-07-16 09:29 . 2010-07-16 09:29 12536 ——a-w- c:\windows\system32\avgrsstx.dll 2010-07-16 09:29 . 2010-07-16 09:29 243024 ——a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-16 09:28 . 2010-07-16 09:28 216400 ——a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-16 09:28 . 2010-07-16 09:28 29584 ——a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-07-15 18:07 . 2010-06-15 09:56 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware 2010-07-14 10:34 . 2007-05-19 05:05 ———— d——-w- c:\program files\Common Files\Symantec Shared 2010-06-26 06:05 . 2010-08-13 21:37 916480 ——a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-13 21:37 109056 ——a-w- c:\windows\system32\iesysprep.dll 2010-06-26 06:02 . 2010-08-13 21:37 71680 ——a-w- c:\windows\system32\iesetup.dll 2010-06-26 04:25 . 2010-08-13 21:37 133632 ——a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-13 21:37 2037760 ——a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-13 21:37 36864 ——a-w- c:\windows\system32\rtutils.dll 2010-06-11 16:16 . 2010-08-13 21:37 274944 ——a-w- c:\windows\system32\schannel.dll 2010-06-08 17:35 . 2010-08-13 21:37 3548040 ——a-w- c:\windows\system32\ntoskrnl.exe 2010-06-08 17:35 . 2010-08-13 21:37 3600768 ——a-w- c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] “{A3BC75A2-1F87-4686-AA43-5347D756017C}”= “c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll” [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 08:25 2117704 ——a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll” [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920] “ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-19 125952] “Google Update”=“c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe” [2009-04-07 133104] “swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-03-30 39408] “WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2008-01-19 1008184] “IgfxTray”=“c:\windows\system32\igfxtray.exe” [2007-01-31 131072] “HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2007-01-31 151552] “Persistence”=“c:\windows\system32\igfxpers.exe” [2007-01-31 126976] “SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-01-13 827392] “QPService”=“c:\program files\HP\QuickPlay\QPService.exe” [2007-03-28 176128] “QlbCtrl”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-03-06 180224] “HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2007-03-12 50696] “hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-03-01 472776] “WAWifiMessage”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-10 317128] “AVG9_TRAY”=“c:\progra~1\AVG\AVG9\avgtray.exe” [2010-07-16 2065760] “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-05-14 248552] “EB6C91”=“c:\windows\system32\541810\EB6C91.EXE” [BU] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “EnableLUA”= 0 (0x0) “EnableUIADesktopToggle”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @=“Service” [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] “VistaSp2”=hex(b):16,60,79,fe,6f,73,ca,01 R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664] R3 arusb_lh;300Mbps Wireless N USB Adapter driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-07-24 437760] R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2009-07-08 1334784] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152] R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2007-10-31 30464] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-22 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Indhold af mappen ‘Planlagte Opgaver’ 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 07:38] 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 07:38] 2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049425037-700741312-2507498314-1000Core.job - c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-07 10:12] 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049425037-700741312-2507498314-1000UA.job - c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-07 10:12] 2010-08-31 c:\windows\Tasks\WebReg Photosmart C3100 series.job - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2006-12-10 19:36] . . ———- Yderligere scanning———- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=73&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=73&bd=Pavilion&pf=laptop IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: absalon.ku.dk Trusted Zone: danid.dk Trusted Zone: danskebank.dk\www Trusted Zone: mozillafirefox.com\www Trusted Zone: danid.dk Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\o01kk7as.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://net.omk.dk/ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\users\Lars\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************ scanner skjulte processer ... scanner skjulte autostarter ... scanner skjulte filer ... scanning gennemført med succes skjulte filer: ********************************************************************** . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . ————————————Andre kørende processer———————————— . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\conime.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\AVG\AVG9\avgtray.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\windows\system32\wbem\unsecapp.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************ . Gennemført tid: 2010-09-01 09:27:48 - maskinen blev genstartet ComboFix-quarantined-files.txt 2010-09-01 07:27 ComboFix2.txt 2010-07-15 20:51 ComboFix3.txt 2010-06-17 16:00 Pre-Kørsel: 39.567.560.704 byte ledig Post-Kørsel: 39.525.203.968 byte ledig - - End Of File - - 6A1ED08002F5C7B5E9EF6FB2E694BE68
[ Ignorer ] [ # 5 ] Fromsej TeamSpywarefri
01.09.2010 19:23:12 Administrator Team Spywarefri Antal indlæg: 54698	Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind: Killall:: Snapshot:: Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “EB6C91”=- klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet. Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen. http://www.fromsej.saknet.dk/billeder/swfcombo.gif Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Kopier den fremkomne log herind. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 6 ] Lars Troels
01.09.2010 20:45:28 Antal indlæg: 28	her er loggen: ComboFix 10-09-01.02 - Lars 01-09-2010 19:38:44.8.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.1013.182 [GMT 2:00] Kører fra: c:\users\Lars\Downloads\ComboFix.exe Kommandoer benyttet :: c:\users\Lars\Downloads\CFScript.txt.txt SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . ———-\Service_usnjsvc ((((((((((((((((((((((((((((( Filer skabt fra 2010-08-01 til 2010-09-01 ))))))))))))))))))))))))))))))))))) . 2010-09-01 17:52 . 2010-09-01 17:52 ———— d——-w- c:\users\Public\AppData\Local\temp 2010-09-01 17:52 . 2010-09-01 17:52 ———— d——-w- c:\users\Default\AppData\Local\temp 2010-08-31 13:26 . 2010-08-31 13:26 ———— d——-w- c:\program files\CCleaner 2010-08-13 21:36 . 2010-06-11 16:15 1248768 ——a-w- c:\windows\system32\msxml3.dll 2010-08-13 21:36 . 2010-06-18 15:04 302080 ——a-w- c:\windows\system32\drivers\srv.sys 2010-08-13 21:36 . 2010-06-18 15:04 144896 ——a-w- c:\windows\system32\drivers\srv2.sys 2010-08-13 21:36 . 2010-06-16 16:04 905088 ——a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-04 07:45 . 2010-08-04 07:45 56 —-ha-w- c:\windows\system32\ezsidmv.dat 2010-08-04 07:42 . 2010-08-04 07:42 ———— d——-w- c:\program files\Common Files\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-01 17:36 . 2010-03-19 11:26 0 ——a-w- c:\users\Lars\AppData\Local\prvlcl.dat 2010-09-01 09:42 . 2006-11-21 04:49 77202 ——a-w- c:\windows\system32\perfc006.dat 2010-09-01 09:42 . 2006-11-21 04:49 463344 ——a-w- c:\windows\system32\perfh006.dat 2010-08-31 15:11 . 2007-08-17 18:06 144668 ——a-w- c:\windows\hpoins18.dat 2010-08-31 12:33 . 2010-02-23 08:34 ———— d——-w- c:\programdata\avg9 2010-08-26 17:43 . 2007-08-17 15:56 77584 ——a-w- c:\users\Lars\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-26 15:36 . 2007-10-07 10:09 ———— d——-w- c:\users\Lars\AppData\Roaming\Politiken 2010-08-26 15:32 . 2007-10-07 10:08 ———— d——-w- c:\program files\Polob32 2010-08-14 09:50 . 2008-02-12 19:17 ———— d——-w- c:\users\Lars\AppData\Roaming\Skype 2010-08-14 09:40 . 2008-02-12 19:19 ———— d——-w- c:\users\Lars\AppData\Roaming\skypePM 2010-08-14 01:04 . 2007-10-06 08:49 ———— d——-w- c:\programdata\Microsoft Help 2010-08-14 01:03 . 2006-11-02 11:18 ———— d——-w- c:\program files\Windows Mail 2010-08-04 16:51 . 2007-05-19 05:56 ———— d——-w- c:\program files\Common Files\Java 2010-08-04 16:51 . 2007-05-19 05:56 ———— d——-w- c:\program files\Java 2010-08-04 07:43 . 2008-02-12 19:15 ———— d——-r- c:\program files\Skype 2010-08-04 07:42 . 2008-02-12 19:15 ———— d——-w- c:\programdata\Skype 2010-07-17 03:00 . 2010-05-10 11:10 423656 ——a-w- c:\windows\system32\deployJava1.dll 2010-07-16 09:35 . 2010-07-16 09:28 ———— d——-w- c:\programdata\AVG Security Toolbar 2010-07-16 09:29 . 2010-07-16 09:29 12536 ——a-w- c:\windows\system32\avgrsstx.dll 2010-07-16 09:29 . 2010-07-16 09:29 243024 ——a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-16 09:28 . 2010-07-16 09:28 216400 ——a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-16 09:28 . 2010-07-16 09:28 29584 ——a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-07-15 18:07 . 2010-06-15 09:56 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware 2010-07-14 10:34 . 2007-05-19 05:05 ———— d——-w- c:\program files\Common Files\Symantec Shared 2010-06-26 06:05 . 2010-08-13 21:37 916480 ——a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-13 21:37 109056 ——a-w- c:\windows\system32\iesysprep.dll 2010-06-26 06:02 . 2010-08-13 21:37 71680 ——a-w- c:\windows\system32\iesetup.dll 2010-06-26 04:25 . 2010-08-13 21:37 133632 ——a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-13 21:37 2037760 ——a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-13 21:37 36864 ——a-w- c:\windows\system32\rtutils.dll 2010-06-11 16:16 . 2010-08-13 21:37 274944 ——a-w- c:\windows\system32\schannel.dll 2010-06-10 20:28 . 2010-03-20 23:43 439816 ——a-w- c:\users\Lars\AppData\Roaming\Real\Update\setup3.10\setup.exe 2010-06-08 17:35 . 2010-08-13 21:37 3548040 ——a-w- c:\windows\system32\ntoskrnl.exe 2010-06-08 17:35 . 2010-08-13 21:37 3600768 ——a-w- c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] “{A3BC75A2-1F87-4686-AA43-5347D756017C}”= “c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll” [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 08:25 2117704 ——a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll” [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920] “ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-19 125952] “Google Update”=“c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe” [2009-04-07 133104] “swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-03-30 39408] “WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2008-01-19 1008184] “IgfxTray”=“c:\windows\system32\igfxtray.exe” [2007-01-31 131072] “HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2007-01-31 151552] “Persistence”=“c:\windows\system32\igfxpers.exe” [2007-01-31 126976] “SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-01-13 827392] “QPService”=“c:\program files\HP\QuickPlay\QPService.exe” [2007-03-28 176128] “QlbCtrl”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-03-06 180224] “HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2007-03-12 50696] “hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-03-01 472776] “WAWifiMessage”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-10 317128] “AVG9_TRAY”=“c:\progra~1\AVG\AVG9\avgtray.exe” [2010-07-16 2065760] “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-05-14 248552] “EB6C91”=“c:\windows\system32\541810\EB6C91.EXE” [BU] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “EnableLUA”= 0 (0x0) “EnableUIADesktopToggle”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @=“Service” [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] “VistaSp2”=hex(b):16,60,79,fe,6f,73,ca,01 R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664] R3 arusb_lh;300Mbps Wireless N USB Adapter driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-07-24 437760] R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2009-07-08 1334784] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152] R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2007-10-31 30464] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-22 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Indhold af mappen ‘Planlagte Opgaver’ 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 07:38] 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 07:38] 2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049425037-700741312-2507498314-1000Core.job - c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-07 10:12] 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049425037-700741312-2507498314-1000UA.job - c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-07 10:12] 2010-08-31 c:\windows\Tasks\WebReg Photosmart C3100 series.job - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2006-12-10 19:36] . . ———- Yderligere scanning———- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=73&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=73&bd=Pavilion&pf=laptop IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: absalon.ku.dk Trusted Zone: danid.dk Trusted Zone: danskebank.dk\www Trusted Zone: mozillafirefox.com\www Trusted Zone: danid.dk Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\o01kk7as.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://net.omk.dk/ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\users\Lars\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-01 20:24 Windows 6.0.6002 Service Pack 2 NTFS scanner skjulte processer ... scanner skjulte autostarter ... scanner skjulte filer ... scanning gennemført med succes skjulte filer: 0 ********************************************************************** . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . ————————————Andre kørende processer———————————— . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\conime.exe c:\program files\AVG\AVG9\avgtray.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\windows\system32\wbem\unsecapp.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe . ************************************************************************ . Gennemført tid: 2010-09-01 20:32:09 - maskinen blev genstartet ComboFix-quarantined-files.txt 2010-09-01 18:31 ComboFix2.txt 2010-09-01 07:27 ComboFix3.txt 2010-07-15 20:51 ComboFix4.txt 2010-06-17 16:00 Pre-Kørsel: 39.492.280.320 byte ledig Post-Kørsel: 39.005.626.368 byte ledig - - End Of File - - 5B09256CBA484F54DA35BB8466836EA6
[ Ignorer ] [ # 7 ] Fromsej TeamSpywarefri
02.09.2010 20:42:50 Administrator Team Spywarefri Antal indlæg: 54698	Det ser fint ud. Er problemet løst? Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 8 ] Lars Troels
02.09.2010 21:19:40 Antal indlæg: 28	det virker helt udmærket. mange tak og god weekend. jeg må anskaffe mig en af jeres gode antivirus-programmer.
[ Ignorer ] [ # 9 ] Peder TeamSpywarefri
03.09.2010 09:13:07 Redaktør Team Spywarefri Antal indlæg: 12994	Velbekomme Klik på START derefter Kør Skriv/kopier: Combofix /Uninstall i boxen, og klik OK. Bemærk mellemrum mellem X og /U, det skal være der. Ovennævnte procedure vil: Slette følgende: ComboFix og tilhørende filer og mapper. Nulstille uret indstillinger. Skjul filtypenavne, hvis det kræves. Skjule System / Skjulte filer, hvis det kræves. Du kan lige rydde op i systemgendannelsen, læs her hvordan. http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1 God fornøjelse Jeg lukker tråden, du er velkommen igen.